Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
ETag | W/"9a9dd3d40856be1a7fe6c7cce1e221af" |
Cache-Control | max-age=0, private, must-revalidate |
X-Request-Id | 067c6c34-45da-437c-85d3-20c4c273b0f0 |
X-Runtime | 0.009870 |
Content-Security-Policy-Report-Only | default-src 'none'; block-all-mixed-content; child-src 'self' checkout.stripe.com js.stripe.com; connect-src 'self' wss://ebertapp.io *.intercom.io api.mixpanel.com api.segment.io wss://*.intercom.io checkout.stripe.com; font-src js.intercomcdn.com; form-action 'self'; img-src 'self' assets.ebertapp.io *.gravatar.com data: t.co js.intercomcdn.com static.intercomassets.com avatars.githubusercontent.com q.stripe.com; media-src 'self' js.intercomcdn.com; object-src 'none'; script-src 'unsafe-inline' assets.ebertapp.io widget.intercom.io js.intercomcdn.com cdn.segment.com static.ads-twitter.com analytics.twitter.com cdn.mxpnl.com checkout.stripe.com js.stripe.com scripts.kissmetrics.com; style-src 'unsafe-inline' assets.ebertapp.io; report-uri https://ebertapp.report-uri.io/r/default/csp/reportOnly |
Strict-Transport-Security | max-age=631138519 |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | sameorigin |
X-Permitted-Cross-Domain-Policies | none |
X-XSS-Protection | 1; mode=block |
Content-Encoding | gzip |