Server | nginx |
Content-Type | text/html; charset=windows-1251 |
Connection | keep-alive |
X-Powered-By | PHP/5.4.41 |
Expires | Sat, 03 Aug 2013 00:00:00 GMT |
Pragma | no-cache |
Last-Modified | Tue, 03 Nov 2015 13:35:26 GMT |
Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
Content-Encoding | gzip |
Vary | Accept-Encoding |
X-Frame-Options | DENY, DENY |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | report-uri //csp.merlion.ru:8080/report/963066156255080967/buro/; connect-src 'self' https://api-maps.yandex.ru https://clck.yandex.ru ; child-src 'none' ; font-src 'self' ; form-action https://api-maps.yandex.ru ; frame-ancestors 'none' ; frame-src 'self' ; img-src *.merlion.com *.merlion.ru 'self' api-maps.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net ; media-src 'self' ; object-src 'self' ; script-src 'self' *.google-analytics.com *.yandex.ru *.merlion.com https://api-maps.yandex.ru https://clck.yandex.ru ; style-src 'self' *.merlion.com 'unsafe-inline' ; default-src 'none' ; strict-mixed-content-checking; reflected-xss filter; referrer origin-when-cross-origin; |