Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Content-Language: en Content-Security-Policy: default-src 'self'; script-src 'self' ssl.google-analytics.com *.gstatic.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' ssl.google-analytics.com; frame-src 'self' *.google.com; font-src fonts.gstatic.com; connect-src 'self' google.com; report-uri /admin/config/system/seckit/csp-report Content-Type: text/html; charset=utf-8 Date: Fri, 06 Oct 2017 06:21:39 GMT Expires: Sun, 19 Nov 1978 05:00:00 GMT Server: Apache Strict-Transport-Security: max-age=1000 Transfer-Encoding: chunked X-Content-Security-Policy: default-src 'self'; script-src 'self' ssl.google-analytics.com *.gstatic.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' ssl.google-analytics.com; frame-src 'self' *.google.com; font-src fonts.gstatic.com; connect-src 'self' google.com; report-uri /admin/config/system/seckit/csp-report X-Content-Type-Options: nosniff X-Frame-Options: SameOrigin X-Generator: Drupal 7 (http://drupal.org) X-Powered-By: PHP/5.3.3 X-Webkit-Csp: default-src 'self'; script-src 'self' ssl.google-analytics.com *.gstatic.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' ssl.google-analytics.com; frame-src 'self' *.google.com; font-src fonts.gstatic.com; connect-src 'self' google.com; report-uri /admin/config/system/seckit/csp-report