Server | nginx |
Content-Type | text/html; charset=utf-8 |
Vary | Accept-Encoding |
Status | 200 OK |
X-Frame-Options | SAMEORIGIN |
Referrer-Policy | same-origin |
X-UA-Compatible | IE=Edge,chrome=1 |
ETag | W/"880f29009fca603bf4e356c9bc1e8690" |
Content-Security-Policy | default-src 'self' https: blob:; child-src *; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com app.link cdn.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io blob: webapi.amap.com restapi.amap.com *.inspectlet.com https: 'sha256-Gn3R3CfqodkNUs+C4gXoCllPFSnBVuhJSWkVuIlhYzc=' 'unsafe-inline' 'sha256-rfTud2kTm0UjtJ6PqxcrkglfrUD4H8WCcS9mCs6PJ5s=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=16407003-9bf4-4c18-a404-7392f41a77e2&version=cc9722f681e9c760cc628ecd278a2e4b7e8f987e |
Content-Security-Policy-Report-Only | default-src blob: *; connect-src blob: *; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; script-src 'self' 'unsafe-eval' webpack.localhost.airbnb.com jira.airbnb.biz googleads.g.doubleclick.net cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com maps.googleapis.com ajax.googleapis.com app.link cdn.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com ethn.io blob: webapi.amap.com restapi.amap.com *.inspectlet.com cdn.ampproject.org/v0.js cdn.ampproject.org/v0/ a.alipayobjects.com gw.alipayobjects.com static.agrant.com.cn t.agrantsem.com ditu.google.com *.muscache.cn *.muscache.com ss.musthird.cn www.google.com www.gstatic.com b92.yahoo.co.jp mc.yandex.ru wcs.naver.net 'sha256-Gn3R3CfqodkNUs+C4gXoCllPFSnBVuhJSWkVuIlhYzc=' 'unsafe-inline' 'sha256-rfTud2kTm0UjtJ6PqxcrkglfrUD4H8WCcS9mCs6PJ5s=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src * blob: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=true&req_uuid=16407003-9bf4-4c18-a404-7392f41a77e2&version=cc9722f681e9c760cc628ecd278a2e4b7e8f987e |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Encoding | gzip |
Strict-Transport-Security | max-age=10886400; includeSubdomains |
Cache-Control | public, max-age=1200 |
Transfer-Encoding | chunked |
Connection | keep-alive, Transfer-Encoding |