Vary | Accept-Encoding |
Content-Encoding | gzip |
Content-Type | text/html |
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://s.ytimg.com s.ytimg.com www.google-analytics.com www.googleadservices.com www.youtube.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com https://www.google.com s.ytimg.com www.google.com; img-src 'self' *.google.com *.googleapis.com *.gstatic.com *.ytimg.com data: https://*.gstatic.com https://*.ytimg.com https://stats.g.doubleclick.net https://yt3.ggpht.com stats.g.doubleclick.net www.google-analytics.com yt3.ggpht.com; frame-src 'self' *.doubleclick.net *.google.com content.googleapis.com https://*.doubleclick.net https://*.google.com https://content.googleapis.com https://incentiveswidget.appspot.com https://www.google.co.jp https://www.youtube.com incentiveswidget.appspot.com www.google.co.jp www.youtube.com; font-src fonts.gstatic.com; connect-src 'self' ajax.googleapis.com https://ajax.googleapis.com services.google.com; report-uri /csp_204?t=estatic |
Expires | Sat, 07 Nov 2015 18:15:27 GMT |
Cache-Control | public, max-age=0 |
Last-Modified | Wed, 07 Oct 2015 22:15:00 GMT |
X-Content-Type-Options | nosniff |
Server | sffe |
X-XSS-Protection | 1; mode=block |