Server | Apache |
X-Frame-Options | DENY |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Permitted-Cross-Domain-Policies | none |
X-DNS-Prefetch-Control | on |
Strict-Transport-Security | max-age=7776000; includeSubDomains; preload |
X-UA-Compatible | IE=edge,chrome=1 |
Public-Key-Pins | pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; max-age=3600; includeSubDomains; report-uri="https://booches.report-uri.com/r/d/hpkp/enforce" |
Content-Security-Policy | default-src 'self'; script-src 'self' 'inline' https://www.google-analytics.com; style-src 'self' ; img-src 'self' data: https://secure.gravatar.com; connect-src 'self' https://syndication.twitter.com https://api.viglink.com; font-src 'self' data:; report-uri https://booches.report-uri.com/r/d/csp/enforce |
Referrer-Policy | strict-origin-when-cross-origin |
Expect-CT | max-age=3600, enforce, report-uri="https://booches.report-uri.com/r/d/ct/enforce" |
Transfer-Encoding | chunked |
Content-Type | text/html; charset=UTF-8 |
X-TransIP-Backend | web298 |
X-TransIP-Balancer | lb1 |
Content-Encoding | gzip |