Server | nginx |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
X-Frame-Options | SAMEORIGIN |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Strict-Transport-Security | max-age=31536000; includeSubdomains; preload |
Content-Security-Policy | default-src 'self' https://www.google-analytics.com https://rum-collector-2.pingdom.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://rum-static.pingdom.net https://dnn506yrbagrg.cloudfront.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net; img-src 'self' data: https://*.pingdom.net https://secure.gravatar.com https://*.google.com https://*.google.ie https://*.google-analytics.com https://*.facebook.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com; child-src https://*.doubleclick.net https://www.facebook.com https://s-static.ak.facebook.com; |
Cache-Control | no-cache, no-store, must-revalidate, private |