Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
x-content-type-options | nosniff |
content-security-policy | default-src 'none'; script-src 'self' https://www.google-analytics.com/ https://static.brokenhands.io https://cdn.jsdelivr.net/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/; style-src 'self' https://static.brokenhands.io/ https://maxcdn.bootstrapcdn.com/bootstrap/; img-src 'self' data: https://static.brokenhands.io https://www.google-analytics.com/; base-uri 'self'; require-sri-for script style; report-uri https://brokenhands.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; |
x-xss-protection | 1; mode=block |
x-frame-options | DENY |
referrer-policy | strict-origin-when-cross-origin |
Strict-Transport-Security | max-age=15724800; preload |
Content-Encoding | gzip |