Cache-Control | public, max-age=180 |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
Expires | Fri, 23 Feb 2018 04:39:39 GMT |
Last-Modified | Fri, 23 Feb 2018 04:36:39 GMT |
Vary | * |
Server | Microsoft-IIS/8.5 |
Content-Security-Policy | default-src 'self';script-src 'self' 'nonce-1D9sj5SH19L0EdVgoM6I' https://www.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net https://*.readspeaker.com;object-src 'self';style-src 'self' 'unsafe-inline' 'nonce-QhIQew6avYJnDqILtNrv' https://fonts.googleapis.com https://*.readspeaker.com;img-src 'self' data: img.niagarafallsmuseums.ca www.google-analytics.com *.gstatic.com stats.g.doubleclick.net *.googleapis.com *.google.com https://*.facebook.com https://*.readspeaker.com;media-src *.readspeaker.com;frame-src 'self' *.readspeaker.com https://maps.google.com https://maps.google.ca www.google.com www.youtube.com https://*.facebook.com;font-src 'self' null fonts.gstatic.com;connect-src 'self';base-uri 'self';form-action 'self' *.readspeaker.com;frame-ancestors 'self' www.facebook.com;upgrade-insecure-requests;block-all-mixed-content;report-uri /WebResource.axd?cspReport=true |
X-Frame-Options | SameOrigin |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
X-Download-Options | noopen |
Referrer-Policy | no-referrer, same-origin |
Strict-Transport-Security | max-age=31536000; includeSubdomains; preload |