Server | nginx |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding, Accept-Encoding |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
Pragma | no-cache |
X-App-Server | 4 |
Strict-Transport-Security | max-age=31104000; includeSubdomains; preload |
Public-Key-Pins | pin-sha256="IGSslWCxf82ibQegGB4vxKCbe4AuKICYfgTqRVMNjG8="; pin-sha256="+kMuUCZKtW4uAIwWVMDIQWB6ppGGTZhTD08o3aaBiaI="; pin-sha256="iwLBVDWmS8LxRUMXmJkvgeouEyQ+V98PVrd/E2Wl6T4="; max-age=600; report-uri="https://test.report-uri.io/report/ScottHelme" |
Content-Security-Policy | default-src 'self'; script-src 'self' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://www.google-analytics.com https://platform.twitter.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://i1.wp.com https://www.gravatar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; connect-src 'self'; report-uri https://report-uri.io/report/ScottHelme/ |
Content-Security-Policy-Report-Only | default-src * ; script-src 'self' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://www.google-analytics.com https://platform.twitter.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://i1.wp.com https://www.gravatar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; connect-src 'self' ; media-src 'none' ; object-src 'none' ; child-src 'none' ; frame-ancestors 'none' ; form-action 'self' ; upgrade-insecure-requests; block-all-mixed-content; reflected-xss filter; base-uri https://report-uri.io; manifest-src 'none' ; referrer origin-when-cross-origin; report-uri https://test.report-uri.io/report/ScottHelme/reportOnly/ |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
X-Load-Balancer | 2 |
Content-Encoding | gzip |