Server | nginx |
Content-Type | text/html; charset=windows-1251 |
Connection | keep-alive |
X-Powered-By | PHP/5.4.41 |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
Pragma | no-cache |
Content-Encoding | gzip |
Vary | Accept-Encoding |
X-Frame-Options | DENY, DENY |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | report-uri //csp.merlion.ru:8080/report/213382566580540246/pcm/; connect-src https://mc.yandex.ru 'self' http://www.google-analytics.com ; child-src 'none' ; font-src 'self' ; form-action 'self' ; frame-ancestors 'none' ; frame-src 'none' ; img-src http://img.merlion.ru 'self' http://www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru http://co.ddix.ru https://vec04.maps.yandex.net https://vec03.maps.yandex.net https://vec01.maps.yandex.net https://vec02.maps.yandex.net ; media-src 'none' ; object-src 'self' ; script-src 'self' http://www.google-analytics.com 'unsafe-eval' https://mc.yandex.ru https://api-maps.yandex.ru http://mc.yandex.ru http://api-maps.yandex.ru https://clck.yandex.ru https://www.google-analytics.com https://ssl.google-analytics.com https://api.content.market.yandex.ru ; style-src 'self' 'unsafe-inline' ; default-src 'none' ; strict-mixed-content-checking; reflected-xss filter; referrer origin-when-cross-origin; |