Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.google-analytics.com https://*.segment.io https://*.fullstory.com https://*.contentful.com https://fonts.gstatic.com https://*.typekit.net/ https://*.eyeonid.com; style-src 'self' 'unsafe-inline' https://assets.contentful.com https://fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://use.typekit.net https://cdn.segment.com http://cdn.segment.com https://*.fullstory.com https://*.google.com https://*.gstatic.com https://e2ax8.u3u9p.eyeonid.com |
Content-Type | text/html; charset=utf-8 |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Permitted-Cross-Domain-Policies | master-only |
X-XSS-Protection | 1; mode=block |
Connection | keep-alive |
Strict-Transport-Security | max-age=31536000 |
X-Iinfo | 10-158350798-158350834 NNNN CT(139 276 0) RT(1519242435985 127) q(0 0 4 0) r(5 5) U12 |
X-CDN | Incapsula |
Content-Encoding | gzip |
Transfer-Encoding | chunked |