Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Cache-Control | no-cache, no-store, must-revalidate |
Pragma | no-cache |
Expires | 0 |
Strict-Transport-Security | max-age=31536000 |
X-Frame-Options | SAMEORIGIN |
X-Content-Type-Options | nosniff |
Content-Security-Policy | default-src 'none'; connect-src 'self' https://api.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com www.google.com https://js.stripe.com; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com ajax.googleapis.com www.google.com; img-src 'self' https://www.paypal.com https://www.google-analytics.com; frame-src 'self' https://js.stripe.com; |
Content-Encoding | gzip |