Content-Encoding | gzip |
Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsconsole.com *.payline.com *.facebook.com *.facebook.net *.twitter.com *.stripe.com *.angularjs.org *.rawgithub.com *.rawgit.com *.maxcdn.com *.cloudflare.com https://*.google-analytics.com *.googleadservices.com https://*.gstatic.com *.googleapis.com *.google.com ;connect-src 'self' *.payline.com https://unpkg.com https://*.stripe.com https://*.googleapis.com https://*.soundcloud.com https://*.sndcdn.com https://*.yahooapis.com https://*.facebook.com ;object-src 'self' https: ;media-src 'self' data: https://*.sndcdn.com ;img-src 'self' https: data: ;style-src 'self' 'unsafe-inline' *.payline.com https://*.stripe.com https://*.googleapis.com https://*.myfontastic.com ;font-src 'self' data: *.payline.com *.bootstrapcdn.com https://*.gstatic.com https://*.myfontastic.com https://tracks.co; |
Content-Type | text/html; charset=UTF-8 |
Server | Apache |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Vary | Accept-Encoding,User-Agent |
X-Content-Type-Options | nosniff |
X-Permitted-Cross-Domain-Policies | none |
X-XSS-Protection | 1; mode=block |
Connection | keep-alive |