Server | nginx |
Content-Type | text/html; charset=UTF-8 |
Connection | keep-alive |
Keep-Alive | timeout=30 |
X-Frame-Options | SAMEORIGIN |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Cache-Control | max-age=604800 |
Expires | Sat, 17 Mar 2018 21:10:59 GMT |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | default-src 'self' staticxx.facebook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com apis.google.com connect.facebook.net platform.twitter.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com www.facebook.com stats.g.doubleclick.net syndication.twitter.com secure.gravatar.com www.hb.cz; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com; frame-src apis.google.com accounts.google.com platform.twitter.com www.facebook.com staticxx.facebook.com www.youtube.com; |
X-Content-Type-Options | nosniff |