Content-Security-Policy: script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com https://www.youtube.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com 'strict-dynamic' 'sha256-tT0bFUTT13GiCuf1HWnoZqHNj81262SkgRMmReUnd0U=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-VYh+xiSqo4QzOSUckJBCHDIBNNBdxwG2PIIevxRqeh4='; img-src * data: blob:; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com *.youtube.com accounts.google.com apis.google.com plus.google.com *.doubleclick.net apis.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com; object-src 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com; base-uri 'none'
strict-transport-security: max-age=2592000; includeSubDomains
Cache-Control: max-age=3600
Expires: Sun, 02 Jul 2017 02:01:44 GMT
X-Frame-Options: SAMEORIGIN
x-xss-protection: 1; mode=block
HTTP/1.1 200 OK
Last-Modified: Sun, 02 Jul 2017 01:01:44 GMT
Date: Sun, 02 Jul 2017 01:14:29 GMT
X-Cloud-Trace-Context: eda781145eeb25e3afcc59bfe2c153fc
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 21560
Server: Google Frontend