Server | Apache |
Content-Security-Policy | script-src 'self' 'unsafe-inline' https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://*.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: https://*.google.com https://*.google.co.uk https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net https://secure.gravatar.com https://*.w.org; font-src 'self' data: https://fonts.gstatic.com https://*.bootstrapcdn.com; connect-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com; |
Referrer-Policy | origin |
Strict-Transport-Security | max-age=63072000; includeSubdomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Vary | Cookie,Accept-Encoding |
Content-Encoding | gzip |
Cache-Control | max-age=0 |
Expires | Thu, 18 May 2017 11:55:50 GMT |
Keep-Alive | timeout=15, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset="UTF-8" |