Server | nginx |
Content-Type | text/html; charset=windows-1251 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Expires | Sat, 07 Nov 2015 14:47:46 GMT |
Cache-Control | no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0 |
Pragma | no-cache |
Last-Modified | Fri, 06 Nov 2015 16:04:00 GMT |
Accept-Charset | windows-1251 |
Vary | Accept-Encoding, User-Agent |
Access-Control-Allow-Origin | http://hghltd.yandex.net |
Access-Control-Allow-Headers | origin, x-requested-with, content-type |
Access-Control-Allow-Methods | PUT, GET, POST, OPTIONS |
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' about fstatic.ru *.fstatic.ru *.flower-shop.ru *.cloudpayments.ru *.googletagmanager.com *.googleadservices.com https://*.googleadservices.com *.doubleclick.net https://*.doubleclick.net *.google-analytics.com *.twitter.com https://*.googleapis.com *.googleapis.com https://*.yandex.ru *.yandex.ru https://*.yandex.net *.yandex.net *.newrelic.com userapi.com *.userapi.com *.google.com *.goodsites.ru yandex.st https://*.gstatic.com *.gstatic.com https://*.youtube.com *.youtube.com https://*.ytimg.com *.cloudpayments.ru *.ytimg.com *.facebook.net *.nr-data.net; object-src 'self' fstatic.ru *.fstatic.ru *.flower-shop.ru *.cloudpayments.ru https://*.youtube.com *.youtube.com yandex.ru *.yandex.ru yandex.net *.yandex.net yandex.st *.yandex.st; style-src 'self' 'unsafe-inline' fstatic.ru *.fstatic.ru *.cloudpayments.ru *.flower-shop.ru https://*.googleapis.com https://*.google.com *.google.com *.googleapis.com https://*.yandex.ru *.yandex.ru https://*.yandex.net *.yandex.net; img-src 'self' about data: fstatic.ru *.fstatic.ru *.flower-shop.ru *.cloudpayments.ru *.goodsites.ru *.yadro.ru *.google-analytics.com https://*.yandex.ru *.yandex.ru https://*.yandex.net *.yandex.net https://*.gstatic.com *.gstatic.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.cdninstagram.com *.rambler.ru https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com yastatic.net *.yastatic.net *.newrelic.com yandex.st *.yandex.st vk.com https://vk.com *.google.ru htpps://*.google.ru; media-src 'self' fstatic.ru *.fstatic.ru *.cloudpayments.ru *.flower-shop.ru; frame-src 'self' fstatic.ru *.fstatic.ru *.cloudpayments.ru *.flower-shop.ru *.twitter.com *.googletagmanager.com *.yandex.ru *.yandex.net yastatic.net https://*.facebook.com *.facebook.com https://vk.com vk.com https://*.vk.com *.vk.com https://*.youtube.com *.cloudpayments.ru *.youtube.com driedflowers.ru; font-src 'self' fstatic.ru *.cloudpayments.ru *.fstatic.ru *.flower-shop.ru https://*.gstatic.com *.gstatic.com *.googleusercontent.com; connect-src 'self' fstatic.ru *.fstatic.ru *.cloudpayments.ru *.flower-shop.ru *.googletagmanager.com *.google-analytics.com https://*.googleapis.com *.googleapis.com *.voicecards.ru *.yandex.ru https://*.yandex.ru *.yandex.net; report-uri http://www.flower-shop.ru/csp_report.php; |
Content-Encoding | gzip |