Server | Apache/2.2.22 |
Expires | -1 |
Cache-Control | no-cache, no-store, must-revalidate |
Pragma | no-cache |
Content-Encoding | gzip |
Vary | Accept-Encoding,User-Agent |
X-XSS-Protection | 1; mode=block |
X-Frame-Options | SAMEORIGIN |
X-Content-Type-Options | nosniff |
X-Permitted-Cross-Domain-Policies | master-only |
Access-Control-Allow-Origin | http://www.flintro.com/ |
Access-Control-Allow-Headers | X-accept-charset, X-accept, X-test-header, Origin, X-Requested-With, Content-Type, Accept |
Access-Control-Allow-Methods | OPTIONS, GET, POST, PUT, DELETE |
Access-Control-Allow-Credentials | true |
Access-Control-Expose-Headers | Content-Type |
x-xhr-request | true |
Referrer-Policy | strict-origin-when-cross-origin |
Content-Security-Policy | default-src 'self' ; frame-ancestors 'none'; connect-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; child-src 'self' www.google.com https://maps.google.com |
X-Content-Security-Policy | default-src 'self' ; frame-ancestors 'none'; connect-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; child-src 'self' www.google.com https://maps.google.com |
X-WebKit-CSP | default-src 'self' ; frame-ancestors 'none'; connect-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; child-src 'self' www.google.com https://maps.google.com |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Transfer-Encoding | chunked |
Content-Type | text/html; charset=UTF-8 |
Content-Language | en-US |