x-xss-protection | 1; mode=block |
Content-Security-Policy | script-src 'self' *.googleanalytics.com *.google-analytics.com maps.googleapis.com 'nonce-zbqkkMR8l06PQJ+yN5mfjSWCDNYgRIEe' 'strict-dynamic'; default-src 'self' *.gstatic.com; img-src 'self' data: *.googleusercontent.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.googleapis.com; style-src 'self' fonts.googleapis.com *.gstatic.com 'nonce-QvUi/ph4XR9x6CCpjjgnzR9MUe0imM6F'; frame-src 'self' www.google.com accounts.google.com apis.google.com youtube.com *.youtube.com; object-src 'none'; connect-src 'self' *.google.com www.google-analytics.com; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com fonts.googleapis.com; report-uri /csp/report/ |
x-content-type-options | nosniff |
strict-transport-security | max-age=2592000; includeSubDomains |
Content-Language | en-gb |
x-frame-options | DENY |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
X-Cloud-Trace-Context | efd27d5117aefc3d3e1f5a310876adbd |
Vary | Cookie, Accept-Encoding |
Server | Google Frontend |
Cache-Control | private |
Alt-Svc | hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35" |
Transfer-Encoding | chunked |