strict-transport-security | max-age=2592000; includeSubDomains |
Content-Security-Policy | script-src 'self' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com www.google.com *.doubleclick.net; default-src 'self' *.gstatic.com; img-src 'self' data: s.ytimg.com *.googleusercontent.com *.gstatic.com *.google-analytics.com www.google.com *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.googleapis.com; frame-src 'self' www.google.com www.youtube.com accounts.google.com apis.google.com plus.google.com; connect-src 'self' plus.google.com www.google-analytics.com services.google.com; font-src 'self' data: themes.googleusercontent.com *.gstatic.com; report-uri /csp/report/ |
x-content-type-options | nosniff |
Expires | Fri, 18 Aug 2017 11:52:25 GMT |
Last-Modified | Fri, 18 Aug 2017 11:50:18 GMT |
x-xss-protection | 1; mode=block |
Cache-Control | max-age=600 |
x-frame-options | DENY |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
X-Cloud-Trace-Context | 195d04f881925e140ce162bc59e60e05 |
Vary | Cookie, Accept-Encoding |
Server | Google Frontend |
Alt-Svc | quic=":443"; ma=2592000; v="39,38,37,35" |
Transfer-Encoding | chunked |