Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Strict-Transport-Security | max-age=7776000; includeSubDomains; preload |
X-Download-Options | noopen |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | connect-src 'self'; default-src 'self' 'unsafe-inline'; font-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com *.google.com cdnjs.cloudflare.com; frame-src *.facebook.com *.youtube.com; img-src *; sandbox allow-forms allow-scripts allow-same-origin allow-popups; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com *.google.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.facebook.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com maxcdn.bootstrapcdn.com *.google.com cdnjs.cloudflare.com |
set-cookie | lang=vi; path=/; expires=Sun, 10 Dec 2017 12:42:37 GMT; secure
XSRF-TOKEN=5b83AmbR-9we7NP3bE_6tIpmETW4zGnFkrkQ; Path=/
khaosat.session=s%3AKjPNI6Y1W2pWFdCAkFrZbPtnVV6mttVP.PA3e9fg28BztGpIb1SShE75bXawQ6rMfmhfKcsrfB4I; Path=/; Expires=Sun, 25 Dec 2016 12:42:37 GMT; HttpOnly; Secure |
ETag | W/"+SwjQ1nvdjvkC9q+25XtiA==" |
Content-Encoding | gzip |