Server | Apache |
Content-Security-Policy | script-src 'self' https://cdn.syndication.twimg.com https://ssl.google-analytics.com https://platform.twitter.com http://platform.twitter.com http://www.google-analytics.com; frame-src https://platform.twitter.com https://twitter.com; font-src 'self'; object-src 'none'; img-src 'self' data: https://www.paypalobjects.com https://pbs.twimg.com https://twitter.com http://www.google-analytics.com https://ssl.google-analytics.com; media-src 'none'; style-src 'self' http://platform.twitter.com https://platform.twitter.com; connect-src 'none'; |
X-Frame-Options | sameorigin |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
X-Permitted-Cross-Domain-Policies | 'none' |
Vary | Accept-Encoding |
Content-Encoding | gzip |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Keep-Alive | timeout=15, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=utf-8 |