Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Expires | Mon, 26 Jul 1997 05:00:00 GMT |
Pragma | no-cache |
Cache-control | private |
P3P | policyref="https://heyfiesta.com/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA" |
Content-Security-Policy | default-src 'self' heyfiesta.com eu1.heyfiesta.com us1.heyfiesta.com *.heyfiesta.com *.eu1.heyfiesta.com *.us1.heyfiesta.com fstcdn.net *.fstcdn.net *.badoo.com *.api.here.com *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fstcdn.net *.fstcdn.net *.googleapis.com maps.gstatic.com www.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru ssl.google-analytics.com *.api.here.com *.instagram.com *.digicert.com; style-src 'self' 'unsafe-inline' fstcdn.net *.fstcdn.net vk.com *.vk.me *.googleapis.com; font-src 'self' fstcdn.net *.fstcdn.net fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; frame-src *; frame-ancestors 'self' apps.facebook.com; report-uri /jss/csp_report.phtml |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Content-Encoding | gzip |