Accept-Ranges: bytes Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Content-Length: 44230 Content-Security-Policy: script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com https://s.ytimg.com https://sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://bat.bing.com; img-src 'self' data: https://www.google-analytics.com/ https://*.gstatic.com https://*.googleapis.com https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.at/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.no/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ch/ads/ga-audiences https://www.google.se/ads/ga-audiences https://cdn.shopify.com https://stats.g.doubleclick.net https://t.co https://bat.bing.com; media-src 'self' data: https://*.googleapis.com; report-uri https://csp-central.appspot.com/report_csp; connect-src 'self' https://www.google-analytics.com https://orders.spectacles.com https://eur-en.orders.spectacles.com https://eur-fr.orders.spectacles.com https://eur-it.orders.spectacles.com https://eur-de.orders.spectacles.com https://eur-es.orders.spectacles.com https://eur-nl.orders.spectacles.com https://chf-de.orders.spectacles.com https://chf-fr.orders.spectacles.com https://gbp-en.orders.spectacles.com; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com Content-Type: text/html; charset=UTF-8 Date: Thu, 05 Oct 2017 10:37:14 GMT Expires: Thu, 05 Oct 2017 10:37:14 GMT Last-Modified: Thu, 28 Sep 2017 04:16:25 GMT Server: Google Frontend Set-Cookie: sw-locale-detected=en-US Status: 200 Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Cloud-Trace-Context: 64dea97db26e46ec3a10452875c33f3a X-Frame-Options: SAMEORIGIN