Cache-Control | private |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
Vary | Accept-Encoding |
Strict-Transport-Security | max-age=31536000 |
X-Frame-Options | SAMEORIGIN, SAMEORIGIN |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1;mode=block |
Content-Security-Policy | script-src 'self' www.googleadservices.com connect.facebook.net stats.g.doubleclick.net googleads.g.doubleclick.net stats.pusher.com ping.typekit.net p.typekit.net use.typekit.net www.google.com www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net 'unsafe-inline';img-src 'self' www.googleadservices.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net coinxstorage.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com az732725.vo.msecnd.net data:;object-src 'self' ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; |
X-Content-Security-Policy | script-src 'self' www.googleadservices.com connect.facebook.net stats.g.doubleclick.net googleads.g.doubleclick.net stats.pusher.com ping.typekit.net p.typekit.net use.typekit.net www.google.com www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net 'unsafe-inline';img-src 'self' www.googleadservices.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net coinxstorage.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com az732725.vo.msecnd.net data:;object-src 'self' ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; |
X-Webkit-CSP | script-src 'self' www.googleadservices.com connect.facebook.net stats.g.doubleclick.net googleads.g.doubleclick.net stats.pusher.com ping.typekit.net p.typekit.net use.typekit.net www.google.com www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net 'unsafe-inline';img-src 'self' www.googleadservices.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net coinxstorage.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com az732725.vo.msecnd.net data:;object-src 'self' ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; |
Access-Control-Allow-Origin | * |
X-Powered-By | ASP.NET |