Server | nginx |
Content-Type | text/html; charset=windows-1251 |
Connection | keep-alive |
X-Powered-By | PHP/5.4.41 |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Last-Modified | Thu, 05 Nov 2015 14:08:00 GMT |
Cache-Control | public |
Pragma | no-cache |
Content-Encoding | gzip |
Vary | Accept-Encoding |
X-Frame-Options | DENY |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | report-uri //csp.merlion.ru:8080/report/206513819543030576/; connect-src 'self' *.yandex.ru *.google.com ; child-src 'self' ; font-src 'self' ; form-action 'self' ; frame-ancestors 'self' ; frame-src 'self' *.youtube.com ; img-src 'self' data: *.yandex.ru *.yandex.net *.google-analytics.com *.merlion.ru *.merlion.com data: http://support.ddix.ru http://co.ddix.ru http://iru.ru http://www.google.com ; media-src 'self' ; object-src 'self' ; script-src 'self' *.yandex.ru *.yandex.net *.google-analytics.com http://support.ddix.ru *.google.com ; style-src 'self' *.yandex.ru *.yandex.net 'unsafe-inline' http://support.ddix.ru ; default-src 'none' ; strict-mixed-content-checking; reflected-xss filter; referrer origin-when-cross-origin; |