00; includeSubDomains
Content-Security-Policy: script-src 'self'; object-src 'self'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Feature-Policy: geolocation 'none'; microphone 'none'
Permissions-Policy: geolocation=(), microphone=()
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png