Server | Apache |
Content-Security-Policy | default-src 'self' https://cdn.jsdelivr.net https://www.flickr.com; object-src https://www.flickr.com 'self'; script-src https://maps.googleapis.com https://use.fontawesome.com https://cacadets.org 'unsafe-eval' 'self' https://cdn.jsdelivr.net 'unsafe-inline'; font-src https://fonts.gstatic.com https://cdn.jsdelivr.net 'self'; connect-src 'self'; img-src https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://cacadets.org 'self'; style-src https://fonts.googleapis.com https://fonts.googleapis.com 'self' https://cacadets.org 'unsafe-inline' https://cdn.jsdelivr.net; frame-src 'self' https://strands.cacadets.org https://www.flickr.com |
X-XSS-Protection | 1; mode=block |
X-Permitted-Cross-Domain-Policies | master-only |
Pragma | no-cache |
Strict-Transport-Security | max-age=17776000 |
Public-Key-Pins | pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; max-age=60 |
Expires | -1, Sun, 19 Nov 1978 05:00:00 GMT |
Cache-Control | no-cache, no-store, must-revalidate, no-cache, must-revalidate |
X-Content-Type-Options | nosniff, nosniff |
Content-Language | en |
X-Frame-Options | SAMEORIGIN, SAMEORIGIN |
X-Generator | Drupal 7 (http://drupal.org) |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Transfer-Encoding | chunked |
Content-Type | text/html; charset=utf-8 |