Server | nginx/1.8.0 |
Content-Type | text/html |
Transfer-Encoding | chunked |
Connection | keep-alive |
X-Nginx-Page-Cache | HIT |
Strict-Transport-Security | max-age=31536000; |
Content-Security-Policy-Report-Only | default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report |
Content-Security-Policy | default-src 'self' *.ckeditor.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ckeditor.com *.google.com *.googleapis.com *.google-analytics.com https://*.facebook.net https://*.yandex.ru https://*.twitter.com; connect-src 'self' https://*.yandex.ru; img-src 'self' data: *.ckeditor.com *.google-analytics.com *.googleapis.com *.google.com *.facebook.com *.yandex.ru *.yandex.net *.yandex.st https://*.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.ckeditor.com *.googleapis.com https://*.bootstrapcdn.com; frame-src 'self' *.twitter.com *.google.com *.facebook.com *.youtube.com s-static.ak.facebook.com; object-src 'self' 'unsafe-inline' 'none'; font-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com; |
Content-Encoding | gzip |