Content-Language: en
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Date: Mon, 19 Jun 2017 03:47:25 GMT
Content-Security-Policy: default-src 'self' https://accounts.google.com https://*.openstreetmap.org https://staticxx.facebook.com https://www.facebook.com https://apis.google.com https://staticx.facebook.com https://platform.twitter.com https://fonts.gstatic.com https://csi.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://*.openstreetmap.org https://fonts.gstatic.com https://ssl.google-analytics.com https://maps.google.com https://connect.facebook.net https://platform.twitter.com https://apis.google.com https://www.facebook.com https://csi.gstatic.com https://syndication.twitter.com https://maps.googleapis.com; img-src 'self' data: https://*.openstreetmap.org https://*.google.com https://ssl.gstatic.com https://csi.gstatic.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://platform.twitter.com https://apis.google.com https://www.facebook.com https://maps.google.com https://maps.gstatic.com https://fonts.gstatic.com https://syndication.twitter.com https://*.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.openstreetmap.org https://fonts.googleapis.com https://fonts.gstatic.com https://csi.gstatic.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://csi.gstatic.com; frame-src https://maps.google.com https://www.youtube.com https://apis.google.com https://accounts.google.com https://staticxx.facebook.com https://www.facebook.com https://staticx.facebook.com https://connect.facebook.net https://s-static.ak.facebook.com https://platform.twitter.com https://syndication.twitter.com https://fonts.gstatic.com https://csi.gstatic.com https://maps.gstatic.com; object-src 'none';
ETag: "26fa483-86-4d9d3abb5fc40"
Content-Type: text/html
Server: nginx
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Last-Modified: Mon, 08 Apr 2013 06:37:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Public-Key-Pins: pin-sha256="EbIKLSug2P1VrxHBuss6HXDPJM1kBfSUV26YdAscxEI="; pin-sha256="lJb7mOsOtt2qqWJy1wDvbaTo/4S6awjIgI3mE7GpBdk="; pin-sha256="4TD6eDDGMStLDHTGaHu2CCEX6TXWn3Wk2hR07c0a24w="; max-age=2592000; includeSubDomains
Content-Length: 134
Connection: keep-alive