HTTP/1.1 200 OKx-xss-protection: 1; mode=blockx-content-type-options: nosniffContent-Security-Policy: script-src 'self' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com https://www.youtube.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com; img-src * data: blob:; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com *.youtube.com accounts.google.com apis.google.com plus.google.com *.doubleclick.net apis.google.com https://www.youtube.com; style-src 'self' fonts.googleapis.com *.gstatic.com storage.googleapis.com; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com; object-src 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.comstrict-transport-security: max-age=2592000; includeSubDomainsPragma: PublicCache-Control: publicX-Frame-Options: SAMEORIGINContent-Type: text/html; charset=utf-8X-Cloud-Trace-Context: c7e9efcb2eae3e92da56baac86880c32;o=1Date: Wed, 01 Mar 2017 16:28:25 GMTServer: Google FrontendTransfer-Encoding: chunked