Server | Apache/2.4.10 (Debian) |
Cache-Control | no-cache |
X-Frame-Options | SAMEORIGIN |
Content-Security-Policy | default-src 'self' 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com; img-src 'self' data: *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com; child-src www.youtube.com www.google.com; connect-src 'self' ws://www.chainside.net:3000 wss://www.chainside.net:3000; |
X-Content-Security-Policy | default-src 'self' 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com; img-src 'self' data: *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com; child-src www.youtube.com www.google.com; connect-src 'self' ws://www.chainside.net:3000 wss://www.chainside.net:3000; |
Strict-Transport-Security | max-age=31536000 |
Access-Control-Allow-Origin | self |
Access-Control-Max-Age | 10 |
Access-Control-Allow-Credentials | true |
Access-Control-Allow-Methods | GET, POST, PUT, PATCH, DELETE |
X-SecHeader | 2016.1 |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=UTF-8 |