Server | nginx/1.10.3 (Ubuntu) |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
X-Request-Id | 3b061d90-08a6-11e8-a704-93705fb8bd6b |
Content-Security-Policy | default-src 'self' blob:; script-src 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' dmfh1dh7sl8i1.cloudfront.net fonts.googleapis.com/css maxcdn.bootstrapcdn.com *.twitter.com *.twimg.com; img-src 'self' http: https: blob: data:; connect-src 'self' ws: *.flixpremiere.com api.stripe.com dmfh1dh7sl8i1.cloudfront.net notify.bugsnag.com *.facebook.com *.twitter.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com maxcdn.bootstrapcdn.com; object-src 'self' vjs.zencdn.net; media-src 'self' dmfh1dh7sl8i1.cloudfront.net blob:; frame-src *; worker-src 'self' blob: |
X-Frame-Options | DENY |
Referrer-Policy | origin-when-cross-origin |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Strict-Transport-Security | max-age=10886400; includeSubDomains |
X-Download-Options | noopen |
Vary | Accept-Encoding |
Content-Encoding | gzip |