Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Expires | Mon, 26 Jul 1997 05:00:00 GMT |
Pragma | no-cache |
Cache-control | private |
X-XSS-Protection | 1; mode=block |
X-Frame-Options | DENY |
P3P | policyref="https://badoo.com/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA" |
Content-Security-Policy | default-src 'self' *.badoo.com badoocdn.com *.badoocdn.com *.api.here.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' badoocdn.com *.badoocdn.com *.googleapis.com maps.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru ssl.google-analytics.com *.api.here.com; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' badoocdn.com *.badoocdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; frame-src *; report-uri /jss/csp_report.phtml |
Content-Encoding | gzip |