Server | nginx |
Content-Type | text/html; charset=windows-1251 |
Connection | keep-alive |
X-Powered-By | PHP/5.4.41 |
Expires | Sat, 03 Aug 2013 00:00:00 GMT |
Pragma | no-cache |
Last-Modified | Wed, 04 Nov 2015 17:50:23 GMT |
Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
Content-Encoding | gzip |
Vary | Accept-Encoding |
X-Frame-Options | DENY, DENY |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | report-uri //csp.merlion.ru:8080/report/338053849758580111/digma/; connect-src 'self' https://mc.yandex.ru http://www.google-analytics.com ; child-src 'none' ; font-src http://fonts.gstatic.com 'self' ; form-action 'self' ; frame-ancestors 'none' ; frame-src https://youtube.com http://merlion.ru https://www.youtube.com http://www.youtube.com; img-src 'self' https://api-maps.yandex.ru http://img.merlion.ru https://vec01.maps.yandex.net https://vec03.maps.yandex.net https://vec04.maps.yandex.net https://vec02.maps.yandex.net http://yastatic.net http://support.ddix.ru https://yastatic.net http://www.google-analytics.com ; media-src 'none' ; object-src 'self' ; script-src 'self' https://api-maps.yandex.ru http://api-maps.yandex.ru https://mc.yandex.ru http://mc.yandex.ru http://support.ddix.ru https://clck.yandex.ru http://yastatic.net https://yastatic.net http://www.google-analytics.com ; style-src 'self' http://fonts.googleapis.com http://support.ddix.ru unsafe-inline 'unsafe-inline' ; default-src 'none' ; strict-mixed-content-checking; reflected-xss filter; referrer origin-when-cross-origin; |