Content-Type | text/html; charset=utf-8 |
Cache-Control | no-cache |
X-Frame-Options | DENY |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Access-Control-Allow-Origin | * |
Access-Control-Allow-Credentials | true |
Access-Control-Allow-Methods | GET, POST, OPTIONS |
Content-Security-Policy | script-src 'self' https://www.google-analytics.com/analytics.js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://apis.google.com 'unsafe-eval' 'sha256-ZJOHCR/utq83DsnTiFcuKjH3nsBWs9IG5EOJ/4htaT0=' https://connect.facebook.net http://connect.facebook.net https://*.facebook.com; img-src 'self' data: https://storage.googleapis.com https://*.facebook.com https://www.google-analytics.com; media-src 'self' blob:; child-src 'self' https://www.google.com https://www.youtube.com blob:; object-src 'none'; default-src 'self'; font-src 'self' https://themes.googleusercontent.com data: https://*.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com https://accounts.google.com http://*.facebook.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.gstatic.com; report-uri /csp |
Content-Encoding | gzip |
X-Cloud-Trace-Context | b780771c85b4e99300d656b445f74d7e |
Vary | Accept-Encoding |
Server | Google Frontend |
Alt-Svc | quic=":443"; ma=2592000; v="34,33,32,31,30,29,28,27,26,25" |
Transfer-Encoding | chunked |