Cache-Control | private,no-cache, no-store, must-revalidate |
Pragma | no-cache |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
Expires | 0 |
Vary | Accept-Encoding |
X-Frame-Options | SAMEORIGIN |
Arr-Disable-Session-Affinity | True |
Content-Security-Policy | style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; report-uri /WebResource.axd?cspReport=true |
Access-Control-Allow-Methods | GET,PUT,POST,DELETE,OPTIONS |
Access-Control-Allow-Headers | Origin, X-Requested-With, Content-Type, Accept |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Strict-Transport-Security | max-age=31536000; includeSubDomains |