Content-Security-Policy: script-src 'self' *.googleanalytics.com *.google-analytics.com maps.googleapis.com 'nonce-08oM6fVLi3CpDKmQ5javNVnpngWxIV8C' 'strict-dynamic'; default-src 'self' *.gstatic.com; img-src 'self' data: *.googleusercontent.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.googleapis.com; style-src 'self' fonts.googleapis.com *.gstatic.com 'nonce-0Z1Wx1X9jemQg/WHcHCkXhtUs7i5yR2M'; frame-src 'self' www.google.com accounts.google.com apis.google.com youtube.com *.youtube.com; object-src 'none'; connect-src 'self' *.google.com www.google-analytics.com; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com fonts.googleapis.com; report-uri /csp/report/
x-xss-protection: 1; mode=block
x-frame-options: DENY
strict-transport-security: max-age=2592000; includeSubDomains
Content-Type: text/html; charset=utf-8
Content-Language: en-gb
HTTP/1.1 200 OK
Vary: Cookie
Server: Google Frontend
Date: Wed, 21 Mar 2018 15:44:37 GMT
x-content-type-options: nosniff
X-Cloud-Trace-Context: bae18307a59e25bf8ded54ab5a82f911
Alt-Svc: hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35"
Content-Length: 20485