Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Cache-Control | no-store, no-cache, must-revalidate |
Pragma | no-cache |
Strict-Transport-Security | max-age=63113904; includeSubDomains; preload |
Content-Security-Policy | default-src 'self'; script-src 'self' api.stripe.com js.stripe.com www.google.com www.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google-analytics.com cdn.datatables.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; img-src 'self' data: www.google-analytics.com secure.gravatar.com cdnjs.cloudflare.com i1.wp.com www.gravatar.com chart.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' api.stripe.com; frame-ancestors 'none'; form-action 'self' hooks.stripe.com; frame-src js.stripe.com www.google.com; child-src js.stripe.com www.google.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.io/r/default/csp/enforce |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Referrer-Policy | strict-origin-when-cross-origin |
Content-Encoding | gzip |
Server | cloudflare-nginx |
CF-RAY | 3bb0e7417b563fd1-YUL |