Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Access-Control-Allow-Origin | https://plotdb.io |
Access-Control-Allow-Headers | Origin, X-Requested-With, Content-Type, Accept |
Access-Control-Allow-Methods | PUT |
Content-Security-Policy | default-src 'self' blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/sdk.js www.google-analytics.com apis.google.com *.stripe.com; style-src 'self' 'unsafe-inline' www.google-analytics.com fonts.googleapis.com; img-src 'self' data: blob: www.google-analytics.com www.facebook.com static.xx.fbcdn.net csi.gstatic.com *.stripe.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: blob: *.stripe.com *.facebook.com *.googleapis.com accounts.google.com; connect-src 'self' data: blob: |
X-Content-Security-Policy | default-src 'self' blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/sdk.js www.google-analytics.com apis.google.com *.stripe.com; style-src 'self' 'unsafe-inline' www.google-analytics.com fonts.googleapis.com; img-src 'self' data: blob: www.google-analytics.com www.facebook.com static.xx.fbcdn.net csi.gstatic.com *.stripe.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: blob: *.stripe.com *.facebook.com *.googleapis.com accounts.google.com; connect-src 'self' data: blob: |
Cache-Control | public, max-age=0 |
Last-Modified | Thu, 24 Nov 2016 00:25:42 GMT |
ETag | W/"5051-15893b94370" |
X-Frame-Options | SAMEORIGIN |
X-Download-Options | noopen |
X-Content-Type-Options | nosniff |
Content-Encoding | gzip |