Connection | keep-alive |
Server | gunicorn/19.7.1 |
Cache-Control | max-age=300, private |
Content-Type | text/html; charset=utf-8 |
X-Content-Type-Options | nosniff |
Referrer-Policy | same-origin |
Content-Encoding | gzip |
Content-Security-Policy | object-src 'none'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: dr6wcybhxxu9c.cloudfront.net cdnjs.cloudflare.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' dr6wcybhxxu9c.cloudfront.net cdnjs.cloudflare.com www.google-analytics.com; base-uri 'self' ; default-src 'none'; form-action 'self'; frame-ancestors 'none'; media-src 'none'; img-src 'self' data: dr6wcybhxxu9c.cloudfront.net cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: cdnjs.cloudflare.com fonts.google.com fonts.gstatic.com; report-uri /reportCSPViolation |
X-Xss-Protection | 1; mode=block |
Expect-Ct | max-age=0; report-uri=/reportExpectCT |
Vary | Cookie, Accept-Encoding |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Frame-Options | DENY |
Via | 1.1 vegur |