x-xss-protection | 1; mode=block |
x-content-type-options | nosniff |
Content-Security-Policy | script-src 'self' apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google-analytics.com; default-src 'self' ssl.gstatic.com; img-src 'self' data: ssl.gstatic.com lh3.googleusercontent.com www.google-analytics.com www.google.com img.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src www.youtube.com; font-src fonts.gstatic.com; report-uri /csp/report/ |
strict-transport-security | max-age=2592000; includeSubDomains |
Content-Language | en |
X-Frame-Options | DENY |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
X-Cloud-Trace-Context | d0367a38bd31e83d2fd72619789bfbdb |
Vary | Accept-Language, Cookie, Accept-Encoding |
Server | Google Frontend |
Cache-Control | private |
Alt-Svc | quic=":443"; ma=2592000; v="39,38,37,35" |
Transfer-Encoding | chunked |