content-security-policy | default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self' *.oculus.com ad.atdmt.com connect.facebook.net www.google-analytics.com static.oculuscdn.com forums.oculusvr.com;style-src data: blob: 'unsafe-inline' * *.oculus.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com data: www.google-analytics.com stats.g.doubleclick.net ad.atdmt.com www.google.com googleads.g.doubleclick.net; |
X-Frame-Options | DENY |
X-XSS-Protection | 0 |
Access-Control-Allow-Credentials | true |
Access-Control-Allow-Origin | https://www.oculus.com |
Access-Control-Expose-Headers | X-FB-Debug, X-Loader-Length |
Pragma | no-cache |
Access-Control-Allow-Methods | OPTIONS |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
X-Content-Type-Options | nosniff |
Expires | Sat, 01 Jan 2000 00:00:00 GMT |
Cache-Control | private, no-cache, no-store, must-revalidate |
Vary | Origin, Accept-Encoding |
Content-Encoding | gzip |
Content-Type | text/html; charset=UTF-8 |
X-FB-Debug | 8EKjTwNDW5h5VdqHednSsf1u4jKHD0H6iV6XuGdCLEzheFFN7FDScMq4U0zFuYNr8bjEGhLlFg5ifsULwCbAKg== |
Transfer-Encoding | chunked |
Connection | keep-alive |