Server | Apache |
Strict-Transport-Security | max-age=86400 |
Public-Key-Pins | pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=600 |
X-Drupal-Cache | HIT |
Etag | "1519624909-1" |
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com connect.facebook.net platform.twitter.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://connect.facebook.net https://platform.twitter.com *.optnmstr.com https://*.optnmstr.com *.googleapis.com https://*.googleapis.com; object-src 'self' *.youtube.com youtube.com https://*.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com; img-src 'self' img.youtube.com stats.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.twitter.com external.xx.fbcdn.net *.googleapis.com https://img.youtube.com https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.twitter.com https://external.xx.fbcdn.net https://stats.g.doubleclick.net https://*.googleapis.com *.optnmstr.com https://*.optnmstr.com *.amazonaws.com https://*.amazonaws.com *.google.com https://*.google.com *.google.ca https://*.google.ca *.google.es https://*.google.es; frame-src 'self' www.smartsource.ca *.youtube.com *.facebook.com nam-prod-pe-public.s3.amazonaws.com https://www.smartsource.ca https://*.youtube.com https://*.facebook.com https://nam-prod-pe-public.s3.amazonaws.com *.twitter.com https://*.twitter.com; font-src 'self' fonts.gstatic.com https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.optnmstr.com https://*.optnmstr.com *.facebook.com https://*.facebook.com; report-uri /admin/config/system/seckit/csp-report |
X-Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com connect.facebook.net platform.twitter.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://connect.facebook.net https://platform.twitter.com *.optnmstr.com https://*.optnmstr.com *.googleapis.com https://*.googleapis.com; object-src 'self' *.youtube.com youtube.com https://*.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com; img-src 'self' img.youtube.com stats.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.twitter.com external.xx.fbcdn.net *.googleapis.com https://img.youtube.com https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.twitter.com https://external.xx.fbcdn.net https://stats.g.doubleclick.net https://*.googleapis.com *.optnmstr.com https://*.optnmstr.com *.amazonaws.com https://*.amazonaws.com *.google.com https://*.google.com *.google.ca https://*.google.ca *.google.es https://*.google.es; frame-src 'self' www.smartsource.ca *.youtube.com *.facebook.com nam-prod-pe-public.s3.amazonaws.com https://www.smartsource.ca https://*.youtube.com https://*.facebook.com https://nam-prod-pe-public.s3.amazonaws.com *.twitter.com https://*.twitter.com; font-src 'self' fonts.gstatic.com https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.optnmstr.com https://*.optnmstr.com *.facebook.com https://*.facebook.com; report-uri /admin/config/system/seckit/csp-report |
X-WebKit-CSP | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com connect.facebook.net platform.twitter.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://connect.facebook.net https://platform.twitter.com *.optnmstr.com https://*.optnmstr.com *.googleapis.com https://*.googleapis.com; object-src 'self' *.youtube.com youtube.com https://*.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com; img-src 'self' img.youtube.com stats.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.twitter.com external.xx.fbcdn.net *.googleapis.com https://img.youtube.com https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.twitter.com https://external.xx.fbcdn.net https://stats.g.doubleclick.net https://*.googleapis.com *.optnmstr.com https://*.optnmstr.com *.amazonaws.com https://*.amazonaws.com *.google.com https://*.google.com *.google.ca https://*.google.ca *.google.es https://*.google.es; frame-src 'self' www.smartsource.ca *.youtube.com *.facebook.com nam-prod-pe-public.s3.amazonaws.com https://www.smartsource.ca https://*.youtube.com https://*.facebook.com https://nam-prod-pe-public.s3.amazonaws.com *.twitter.com https://*.twitter.com; font-src 'self' fonts.gstatic.com https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.optnmstr.com https://*.optnmstr.com *.facebook.com https://*.facebook.com; report-uri /admin/config/system/seckit/csp-report |
X-Content-Type-Options | nosniff, nosniff |
X-Frame-Options | SameOrigin |
Content-Language | fr |
X-Generator | Drupal 7 (http://drupal.org) |
Cache-Control | public, max-age=1800 |
Last-Modified | Mon, 26 Feb 2018 06:01:49 GMT |
Expires | Sun, 19 Nov 1978 05:00:00 GMT |
Vary | Cookie,Accept-Encoding |
Content-Encoding | gzip |
X-XSS-Protection | 1; mode=block |
Keep-Alive | timeout=15, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=utf-8 |