Server | Apache |
X-Frame-Options | DENY |
Vary | Accept-Encoding,User-Agent |
Content-Encoding | gzip |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Content-Security-Policy | img-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.youtube.com *.nrleventmerchandiseprepurchase.com *.facebook.com *.cdninstagram.com *.cloudfront.net *.facebook.net *.youtube-nocookie.com *.maps.googleapis.com *.maps.gstatic.com *.google-analytics.com; |
Access-Control-Allow-Origin | * |
Access-Control-Allow-Headers | Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers |
Access-Control-Allow-Methods | GET,HEAD,OPTIONS,POST,PUT |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=UTF-8 |