X-XSS-Protection | 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube |
P3P | CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." |
X-Frame-Options | SAMEORIGIN |
Content-Encoding | gzip |
Content-Security-Policy | connect-src https:; default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src https: data:; media-src https: blob:; report-uri /csp_204?t=ehttps&vcs=ef07f335c9a525dc41e16b09dcb90792&plabel=youtube_20170227_0_RC4&pcl=148832068 |
Strict-Transport-Security | max-age=31536000 |
Content-Type | text/html; charset=utf-8 |
X-Content-Type-Options | nosniff |
Cache-Control | no-cache |
Expires | Tue, 27 Apr 1971 19:44:06 EST |
Server | YouTubeFrontEnd |
Alt-Svc | quic=":443"; ma=2592000; v="36,35,34" |
Transfer-Encoding | chunked |