Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Expires | Sun, 19 Nov 1978 05:00:00 GMT |
Cache-Control | no-cache, must-revalidate |
Content-Security-Policy-Report-Only | default-src 'self' 'unsafe-inline' *.google-analytics.com; script-src 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.webspellchecker.net *.googleapis.com *.jquery.com *.addtoany.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; object-src 'unsafe-inline' 91.121.113.128:8088 *.bankofjordansyria.com; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com 91.121.113.128:8088 *.bankofjordansyria.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.addtoany.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; report-uri /admin/config/system/seckit/csp-report |
X-Content-Security-Policy-Report-Only | default-src 'self' 'unsafe-inline' *.google-analytics.com; script-src 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.webspellchecker.net *.googleapis.com *.jquery.com *.addtoany.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; object-src 'unsafe-inline' 91.121.113.128:8088 *.bankofjordansyria.com; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com 91.121.113.128:8088 *.bankofjordansyria.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.addtoany.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; report-uri /admin/config/system/seckit/csp-report |
X-WebKit-CSP-Report-Only | default-src 'self' 'unsafe-inline' *.google-analytics.com; script-src 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.webspellchecker.net *.googleapis.com *.jquery.com *.addtoany.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; object-src 'unsafe-inline' 91.121.113.128:8088 *.bankofjordansyria.com; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com 91.121.113.128:8088 *.bankofjordansyria.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.addtoany.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.dot.jo 91.121.113.128:8088 *.bankofjordansyria.com; report-uri /admin/config/system/seckit/csp-report |
From-Origin | same |
Content-Language | en |
X-UA-Compatible | IE=edge,chrome=1 |
X-Frame-Options | SameOrigin, SAMEORIGIN |
X-Content-Type-Options | nosniff, nosniff |
X-XSS-Protection | 1; mode=block |
Content-Encoding | gzip |