Content-Encoding | gzip |
Content-Security-Policy-Report-Only | default-src 'none'; child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org www.fullstory.com 'nonce-3a6e2b37-636f-49b8-b8a9-2635c3782e28'; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation |
Content-Type | text/html; charset=utf-8 |
ETag | W/"1018f-Bn6cINF4vRTQydKuagQbFb3dtu8" |
set-cookie | connect.sid=s%3AzRfMzTm1L-RYY3yhz5ptZo9hyYK71WVh.IdgSzYjNeQkGgflDrgCQr%2BkgGK67TxiYwfcGwiS79RU; Path=/; HttpOnly; Secure |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-DNS-Prefetch-Control | off |
X-Download-Options | noopen |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
transfer-encoding | chunked |
Connection | keep-alive |