Cache-Control | max-age=0, private, must-revalidate |
Content-Security-Policy | default-src https: *.sharesecret.co 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self' accounts.google.com js.driftt.com; connect-src wss: *.segment.io api.mixpanel.com 'self' *.drift.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; form-action 'self' *.sharesecret.co; frame-ancestors accounts.google.com; img-src *.sharesecret.co data: platform.slack-edge.com 'self' *.typekit.net *.googleusercontent.com www.google-analytics.com; manifest-src 'self'; media-src utoob.com; object-src 'self'; plugin-types application/x-shockwave-flash; script-src *.sharesecret.co 'self' 'unsafe-inline' cdn.segment.com cdn.mxpnl.com js.driftt.com *.drift.com *.google-analytics.com *.typekit.net apis.google.com; style-src blob: 'unsafe-inline' fonts.googleapis.com 'self' *.sharesecret.co cdnjs.cloudflare.com; upgrade-insecure-requests; worker-src 'self' |
Content-Type | text/html; charset=utf-8 |
ETag | W/"4d08530d0be27f19cfb2f46d76f87657" |
Referrer-Policy | origin-when-cross-origin, strict-origin-when-cross-origin |
Server | nginx/1.8.1 |
Strict-Transport-Security | max-age=604800 |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | DENY |
X-Permitted-Cross-Domain-Policies | none |
X-Request-Id | eb3c0ba7-0d21-4a88-9b2c-14d4325f71da |
X-Runtime | 0.004809 |
X-XSS-Protection | 1; mode=block |
Content-Length | 11591 |
Connection | keep-alive |