Cache-Control | no-cache, no-store, must-revalidate, private |
Content-Encoding | gzip |
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com/ https://maps.googleapis.com/ http://www.google-analytics.com/ https://ssl.google-analytics.com/ https://ajax.googleapis.com/ http://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' data: https://csi.gstatic.com/ https://dashboard.umbraco.org/ http://dashboard.umbraco.org/ https://umbraco.tv/ http://umbraco.tv/ https://www.gravatar.com/ http://www.gravatar.com/ http://www.google-analytics.com/ https://ssl.google-analytics.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://gallery.mailchimp.com/; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.youtube.com/; connect-src 'self' ; |
Content-Type | text/html; charset=utf-8 |
Expires | -1 |
Pragma | no-cache |
Strict-Transport-Security | max-age=15552000 |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
Connection | keep-alive |