Cache-Control | no-cache, public, must-revalidate |
Content-Encoding | gzip |
Content-Security-Policy | default-src 'self' bam.nr-data.net *.jquery.com *.google-analytics.com *.newrelic.com *.cloudflare.com *.amazonaws.com *.kaltura.com *.facebook.net *.twitter.com *.facebook.com *.twimg.com *.googleapis.com *.gstatic.com *.drmtoday.com *.edgekey.net *.visionmediamgmt.com 'unsafe-eval' 'unsafe-inline' data: blob: |
Content-Type | text/html; charset=utf-8 |
ETag | "1706573715" |
Front-End-Https | on |
Public-Key-Pins | pin-sha256="cCZtpNBmnd6uIiP4K71qMYuZyGPb02UYAjM+zrVMbkA="; max-age=15768000; includeSubDomains |
Server | nginx |
set-cookie | _csrf=hdB-X6AJOqJP_k9fK5RHzX4S; Path=/; HttpOnly; Secure
connect.sid=s%3AFUIWEuN5ZXPPLociicUzmBxS0aef9qPs.FLCe1uOmcBhU4cCb%2Fjnvx3Ouu%2BafVR9RsgX4kZqQQhc; Path=/; HttpOnly; Secure |
Strict-Transport-Security | max-age=2592000; includeSubdomains, max-age=63072000; includeSubdomains; preload |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Powered-By | Express |
X-XSS-Protection | 1; mode=block |
Connection | keep-alive |