x-xss-protection | 1; mode=block |
Content-Language | en-us |
x-content-type-options | nosniff |
strict-transport-security | max-age=2592000; includeSubDomains |
Content-Security-Policy | script-src 'self' https://*.googleanalytics.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com/gtm.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://www.googleadservices.com http://ajax.googleapis.com http://127.0.0.1:35729/livereload.js; default-src 'self' https://*.gstatic.com; img-src 'self' data: https://s.ytimg.com https://*.googleusercontent.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net/r/collect; media-src 'self' https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://www.youtube.com https://accounts.google.com https://apis.google.com https://plus.google.com https://*.doubleclick.net; connect-src 'self' https://plus.google.com https://www.google-analytics.com ws://127.0.0.1:35729/livereload; font-src 'self' data: https://themes.googleusercontent.com https://*.gstatic.com https://*.gstatic.com |
x-frame-options | DENY |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
X-Cloud-Trace-Context | c07316e95cc10ee7c4c5ee6090792a19 |
Vary | Accept-Language, Cookie, Accept-Encoding |
Server | Google Frontend |
Cache-Control | private |
Alt-Svc | hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35" |
Transfer-Encoding | chunked |