Server | Apache/2 |
X-Frame-Options | SAMEORIGIN |
Upgrade | h2,h2c |
Connection | Upgrade, Keep-Alive |
Vary | Accept-Encoding,Cookie,User-Agent |
Cache-Control | max-age=3, must-revalidate |
Content-Encoding | gzip |
Last-Modified | Fri, 23 Feb 2018 17:00:04 GMT |
Content-Security-Policy | default-src https 'self'; media-src *.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.tawk.to *.jsdelivr.net *.polyfill.io; connect-src 'self' *.tawk.to wss://*.tawk.to *.google-analytics.com *.doubleclick.net; img-src 'self' data: *.gravatar.com *.gstatic.com *.google.com *.googleapis.com *.w.org *.google-analytics.com *.tawk.to *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.jsdelivr.net; font-src 'self' data: *.googleapis.com *.gstatic.com *.tawk.to; frame-src 'self' *.youtube.com *.google.com *.google.nl *.tawk.to; frame-ancestors 'self' *.youtube.com *.google.com *.google.nl *.tawk.to; base-uri 'self'; form-action 'self' *.tawk.to; object-src 'none'; |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Keep-Alive | timeout=0, max=100 |
Content-Type | text/html; charset=UTF-8 |