Server | nginx |
Content-Type | text/html |
Transfer-Encoding | chunked |
Content-Security-Policy | default-src 'self'; script-src 'self' www.google-analytics.com www.googletagmanager.com 'nonce-xx/vMDu0M/G0UuaamvyRkNknk0Q3hEMZoOV/AnxZZ+gxM7S2'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.google-analytics.com; connect-src 'self' www.google-analytics.com; font-src 'self' fonts.gstatic.com; object-src 'none'; base-uri 'none'; block-all-mixed-content; report-uri https://cointap.report-uri.com/r/d/csp/enforce |
X-DNS-Prefetch-Control | off |
Expect-CT | enforce; max-age=86400; report-uri="https://cointap.report-uri.com/r/d/ct/enforce" |
X-Frame-Options | SAMEORIGIN |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
X-Download-Options | noopen |
X-Content-Type-Options | nosniff |
Referrer-Policy | origin |
X-XSS-Protection | 1; mode=block |
set-cookie | _csrf=VqBQmHoxomH5qgIprC0NFjHG; Path=/ |
ETag | "3564-9YwmJaLLjPxLAtb66vNOblY5KLg" |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Via | 1.1 google |
Expires | Fri, 12 Jan 2018 12:36:57 GMT |
Cache-Control | private |