Content-Encoding | gzip |
Content-Security-Policy | font-src data: blob: *; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.cloudfront.net *.kxcdn.com *.google.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.facebook.net *.twitter.com *.line.me *.kakao.com *.reamaze.com *.ateli.com; img-src data: blob: *; media-src data: blob: * |
Content-Type | text/html; charset=utf-8 |
Server | nginx |
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
X-Content-Security-Policy | font-src data: blob: *; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.cloudfront.net *.kxcdn.com *.google.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.facebook.net *.twitter.com *.line.me *.kakao.com *.reamaze.com *.ateli.com; img-src data: blob: *; media-src data: blob: * |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
transfer-encoding | chunked |
Connection | keep-alive |