Server | nginx |
Content-Type | text/html; charset="UTF-8" |
Transfer-Encoding | chunked |
Connection | keep-alive |
Keep-Alive | timeout=20 |
Cache-control | no-store |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
X-Frame-Options | SAMEORIGIN |
P3P | CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" |
Content-Security-Policy | base-uri 'self'; connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data:; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ http://*.synology.com http://*.synology.cn; img-src 'self' data: blob:; media-src 'self' data: about:; report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; style-src 'self' 'unsafe-inline'; |
Strict-Transport-Security | max-age=15768000; includeSubdomains; preload |