Server | Apache |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Content-Security-Policy | default-src https: wss:; script-src 'self' https: 'unsafe-inline' www.google-analytics.com ajax.googleapis.com hotjar.com cdn.jsdelivr.net oss.maxcdn.com; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com hotjar.com data:; font-src 'self' https: fonts.googleapis.com fonts.gstatic.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Cache-Control | max-age=60 |
Expires | Mon, 17 Apr 2017 11:51:18 GMT |
Connection | close |
Transfer-Encoding | chunked |
Content-Type | text/html; charset=utf-8 |