HiddenServer | BatMan |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
X-Powered-By | PHP/5.6.12 |
Vary | Accept-Encoding, Accept-Encoding, Cookie |
Cache-Control | max-age=3, must-revalidate |
X-Frame-Options | SAMEORIGIN |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | default-src 'self' *.bloomerapp.com *.google.com *.addthis.com data: blob:;img-src 'self' bloomerapp.com *.bloomerapp.com s.w.org *.intercomcdn.com *.intercomassets.com https://d13hbwpwdbsfe9.cloudfront.net *.picdn.net http://*.picdn.net *.pinimg.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;script-src bloomerapp.com *.bloomerapp.com www.youtube.com www.youtube.co s.ytimg.com script.crazyegg.com www.googletagmanager.com *.intercom.io *.addthis.com js.intercomcdn.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src 'self' *.bloomerapp.com *.addthis.com *.intercom.io *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com wss://*.intercom.io ws://localhost:* blob: *.cdninstagram.com;child-src 'self' https://*.facebook.com *.addthis.com https://*.youtube.com data: blob:;font-src 'self' *.intercomcdn.com fonts.gstatic.com data: blob: |
Access-Control-Allow-Origin | *.bloomerapp.com |
Access-Control-Allow-Credentials | true |
Access-Control-Allow-Methods | GET, POST, OPTIONS |
Access-Control-Allow-Headers | DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type |
Access-Control-Max-Age | 1728000 |
Strict-Transport-Security | max-age=31536000;includeSubdomains;preload |
Content-Encoding | gzip |