Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.google-analytics.com *.addthis.com *.sharethis.com connect.facebook.net use.typekit.net https://use.typekit.net http://use.typekit.net http://giftstest.com http://js.boxcast.com http://platform.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com *.workzonecam.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.addthis.com https://*.facebook.net https://*.facebook.com *.typekit.net use.typekit.net https://use.typekit.net http://use.typekit.net http://platform.twitter.com; img-src 'self' data: blob: *.como.com/* *.gofundme.com *.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.sharethis.com *.facebook.com https://stats.g.doubleclick.net *.w3.org *.addthis.com b.scorecardresearch.com pixel.mathtag.com *.addnxs.com *.mookie1.com p.typekit.net https://p.typekit.net ping.typekit.net https://ping.typekit.net http://feedburner.google.com https://recordings.boxcast.com https://syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com http://platform.twitter.com; media-src 'self' data: blob: https://*.boxcast.com; child-src 'self' data: blob: https://*.facebook.net https://*.facebook.com http://*.facebook.net http://*.facebook.com *.addthis.com *.sharethis.com http://www.youtube.com https://www.youtube.com cse.google.com https://secure2.authorize.net https://test.authorize.net *.vimeo.com https://spiritchurch.ccbchurch.com https://w.soundcloud.com https://spiritchurch.giftstest.com https://player.vimeo.com https://www.google.com/calendar/ https://calendar.google.com https://*.boxcast.com *.workzonecam.com https://*.twitter.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data: use.typekit.net https://use.typekit.net http://use.typekit.net https://js.boxcast.com; connect-src 'self' https://spiritchurch.tv https://spiritchurch.churchonline.org https://*.boxcast.com https://*.twitter.com;
X-Powered-By: PHP/5.5.38
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
HTTP/1.1 200 OK
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Accept-Ranges: none
Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: http://cse.google.com
Transfer-Encoding: chunked
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: Upgrade
Upgrade: h2,h2c
Cache-control: private
Pragma: no-cache
Content-Language: en-US
X-Content-Type-Options: nosniff
Date: Mon, 13 Nov 2017 15:03:14 GMT
Set-Cookie: PHPSESSID=umbi5evf8bd0ibguifn69dhqp3; path=/
Permitted-Cross-Domain-Policies: none
Server: Apache
XSS-Protection: 1; mode=block