Server | Cowboy |
Connection | keep-alive |
X-Xss-Protection | 1; mode=block |
X-Frame-Options | SAMEORIGIN |
X-Download-Options | noopen |
X-Content-Type-Options | nosniff |
Content-Security-Policy | child-src 'self'; connect-src * ws: swapi.co; default-src 'self'; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com t.co; font-src 'self' fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.io *.google-analytics.com connect.facebook.net static.ads-twitter.com analytics.twitter.com sha256-275fe696795d6e0504d3c192603e6d1f5176052bab677b4076fb6ed3058d457b sha256-ee391e9a090d65010db194c763aa3bd6499dcb6a201356667af5485240ff765e sha256-82d2858f4c8d7ada480e4037e8fcfe925ebfb71f32d97b0bb43fee16de255189 sha256-6ff558de2ff54c1ea887239e2a10818efba098e25dd30348ead66a9f396aafb8; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' fonts.googleapis.com blob: |
Server-Timing | serverRuntime=0.051; "Server runtime", renderApp=0.015; "Render app" |
Content-Type | text/html; charset=utf-8 |
Etag | W/"b95d-EpYL2Ck5ij65ndFleoMj0xIGroA" |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Transfer-Encoding | chunked |
Via | 1.1 vegur |