| Server | Apache |
| Content-Security-Policy | default-src 'self' https://cdn.jsdelivr.net https://www.flickr.com; object-src https://www.flickr.com 'self'; script-src https://maps.googleapis.com https://use.fontawesome.com https://cacadets.org 'unsafe-eval' 'self' https://cdn.jsdelivr.net 'unsafe-inline'; font-src https://fonts.gstatic.com https://cdn.jsdelivr.net 'self'; connect-src 'self'; img-src https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://cacadets.org 'self'; style-src https://fonts.googleapis.com https://fonts.googleapis.com 'self' https://cacadets.org 'unsafe-inline' https://cdn.jsdelivr.net; frame-src 'self' https://strands.cacadets.org https://www.flickr.com |
| X-XSS-Protection | 1; mode=block |
| X-Permitted-Cross-Domain-Policies | master-only |
| Pragma | no-cache |
| Strict-Transport-Security | max-age=17776000 |
| Public-Key-Pins | pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; max-age=60 |
| Expires | -1, Sun, 19 Nov 1978 05:00:00 GMT |
| Cache-Control | no-cache, no-store, must-revalidate, no-cache, must-revalidate |
| X-Content-Type-Options | nosniff, nosniff |
| Content-Language | en |
| X-Frame-Options | SAMEORIGIN, SAMEORIGIN |
| X-Generator | Drupal 7 (http://drupal.org) |
| Keep-Alive | timeout=5, max=100 |
| Connection | Keep-Alive |
| Transfer-Encoding | chunked |
| Content-Type | text/html; charset=utf-8 |