Server | nginx |
Content-Type | text/html; charset=iso-8859-1 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Pragma | no-cache |
Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0, public |
X-Frame-Options | SAMEORIGIN |
Alternate-Protocol | 443:npn-http/2 |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
X-Permitted-Cross-Domain-Policies | master-only |
X-UA-Compatible | IE=Edge |
Access-Control-Allow-Origin | * |
Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazon.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.jquery.com *.youtube.com maps.gstatic.com *.googleapis.com *.gstatic.com/recaptcha/ *.google.com/recaptcha/ *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; child-src 'self' *.paypal.com *.paypalobjects.com *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' |
Content-Encoding | gzip |