Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Last-Modified | Sat, 17 Feb 2018 05:14:23 GMT |
Expires | Sat, 17 Feb 2018 06:14:23 GMT |
Pragma | public |
Cache-Control | public, must-revalidate, proxy-revalidate |
ETag | "f4cf91c4a2dcaaf753ea6274c7ac454c" |
Content-Encoding | gzip |
Vary | Accept-Encoding |
Server | pkern-nginx |
Strict-Transport-Security | max-age=15768000 |
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytic.pkern.at https://www.google.com https://www.gstatic.com https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https:; media-src 'self'; object-src 'self'; child-src 'self' https://www.youtube.com; frame-src 'self' https://www.google.com https://www.youtube.com; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; reflected-xss block; manifest-src 'self'; referrer no-referrer; report-uri https://pkernstock.report-uri.io/r/default/csp/enforce; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
Referrer-Policy | no-referrer-when-downgrade |