x-xss-protection | 1; mode=block |
x-content-type-options | nosniff |
Content-Security-Policy | script-src 'self' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com https://www.youtube.com https://s.ytimg.com *.googletagmanager.com apis.google.com; img-src * data: blob:; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com *.youtube.com accounts.google.com apis.google.com plus.google.com *.doubleclick.net apis.google.com https://www.youtube.com; style-src 'self' fonts.googleapis.com *.gstatic.com storage.googleapis.com; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com; object-src 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com |
Expires | Sat, 01 Oct 2016 12:15:57 GMT |
Last-Modified | Sat, 01 Oct 2016 11:15:57 GMT |
strict-transport-security | max-age=2592000; includeSubDomains |
Cache-Control | max-age=3600 |
X-Frame-Options | SAMEORIGIN |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
X-Cloud-Trace-Context | 2e44e593a2ed7ae87f238b535378a492 |
Vary | Accept-Encoding |
Server | Google Frontend |
Transfer-Encoding | chunked |