X-DNS-Prefetch-Control | off |
X-Frame-Options | SAMEORIGIN |
Strict-Transport-Security | max-age=31536000000; includeSubDomains |
X-Download-Options | noopen |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
X-Powered-By | unicorns to leprechauns |
Content-Security-Policy | default-src 'self'; script-src 'self' code.jquery.com cdn.socket.io 'unsafe-eval'; style-src 'self' ecc.network fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; object-src 'self'; media-src 'self'; child-src 'self' www.youtube.com |
X-Permitted-Cross-Domain-Policies | master-only |
Cache-Control | no-store, no-cache, must-revalidate, proxy-revalidate |
Pragma | no-cache |
Expires | -1 |
Surrogate-Control | no-store |
Accept-Ranges | bytes |
Last-Modified | Tue, 10 Oct 2017 05:47:11 GMT |
ETag | W/"3b36-15f04d29ad0" |
Content-Type | text/html; charset=UTF-8 |
Content-Length | 15158 |
set-cookie | connect.sid=s%3AnJvNyTl-f3BfzjvosOc6wm2QB8EVOSoj.bXQD87XEfZPURKPQgaR8ZcB8GYwLaYT9%2FLhB0OVl%2FfY; Path=/; HttpOnly |
Connection | keep-alive |