Content-Encoding | gzip |
x-content-security-policy | default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self';font-src 'self';img-src 'self' data:;connect-src 'self';reflected-xss block |
cache-control | private, max-age=43200 |
x-xss-protection | 1; mode=block |
x-frame-options | DENY |
content-security-policy | default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self';font-src 'self';img-src 'self' data:;connect-src 'self';reflected-xss block |
x-webkit-csp | default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self';font-src 'self';img-src 'self' data:;connect-src 'self';reflected-xss block |
Connection | keep-alive |
frame-options | DENY |
x-content-type-options | nosniff |
strict-transport-security | max-age=31536000; includeSubDomains |
Content-Type | text/html;charset=UTF-8 |