| Server | BarorAdiance |
| Referrer-Policy | strict-origin-when-cross-origin |
| Strict-Transport-Security | max-age=31536000; preload |
| X-Frame-Options | DENY |
| X-Content-Type-Options | nosniff |
| X-XSS-Protection | 1; mode=block |
| Content-Type | text/html; charset=utf-8 |
| Vary | Accept-Encoding |
| Content-Encoding | gzip |
| ETag | W/"4f4957ce590cbfe41542f44a83b376f9" |
| Cache-Control | max-age=0, private, must-revalidate |
| X-Request-Id | 5302c224-05f0-4b69-ba7c-c2b28ce49655 |
| X-Runtime | 0.155830 |
| X-Service | Equestria.Social |
| X-Software | Mastodon |
| X-Powered-By | Ponies |
| Content-Security-Policy | default-src 'none'; base-uri 'self' equestria.social *.equestria.social; child-src 'self' https:; connect-src 'self' equestria.social ws://equestria.social wss://equestria.social; font-src 'self' assets.equestria.social; img-src 'self' data: media.equestria.social ponyfrance.net; media-src 'self' media.equestria.social; object-src 'self'; script-src 'self' assets.equestria.social; style-src 'self' 'unsafe-inline' assets.equestria.social; upgrade-insecure-requests |
| Public-Key-Pins | max-age=31536000; pin-sha256="H1CeUpeehHUAP5FEMog4LRojfHm2f0mV0NwIcfYbwJ8="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; includeSubDomains; preload |
| Keep-Alive | timeout=5, max=99 |
| Connection | Keep-Alive |
| Transfer-Encoding | chunked |