Server | Apache |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
Pragma | no-cache |
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' data: api.instagram.com *.pisos.com code.jquery.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.youtube.com *.ytimg.com *.googlevideo.com fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net 'unsafe-eval'; style-src 'self' 'unsafe-inline' data: code.jquery.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.youtube.com *.ytimg.com *.googlevideo.com fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.facebook.com oi2web.com goo.gl player.vimeo.com *.youtube.com *.google.com; child-src 'self' *.facebook.com oi2web.com goo.gl player.vimeo.com *.youtube.com *.google.com; connect-src 'self' translate.googleapis.com; img-src * data: blob:; media-src *; object-src 'self'; frame-ancestors 'self'; reflected-xss block; referrer origin-when-cross-origin; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
Referrer-Policy | origin-when-cross-origin |
Content-Encoding | gzip |
Vary | Accept-Encoding |
Keep-Alive | timeout=2, max=200 |
Connection | Keep-Alive |
Transfer-Encoding | chunked |
Content-Type | text/html |