Server | Apache/2.4.18 (Ubuntu) |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Frame-Options | SAMEORIGIN |
Access-Control-Allow-Origin | https://gregorians.org |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Content-Security-Policy | default-src 'self'; img-src 'self' data: https://*.statcounter.com https://*.google-analytics.com https://www.w3.org https://*.google.com https://*.googleapis.com; script-src 'self' about: https://*.google-analytics.com www.facebook.com https://*.google.com https://*.google.com https://*.googleapis.com 'unsafe-eval'; child-src 'self' gsa: https://www.facebook.com https://*.youtube.com; connect-src 'self'; object-src 'self'; style-src 'self' https://*.google.com; font-src data:; manifest-src https://gregorians.org; report-uri https://gregorians.report-uri.com/r/d/csp/enforce |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=UTF-8 |