Content-Security-Policy | script-src 'self' 'unsafe-eval'; img-src 'self' https://storage.googleapis.com data: blob: *.gravatar.com; default-src 'self'; frame-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline'; media-src 'self'; object-src 'none'; connect-src 'self' *.wagtail.io; font-src 'self' *.gstatic.com; base-uri 'self' |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
Expires | Fri, 09 Feb 2018 21:52:19 GMT |
Cache-Control | public, max-age=600 |
ETag | "hwYzdg" |
X-Cloud-Trace-Context | 2a0ffb342766086f3c8071617724cdb7 |
Content-Type | text/html |
Content-Encoding | gzip |
Server | Google Frontend |
Transfer-Encoding | chunked |