lobste.rs
HTTP check results
HTTP Response Headers
alt-svc
h3=":443"; ma=2592000
cache-control
max-age=0, private, must-revalidate
content-encoding
zstd
content-security-policy
default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self' 'nonce-6pb5hxs7D72N5/rTnL/Q0A=='; style-src 'self' 'unsafe-inline'
content-type
text/html; charset=utf-8
etag
W/"6de64774d7d586ba10312c624fa31971"
feature-policy
accelerometer 'none'; autoplay 'none'; ambient-light-sensor 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; idle-detection 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; screen-wake-lock 'none'; serial 'none'; sync-xhr 'none'; usb 'none'; web-share 'none'
link
</assets/application-27162bd9.css>; rel=preload; as=style; nopush,</assets/system-system-fd030c9d.css>; rel=preload; as=style; nopush,</assets/tom-select-00e8031d.css>; rel=preload; as=style; nopush,</assets/TomSelect_remove_button-4d5c34b9.css>; rel=preload; as=style; nopush
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 Caddy
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
bdcf0fa8-1145-4786-b84c-274870146aa0
x-xss-protection
0
date
Mon, 06 Apr 2026 03:08:56 GMT
Security Headers
strict-transport-security
content-security-policy
x-content-type-options
x-frame-options
x-xss-protection
referrer-policy
permissions-policy