X-Content-Type-Options:nosniff
X-Xss-Protection:1; mode=block
Content-Security-Policy:default-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ajax.aspnetcdn.com code.jquery.com; object-src 'self'; img-src 'self' data:;