Cache-Control | no-cache, no-store, must-revalidate |
Pragma | no-cache |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | deflate |
Expires | -1 |
Vary | Accept-Encoding |
Server | |
X-UA-Compatible | IE=Edge |
X-Frame-Options | SAMEORIGIN, SAMEORIGIN |
Content-Security-Policy | child-src 'self' www.customerdataplatform.co.uk www.pathtopersonalisation.com s7.addthis.com www.youtube.com vars.hotjar.com forms.hubspot.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' api.usemessages.com static.hotjar.com script.hotjar.com js.hs-analytics.net js.hs-scripts.com m.addthisedge.com m.addthis.com forms.hubspot.com maps.googleapis.com maps.google.com js.hsforms.net s7.addthis.com fonts.googleapis.com apis.google.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com cdn.optimizely.com js.leadin.com js.hsleadflows.net; |
Strict-Transport-Security | max-age=15768000; includeSubdomains |
X-Xss-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |