Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Access-Control-Allow-Headers | Accept, X-Requested-With, Content-Type, Authorization |
Access-Control-Allow-Credentials | true |
Access-Control-Expose-Headers | X-Flat-Access-Token, X-Flat-User, X-Flat-Organization |
X-Frame-Options | SAMEORIGIN |
Access-Control-Allow-Origin | https://flat.io |
ETag | W/"3667-bJ736kt9yIEdYG9z+AdsNw" |
Strict-Transport-Security | max-age=31536000; |
X-Content-Type-Options | nosniff |
Content-Security-Policy-Report-Only | script-src 'self' *.flat.io *.google-analytics.com *.google.com *.intercom.io *.intercomcdn.com 'unsafe-inline' 'unsafe-eval';connect-src 'self' *.flat.io wss://*.flat.io *.intercom.io wss://*.intercom.io;report-uri /security/csp-report |
X-XSS-Protection | 1; mode=block |
Content-Encoding | gzip |