Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
X-Frame-Options | SAMEORIGIN |
Content-Security-Policy | default-src 'self' ; img-src 'self' https://lastpass.com data: https://ssl.google-analytics.com https://www.google-analytics.com https://img.youtube.com https://googleads.g.doubleclick.net https://www.google.com ; object-src 'self' http://*.googlevideo.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://www.google.com http://youtube.googleapis.com; connect-src 'self' https://lastpass.com wss://*.lastpass.com https://pollserver.lastpass.com https://loglogin.lastpass.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://lastpass.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://lastpass.com https://www.youtube.com https://*.ytimg.com ; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://lastpass.com ; frame-src 'self' https://www.youtube.com https://*.ytimg.com https://ssl.gstatic.com https://www.google.com https://www.youtube.com |
X-Content-Security-Policy | allow 'self' 'self' https://lastpass.com wss://*.lastpass.com https://pollserver.lastpass.com https://loglogin.lastpass.com ; img-src 'self' https://lastpass.com data: https://ssl.google-analytics.com https://www.google-analytics.com https://img.youtube.com https://googleads.g.doubleclick.net https://www.google.com ; object-src 'self' http://*.googlevideo.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://www.google.com http://youtube.googleapis.com; frame-src 'self' https://www.youtube.com https://*.ytimg.com https://ssl.gstatic.com https://www.google.com https://www.youtube.com ; options inline-script eval-script |
P3P | CP="NON DSP COR CUR OUR LEG PHY COM" |
Server | LastPass |
Strict-Transport-Security | max-age=86400000 |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Content-Encoding | gzip |