Server | Cowboy |
Connection | keep-alive |
X-Dns-Prefetch-Control | off |
X-Frame-Options | SAMEORIGIN |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
X-Download-Options | noopen |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Content-Security-Policy | default-src 'self' localhost:3000 pausa.ngrok.io *.stripe.com *.facebook.com *.facebook.net *.contentful.com *.segment.io *.drift.com *.driftt.com *.mixpanel.com *.fullstory.com *.autopilothq.com *.youtube.com *.vimeo.com *.snapwidget.com snapwidget.com *.plaid.com giphy.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.ngrok.io *.segment.com *.segment.io *.autopilothq.com *.drift.com *.driftt.com google.com *.google-analytics.com momentjs.com npmcdn.com use.fontawesome.com checkout.stripe.com *.heapanalytics.com *.fullstory.com *.mxpnl.com *.mixpanel.com *.googleadservices.com *.facebook.net *.doubleclick.net *.snapwidget.com snapwidget.com *.plaid.com; style-src 'self' 'unsafe-inline' googleapis.com fonts.googleapis.com use.fontawesome.com *.snapwidget.com snapwidget.com; font-src 'self' fonts.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: scontent.xx.fbcdn.net *.stripe.com *.facebook.com *.google-analytics.com *.doubleclick.net *.wikimedia.org *.giphy.com *.heapanalytics.com *.google.com heapanalytics.com *.pennyappeal.org *.contentful.com giphy.com i.ytimg.com; report-uri /logs/report-violation; object-src 'self'; upgrade-insecure-requests |
Referrer-Policy | same-origin |
Content-Type | text/html; charset=utf-8 |
Etag | W/"7c9a-YMjo61fmj1Fo3JX0wwZWwz97dpY" |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Transfer-Encoding | chunked |
Via | 1.1 vegur |