x-xss-protection | 1; mode=block |
Content-Security-Policy | script-src 'self' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.ytimg.com *.youtube.com maps.googleapis.com *.maps.gstatic.com *.google.com *.gstatic.com; default-src 'self' *.gstatic.com; img-src 'self' data: storage.googleapis.com stats.g.doubleclick.net s.ytimg.com lh3.googleusercontent.com *.gstatic.com *.google-analytics.com *.google.com maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com lh3.googleusercontent.com; frame-src 'self' www.google.com www.youtube.com accounts.google.com apis.google.com plus.google.com maps.gstatic.com maps.googleapis.com google.com gstatic.com lh3.googleusercontent.com; connect-src 'self' plus.google.com www.google-analytics.com lh3.googleusercontent.com; font-src 'self' themes.googleusercontent.com *.gstatic.com lh3.googleusercontent.com; report-uri /csp/report/ |
x-content-type-options | nosniff |
x-frame-options | DENY |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
Vary | Cookie, Accept-Encoding |
Server | Google Frontend |
Cache-Control | private |
Alt-Svc | quic=":443"; p="1"; ma=604800 |
Expires | Thu, 05 Nov 2015 23:27:14 GMT |
Transfer-Encoding | chunked |