Content-Encoding | gzip |
Content-Security-Policy-Report-Only | default-src 'none'; child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org www.fullstory.com 'nonce-1c019c7b-ab30-4de9-a946-d19d76565e77'; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation |
Content-Type | text/html; charset=utf-8 |
ETag | W/"b0e6-iRp3YTkR1qMhZj0D/OL+GinL+MU" |
set-cookie | connect.sid=s%3AqXgo3faApaClYUmW7UFsqhEOIeXURkY2.1rL%2FWsgRAdDIJ0tIFq8xK%2FXCOcmImCv1vbrUiVcHWJM; Path=/; HttpOnly; Secure |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-DNS-Prefetch-Control | off |
X-Download-Options | noopen |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
transfer-encoding | chunked |
Connection | keep-alive |