Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
content-security-policy | default-src 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com https://*.bootstrapcdn.com http://*.autoauctionmall.com https://*.autoauctionmall.com http://*.stripe.com https://*.stripe.com http://*.amazonaws.com https://*.amazonaws.com http://*.cloudfront.net https://*.cloudfront.net http://*.userlike.com https://*.userlike.com; script-src 'self' 'unsafe-inline' https://www.google.com/analytics https://cdn.mxpnl.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com https://*.bootstrapcdn.com http://*.autoauctionmall.com https://*.autoauctionmall.com http://*.stripe.com https://*.stripe.com http://*.amazonaws.com https://*.amazonaws.com http://*.cloudfront.net https://*.cloudfront.net http://*.userlike.com https://*.userlike.com 'unsafe-eval'; connect-src * 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com https://*.bootstrapcdn.com http://*.autoauctionmall.com https://*.autoauctionmall.com http://*.stripe.com https://*.stripe.com http://*.amazonaws.com https://*.amazonaws.com http://*.cloudfront.net https://*.cloudfront.net http://*.userlike.com https://*.userlike.com; img-src data: 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com https://*.bootstrapcdn.com http://*.autoauctionmall.com https://*.autoauctionmall.com http://*.stripe.com https://*.stripe.com http://*.amazonaws.com https://*.amazonaws.com http://*.cloudfront.net https://*.cloudfront.net http://*.userlike.com https://*.userlike.com; style-src 'self' 'unsafe-inline' https://www.google.com/analytics https://cdn.mxpnl.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com https://*.bootstrapcdn.com http://*.autoauctionmall.com https://*.autoauctionmall.com http://*.stripe.com https://*.stripe.com http://*.amazonaws.com https://*.amazonaws.com http://*.cloudfront.net https://*.cloudfront.net http://*.userlike.com https://*.userlike.com; font-src 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com https://*.bootstrapcdn.com http://*.autoauctionmall.com https://*.autoauctionmall.com http://*.stripe.com https://*.stripe.com http://*.amazonaws.com https://*.amazonaws.com http://*.cloudfront.net https://*.cloudfront.net http://*.userlike.com https://*.userlike.com data:; |
vary | Accept-Encoding |
content-encoding | gzip |
Strict-Transport-Security | max-age=63072000 |
X-Frame-Options | SAMEORIGIN, DENY |
X-Content-Type-Options | nosniff, nosniff |
Access-Control-Allow-Origin | * |
Access-Control-Allow-Methods | GET,POST,PUT,HEAD |