Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
ETag | W/"2d59fb88702d3b082025e8216b391eaae4a27159" |
Cache-Control | max-age=0, private, must-revalidate |
X-UA-Compatible | IE=Edge,chrome=1 |
X-Request-Id | 411cf01b9c10d4e1b60a51d1604c07b3 |
X-Runtime | 0.338642 |
X-Rack-Cache | miss |
Strict-Transport-Security | max-age=631138519; includeSubdomains; |
Content-Security-Policy | connect-src 'self' 'unsafe-inline' wss: *.zopim.com *.zendesk.com https: *.zopim.com *.zendesk.com; default-src 'self'; font-src 'self' data: 'self' *.zopim.com https: fast-fonts.net maps.gstatic.com *.zopim.com *.zendesk.com; frame-src 'self' https: *.zopim.com *.zendesk.com *.payplace.de; img-src https: data: 'unsafe-inline' 'self' *.itunes.apple.com developer.android.com *.googleapis.com maps.gstatic.com *.zopim.com *.zendesk.com http: *.media.tumblr.com; media-src https: 'self' *.zopim.com *.zendesk.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' http: static.tumblr.com assets.tumblr.com maps.google.com google-analytics.com *.zopim.com *.zendesk.com; style-src https: 'self' 'unsafe-inline' *.zopim.com *.zendesk.com fonts.googleapis.com fast-fonts.net; report-uri '/_/csp-reports' |
X-Frame-Options | SAMEORIGIN |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
X-Download-Options | noopen |
X-Permitted-Cross-Domain-Policies | none |
Content-Encoding | gzip |