| Server | Cowboy |
| Connection | keep-alive |
| X-Dns-Prefetch-Control | off |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=2592000000; includeSubDomains |
| X-Download-Options | noopen |
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
| Content-Security-Policy | default-src 'self' *.stripe.com; script-src 'self' 'unsafe-inline' checkout.stripe.com www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://connect.facebook.net/en_US/fbevents.js https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-3.min.js app.intercom.io widget.intercom.io *.intercomcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data: js.intercomcdn.com; img-src 'self' data: blob: *.fbcdn.net *.stripe.com www.google-analytics.com www.facebook.com notify.bugsnag.com spleis-prod.s3.amazonaws.com *.intercomcdn.com *.intercomassets.com graph.facebook.com; connect-src 'self' wss://www.spleis.no checkout.stripe.com api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com; sandbox allow-same-origin allow-forms allow-scripts allow-popups; report-uri /report-violation; object-src 'none'; frame-src checkout.stripe.com share.intercom.io www.youtube.com player.vimeo.com https://www.google.com; media-src 'self' *.intercomcdn.com |
| Content-Type | text/html; charset=utf-8 |
| Etag | W/"3e42-l67XVX5HTUVfq8tqsAPBnw" |
| Vary | Accept-Encoding |
| Content-Encoding | gzip |
| Transfer-Encoding | chunked |
| Via | 1.1 vegur |