Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Server | nginx/1.4.6 (Ubuntu) |
X-Content-Type-Options | nosniff |
Age | 0 |
X-Runtime | 0.028173 |
Content-Encoding | gzip |
X-Download-Options | noopen |
Vary | Accept-Encoding |
Status | 200 OK |
Cache-Control | max-age=0, private, must-revalidate |
Content-Security-Policy | default-src 'self'; connect-src 'self' https://www.hb.dev:3010 wss://www.hb.dev:3010 https://*.log.optimizely.com https://api.honest.com https://www.honest.com https://scribe.honest.com https://api.airbrake.io; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://www.youtube.com https://player.vimeo.com https://blog.honestbeauty.com/; img-src 'self' *.thcdn.co https://maps.googleapis.com https://img.honest.com https://www.facebook.com https://click.exacttarget.com https://*.log.optimizely.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.mpstat.us https://c.go-mpulse.net https://s-passets.pinimg.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com data:; media-src *.thcdn.co 'self' https://honest-beauty-web.s3.amazonaws.com https://img.honest.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://safetechpageencryption.chasepaymentech.com https://safetechpageencryptionvar.chasepaymentech.com https://app.optimizely.com https://log.optimizely.com https://www.youtube.com https://s.ytimg.com https://c.go-mpulse.net https://js-agent.newrelic.com https://bam.nr-data.net https://www.hb.dev:3010 https://cdn.optimizely.com https://scribe.honest.com https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://alospark.go2cloud.org https://s.amazon-adsystem.com https://track.bestdeals4moms.com https://images.bizrate.com https://cpadna1.com https://ads.dedicatedmedia.com https://secure.adnxs.com https://lfscpttracking.com https://stat.dealtime.com https://pfmedia.go2jump.org https://7001754.collect.igodigital.com https://www.facebook.com https://t.afftrackr.com https://pubads.g.doubleclick.net https://view.atdmt.com https://pixel.quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://platform.twitter.com https://analytics.twitter.com https://t.co https://sp.analytics.yahoo.com https://ads.bluelithium.com https://s.yimg.com https://tkr.yieldmo.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; |
X-Request-Id | 15926993-7bce-4743-a961-89c4bc3c2f0a |
X-XSS-Protection | 1; mode=block |
Strict-Transport-Security | max-age=631152000; includeSubdomains |
X-Frame-Options | ALLOW-FROM https://app.optimizely.com |
X-Permitted-Cross-Domain-Policies | none |
X-Instart-Request-ID | 14055951058457225943:YTN01-CPVNPPRY02:1446717530:606 |