Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Vary | Accept-Encoding, X-Requested-With |
X-Frame-Options | SAMEORIGIN |
Content-Security-Policy | connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com/; default-src 'self'; font-src 'self' data: https://slevomat.sgcdn.cz https://themes.googleusercontent.com https://*.gstatic.com https://cdn.livechatinc.com; form-action 'self'; frame-ancestors 'self'; frame-src *; img-src data: *; object-src 'self' https://slevomat.sgcdn.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://slevomat.sgcdn.cz https://maps.gstatic.com https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleadservices.com https://*.visualwebsiteoptimizer.com https://*.livechatinc.com https://*.leady.cz https://*.performax.cz https://*.rival.cz https://muj.skrz.cz; style-src 'self' 'unsafe-inline' https://slevomat.sgcdn.cz https://*.google.com https://*.googleapis.com; report-uri /csplog |
Pragma | no-cache |
ETag | W/"8eea92d4edc5f21db50d6c16d192d62a6b0de5f9" |
Cache-Control | no-cache, must-revalidate |
X-Hostname | cvachtova.stable.cz |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
Public-Key-Pins | pin-sha256="vIEVkD7QImDsQo4REPvveP1xL9HH0HiJJ+0OXXX4Up8="; pin-sha256="MWTPZAJF2eO1KjyzWgBoLySyx9pzisLV0j6KN2lzwPw="; max-age=31536000; includeSubDomains; report-uri="/pkplog" |
X-XSS-Protection | 1; mode=block; report=/xsslog |
Content-Encoding | gzip |