X-Backside-Transport | OK OK |
Connection | Keep-Alive |
Transfer-Encoding | chunked |
Access-Control-Allow-Origin | https://www.vinciconpenny.com |
Cache-Control | no-store, no-cache, must-revalidate, proxy-revalidate |
Content-Encoding | gzip |
Content-Security-Policy | default-src 'self' *.vinciconpenny.com *.onesignal.com onesignal.com *.google.com *.serving-sys.com *.fls.doubleclick.net *.adform.net; script-src 'self' 'unsafe-inline' *.google.com *.fontawesome.com *.google-analytics.com *.onesignal.com *.facebook.net *.vinciconpenny.com *.gstatic.com *.jquery.com *.googleapis.com *.cloudflare.com *.rawgit.com *.bootstrapcdn.com unpkg.com *.unpkg.com *.serving-sys.com *.bs.serving-sys.com *.fls.doubleclick.net *.adform.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.onesignal.com *.vinciconpenny.com *.googleapis.com *.bootstrapcdn.com unpkg.com *.unpkg.com; font-src 'self' applesocial.s3.amazonaws.com *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.vinciconpenny.com *.bootstrapcdn.com; img-src 'self' *.eu-central-1.amazonaws.com data: *.google-analytics.com *.google.com *.facebook.com stats.g.doubleclick.net *.vinciconpenny.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-top-navigation; report-uri /report-violation; object-src 'none'; upgrade-insecure-requests |
Content-Type | text/html |
Etag | W/"22f0-15d1ca0b340" |
Expires | 0 |
Last-Modified | Fri, 07 Jul 2017 10:38:00 GMT |
Pragma | no-cache |
Strict-Transport-Security | max-age=10886400; includeSubDomains; preload |
Surrogate-Control | no-store |
Vary | Origin, Accept-Encoding |
X-Content-Security-Policy | default-src 'self' *.vinciconpenny.com *.onesignal.com onesignal.com *.google.com *.serving-sys.com *.fls.doubleclick.net *.adform.net; script-src 'self' 'unsafe-inline' *.google.com *.fontawesome.com *.google-analytics.com *.onesignal.com *.facebook.net *.vinciconpenny.com *.gstatic.com *.jquery.com *.googleapis.com *.cloudflare.com *.rawgit.com *.bootstrapcdn.com unpkg.com *.unpkg.com *.serving-sys.com *.bs.serving-sys.com *.fls.doubleclick.net *.adform.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.onesignal.com *.vinciconpenny.com *.googleapis.com *.bootstrapcdn.com unpkg.com *.unpkg.com; font-src 'self' applesocial.s3.amazonaws.com *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.vinciconpenny.com *.bootstrapcdn.com; img-src 'self' *.eu-central-1.amazonaws.com data: *.google-analytics.com *.google.com *.facebook.com stats.g.doubleclick.net *.vinciconpenny.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-top-navigation; report-uri /report-violation; object-src 'none'; upgrade-insecure-requests |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | SAMEORIGIN |
X-Webkit-Csp | default-src 'self' *.vinciconpenny.com *.onesignal.com onesignal.com *.google.com *.serving-sys.com *.fls.doubleclick.net *.adform.net; script-src 'self' 'unsafe-inline' *.google.com *.fontawesome.com *.google-analytics.com *.onesignal.com *.facebook.net *.vinciconpenny.com *.gstatic.com *.jquery.com *.googleapis.com *.cloudflare.com *.rawgit.com *.bootstrapcdn.com unpkg.com *.unpkg.com *.serving-sys.com *.bs.serving-sys.com *.fls.doubleclick.net *.adform.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.onesignal.com *.vinciconpenny.com *.googleapis.com *.bootstrapcdn.com unpkg.com *.unpkg.com; font-src 'self' applesocial.s3.amazonaws.com *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.vinciconpenny.com *.bootstrapcdn.com; img-src 'self' *.eu-central-1.amazonaws.com data: *.google-analytics.com *.google.com *.facebook.com stats.g.doubleclick.net *.vinciconpenny.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-top-navigation; report-uri /report-violation; object-src 'none'; upgrade-insecure-requests |
X-Xss-Protection | 1; mode=block |
X-Global-Transaction-ID | 4047173945 |