Server | nginx |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Pragma | no-cache |
X-Frame-Options | SAMEORIGIN |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Host-Header | 192fc2e7e50945beb8231a492d6a8024 |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | default-src 'self' https:; img-src 'self' data: *.cloudfront.net *.paypal.com *.google-analytics.com *.stripe.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.google-analytics.com *.googleapis.com *.addthis.com *.addthisedge.com *.stripe.com *.facebook.com; frame-src 'self' *.addthis.com *.stripe.com; child-src 'self' *.addthis.com *.stripe.com; connect-src 'self' *.stripe.com *.addthis.com; frame-ancestors 'self'; object-src 'none' |
Referrer-Policy | strict-origin-when-cross-origin |
X-Proxy-Cache | MISS |
X-Page-Speed | 1.11.33.1-0 |
Cache-Control | max-age=0, no-cache, no-store |
Content-Encoding | gzip |