Server | nginx/1.9.2 |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Keep-Alive | timeout=20 |
Status | 200 OK |
X-Frame-Options | DENY |
Content-Security-Policy-Report-Only | default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.yandex.ru https://mc.yandex.ru https://yandex.ru/ www.google-analytics.com *.cackle.me wss://rt5.cackle.me gneszdo.ru js-agent.newrelic.com www.googletagservices.com *.googleadservices.com *.g.doubleclick.net https://securepubads.g.doubleclick.net http://www.googleadservices.com http://partner.googleadservices.com *.mail.ru *.google.ru *.google.com *.google.com.ua; font-src 'self' 'unsafe-inline' 'unsafe-eval' maxcdn.bootstrapcdn.com https://fonts.gstatic.com http://www.googleadservices.com; frame-ancestors 'self' www.by-hand.ru; frame-src 'self' https: www.koolinar.ru www.by-hand.ru *.googlesyndication.com *.gnezdo.ru *.doubleclick.net *.g.doubleclick.net *.yandex.ru *.cackle.me yastatic.net www.youtube.com *.facebook.com vk.com *.google.ru *.google.com *.google.com.ua https://www.google.ru http://connect.mail.ru http://www.googleadservices.com; img-src * data:; object-src 'self' *.googlesyndication.com *.googleadservices.com http://www.googleadservices.com https://tpc.googlesyndication.com http://content.adfox.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cackle.ru cackle.me *.cackle.me bam.nr-data.net ads.adfox.ru *.yandex.ru yandex.st https://mc.yandex.ru https://yandex.st www.google-analytics.com gneszdo.ru js-agent.newrelic.com *.googletagservices.com *.googleadservices.com *.mail.ru *.doubleclick.net *.g.doubleclick.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com http://www.googleadservices.com http://partner.googleadservices.com *.googlesyndication.com jhf.ru connect.facebook.net vk.com https://apis.google.com https://www.gstatic.com *.gstatic.com *.google.ru *.google.com *.google.com.ua https://connect.ok.ru http://my2.imgsmail.ru https://relap.io https://snip.ly https://cdn.onthe.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cackle.me https://fonts.googleapis.com http://www.googleadservices.com; report-uri /csp200; |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Permitted-Cross-Domain-Policies | none |
Vary | User-Agent |
X-UA-Compatible | IE=Edge,chrome=1 |
ETag | W/"ca552735d2209d990f12e117d5f186c5" |
Cache-Control | max-age=0, private, must-revalidate |
X-Request-Id | 82ddd70365a5710183795d1cbf432c98 |
X-Runtime | 0.805845 |
X-Rack-Cache | miss |
Content-Encoding | gzip |