Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net graph.facebook.com www.googletagmanager.com www.google-analytics.com script.crazyegg.com s3.amazonaws.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: blob: 123wish.s3.amazonaws.com seal.godaddy.com *.xx.fbcdn.net www.facebook.com www.google-analytics.com stats.g.doubleclick.net gtrk.s3.amazonaws.com s3.amazonaws.com; connect-src 'self' www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com; object-src 'none'; media-src 'self' data: 123wish.s3.amazonaws.com; child-src 'self' www.youtube.com staticxx.facebook.com; form-action 'self'; frame-ancestors 'none' |
X-DNS-Prefetch-Control | off |
X-Frame-Options | DENY |
X-Download-Options | noopen |
X-Content-Type-Options | nosniff |
Referrer-Policy | unsafe-url |
X-XSS-Protection | 1; mode=block |
Cache-Control | no-cache, must-revalidate |
Accept-Ranges | bytes |
Last-Modified | Fri, 09 Mar 2018 19:49:17 GMT |
ETag | W/"100b-1620c4f7648" |
Vary | Accept-Encoding |
Content-Encoding | gzip |