Server | Apache |
X-Content-Type-Options | nosniff |
X-Frame-Options | allow-from https://sturents.com/ |
X-Xss-Protection | 1; mode=block |
Referrer-Policy | strict-origin-when-cross-origin |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Pragma | no-cache |
X-UA-Compatible | Chrome=edge;IE=edge;FF=edge;Opera=edge |
Msapplication-Config | none |
Expect-CT | max-age=0 |
Cache-Control | private, no-cache, private |
Content-Security-Policy-Report-Only | default-src https://tenancysign.com/ wss://chat2.sturents.com:8089/ws www.google.com plus.google.com apis.google.com accounts.google.com maps.googleapis.com ajax.googleapis.com fonts.googleapis.com www.google-analytics.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com www.gstatic.com www.googletagmanager.com pay.gocardless.com api.gocardless.com checkout.stripe.com https://api.worldpay.com/v1/tokens js.stripe.com q.stripe.com cdn.worldpay.com cdnjs.cloudflare.com connect.facebook.net www.facebook.com web.facebook.com staticxx.facebook.com graph.facebook.com sturents.zendesk.com assets.zendesk.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com syndication.twitter.com www.mydeposits.co.uk www.youtube.com services.postcodeanywhere.co.uk data: zxing.org chart.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net www.google.co.uk www.google.be www.googleadservices.com https://static.sturents.com/ 'unsafe-inline' 'unsafe-eval';report-uri https://log.sturents.com/csp |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Strict-Transport-Security | max-age=15768000; includeSubDomains |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=utf-8 |