Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Vary | Accept-Encoding, X-Requested-With |
X-Frame-Options | SAMEORIGIN |
Content-Security-Policy | connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com/; default-src 'self'; font-src 'self' data: https://zlavomat.sgcdn.cz https://themes.googleusercontent.com https://*.gstatic.com https://cdn.livechatinc.com; form-action 'self'; frame-ancestors 'self'; frame-src *; img-src data: *; object-src 'self' https://zlavomat.sgcdn.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zlavomat.sgcdn.cz https://maps.gstatic.com https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleadservices.com https://*.visualwebsiteoptimizer.com https://*.livechatinc.com https://be1.sk https://*.be1.sk; style-src 'self' 'unsafe-inline' https://zlavomat.sgcdn.cz https://*.google.com https://*.googleapis.com https://*.kdukvh.com; report-uri /csplog |
Pragma | no-cache |
ETag | W/"0f0dc528a9498531d5185fa5d878e13ffd1e39c3" |
Cache-Control | no-cache, must-revalidate |
X-Hostname | bubik.stable.cz |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
Public-Key-Pins | pin-sha256="vIEVkD7QImDsQo4REPvveP1xL9HH0HiJJ+0OXXX4Up8="; pin-sha256="MWTPZAJF2eO1KjyzWgBoLySyx9pzisLV0j6KN2lzwPw="; max-age=31536000; includeSubDomains; report-uri="/pkplog" |
X-XSS-Protection | 1; mode=block; report=/xsslog |
Content-Encoding | gzip |