Content-Type | text/html; charset=utf-8 |
Cache-Control | no-cache |
X-Frame-Options | DENY |
Strict-Transport-Security | max-age=2592000; includeSubdomains |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Content-Security-Policy | script-src 'self' https://www.google-analytics.com/analytics.js https://maps.googleapis.com https://www.youtube.com http://www.youtube.com https://s.ytimg.com https://platform.twitter.com https://apis.google.com/js/platform.js 'unsafe-inline' https://connect.facebook.net/en_US/sdk.js http://connect.facebook.net/en_US/sdk.js ; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' *.googleapis.com https://*.gstatic.com ; object-src 'none'; default-src 'self' https://*.gstatic.com https://maps.googleapis.com/*; frame-src 'self' https://www.google.com https://www.youtube.com http://www.youtube.com http://staticxx.facebook.com/ https://staticxx.facebook.com/ ; img-src 'self' maps.gstatic.com csi.gstatic.com *.googleapis.com https://lh3.googleusercontent.com i.ytimg.com https://www.facebook.com/impression.php/ https://www.google-analytics.com/ ; child-src 'self' https://www.google.com https://www.youtube.com http://www.youtube.com content.googleapis.com apis.google.com ; font-src 'self' https://themes.googleusercontent.com https://*.gstatic.com; report-uri /csp |
Content-Encoding | gzip |
X-Cloud-Trace-Context | bb839dcc9074dba66382ea7157640239 |
Vary | Accept-Encoding |
Server | Google Frontend |
Alt-Svc | quic=":443"; ma=2592000; v="39,38,37,35" |
Transfer-Encoding | chunked |