Cache-Control | max-age=0, private, must-revalidate |
Content-Encoding | gzip |
Content-Security-Policy | default-src *; connect-src 'self' https: http: wss:; font-src 'self' data: https: http:; img-src 'self' data: https: http:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data:; style-src 'self' 'unsafe-inline' https: http: |
Content-Type | text/html; charset=utf-8 |
ETag | W/"7b8f4e06cbedbe34f14b1ee6cbc5ce5f" |
Server | nginx |
Strict-Transport-Security | max-age=604800, max-age=15768000; includeSubDomains; preload |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | sameorigin |
X-Permitted-Cross-Domain-Policies | none |
X-Request-Id | bac7c946-61af-4a76-920e-4f758d169c6f |
X-Runtime | 0.164175 |
X-UA-Compatible | IE=edge |
X-XSS-Protection | 1; mode=block |
Connection | keep-alive |