Connection | keep-alive |
Content-Length | 10701 |
Content-Security-Policy | default-src https://*.cyrating.com https://cyrating.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com/ https://*.cyrating.com https://cyrating.com https://code.getmdl.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.cyrating.com https://cyrating.com; img-src 'self' data: https://www.google-analytics.com/ https://*.cyrating.com https://cyrating.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://*.cyrating.com https://cyrating.com; connect-src 'self' https://*.cyrating.com https://cyrating.com; media-src 'self' https://*.cyrating.com https://cyrating.com; object-src 'none'; child-src 'self'; frame-src 'self' https://docs.google.com/; worker-src 'none'; frame-ancestors 'none'; form-action 'self' https://docs.google.com https://*.cyrating.com https://cyrating.com; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-popups allow-same-origin allow-scripts; reflected-xss filter; base-uri https://*.cyrating.com https://cyrating.com; manifest-src 'self' https://*.cyrating.com https://cyrating.com; referrer no-referrer-when-downgrade; report-uri https://cyrating.report-uri.io/r/default/csp/enforce; require-sri-for script; |
Content-Type | text/html |
Expect-CT | enforce; max-age=30; report-uri=https://cyrating.report-uri.io/r/default/ct/enforce |
Last-Modified | Fri, 19 Jan 2018 19:19:00 GMT |
Referrer-Policy | no-referrer-when-downgrade |
Server | CYRATING |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-XSS-Protection | 1; mode=block |