X-Powered-By | Express |
Cache-Control | private, no-cache, no-store, must-revalidate, max-age=0 |
Content-Type | text/html |
X-UA-Compatible | IE=Edge |
X-Frame-Options | DENY |
Content-Security-Policy | frame-ancestors 'none'; connect-src 'self' *.google-analytics.com *.stripe.com *.braintreegateway.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.stripe.com *.braintreegateway.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.gravatar.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com *.doubleclick.net; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com |
X-Content-Security-Policy | frame-ancestors 'none'; connect-src 'self' *.google-analytics.com *.stripe.com *.braintreegateway.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.stripe.com *.braintreegateway.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.gravatar.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com *.doubleclick.net; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com |
X-Xss-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
set-cookie | JSESSIONID=JRxDXc48qNyLbBhu8OxGovd7WJkzcqevy-lCqJYX; path=/; domain=.exploretock.com; secure; Max-Age=86400; Expires=Thu, 07-Dec-2017 12:40:02 GMT; Secure |
Transfer-Encoding | chunked |
Content-Encoding | gzip |
X-backends | consumer-prod |
Strict-Transport-Security | max-age=15554000; includeSubDomains; preload |