Content-Security-Policy | default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.small-improvements.com ssl.google-analytics.com cdn.mxpnl.com rum-static.pingdom.net api.flickr.com widget.intercom.io js.intercomcdn.com static.intercomcdn.com use.typekit.net capture.trackjs.com; style-src 'self' 'unsafe-inline' *.small-improvements.com use.typekit.net; connect-src 'self' *.small-improvements.com *.intercom.io wss://*.intercom.io capture.trackjs.com api.mixpanel.com ws://127.0.0.1:*; img-src * data:; media-src *; object-src * |
Content-Security-Policy-Report-Only | ; form-action 'self' *.small-improvements.com; report-uri /api/csp-report |
Cache-Control | no-cache, max-age=0, must-revalidate, no-store |
Expires | Thu, 01 Jan 1970 00:00:00 GMT |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Content-Type | text/html; charset=utf-8 |
Content-Language | en-US |
Pragma | no-cache |
X-UA-Compatible | IE=edge,chrome=1 |
X-FRAME-OPTIONS | SAMEORIGIN |
Content-Encoding | gzip |
Vary | Accept-Encoding |
Server | Google Frontend |
Alternate-Protocol | 443:quic,p=1 |
Alt-Svc | quic=":443"; ma=604800; v="30,29,28,27,26,25" |
Transfer-Encoding | chunked |