X-Powered-By | Express |
Content-Security-Policy | default-src 'self';script-src 'self' 'unsafe-eval' ajax.googleapis.com cdn.mxpnl.com certsimple.com js.stripe.com netdna.bootstrapcdn.com platform.twitter.com syndication.twitter.com use.typekit.net;img-src 'self' certsimple.com data: p.typekit.net pbs.twimg.com platform.twitter.com q.stripe.com s.gravatar.com syndication.twitter.com;frame-src js.stripe.com platform.twitter.com syndication.twitter.com;font-src data: fonts.googleapis.com fonts.gstatic.com netdna.bootstrapcdn.com use.typekit.net;connect-src 'self' api.mixpanel.com api.stripe.com certsimple.com;style-src 'self' 'unsafe-inline' certsimple.com fonts.googleapis.com netdna.bootstrapcdn.com platform.twitter.com use.typekit.net;report-uri https://test.report-uri.io/report/f74857093be8887f60065432124156cb |
Access-Control-Allow-Origin | * |
Content-Type | text/html; charset=utf-8 |
ETag | W/"de1-sXYfaL8w8DlmeUR7PHNpSg" |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Connection | close |
Transfer-Encoding | chunked |
Strict-Transport-Security | max-age=86400; includeSubdomains, max-age=15768000 |