Server | Apache |
Vary | Accept-Encoding,User-Agent |
Content-Encoding | gzip |
Content-Security-Policy | default-src 'self' mid.as *.mid.as ; script-src 'self' mid.as *.mid.as 'unsafe-inline' 'unsafe-eval' seal.alphassl.com ajax.googleapis.com www.googleadservices.com www.google-analytics.com api.stripe.com js.stripe.com platform.twitter.com syndication.twitter.com ; style-src 'self' 'unsafe-inline' mid.as *.mid.as platform.twitter.com ; img-src 'self' data: mid.as *.mid.as seal.alphassl.com www.google-analytics.com www.googleadservices.com stats.g.doubleclick.net platform.twitter.com syndication.twitter.com pbs.twimg.com q.stripe.com *.ytimg.com ; frame-src 'self' mid.as *.mid.as js.stripe.com platform.twitter.com syndication.twitter.com www.youtube.com ; child-src 'self' mid.as *.mid.as js.stripe.com www.youtube.com ; connect-src 'self' api.stripe.com ; report-uri https://mid.as/csp.pl; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block; report=https://mid.as/csp.pl |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=UTF-8 |