Date: Sun, 14 May 2017 13:12:43 GMT
Connection: keep-alive
Content-Security-Policy: default-src 'self'; script-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://translate.google.com/translate_a/ 'unsafe-eval' https://translate.googleapis.com/translate_static/js/ https://translate.googleapis.com/translate_static/js/element/ https://translate.googleapis.com/translate_a/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; style-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://translate.googleapis.com/translate_static/css/ 'unsafe-inline' https://bbox.blackbaudhosting.com/webforms/ https://fonts.googleapis.com/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; img-src 'self' https://www.google-analytics.com/ https://www.gstatic.com/images/ https://www.google.com/images/ https://translate.googleapis.com/translate_static/ https://bbox.blackbaudhosting.com/webforms/images/ data: https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; frame-src 'self' https://bbox.blackbaudhosting.com/webforms/custom/mongo/scripts/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://w.soundcloud.com/player/; font-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ data: https://fonts.gstatic.com/s/opensans/v13/; connect-src 'self' https://svc.webspellchecker.net/spellcheck31/script/; report-uri /admin/config/system/seckit/csp-report
X-Age: 132
X-Cache-Hits: 3
X-WebKit-CSP: default-src 'self'; script-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://translate.google.com/translate_a/ 'unsafe-eval' https://translate.googleapis.com/translate_static/js/ https://translate.googleapis.com/translate_static/js/element/ https://translate.googleapis.com/translate_a/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; style-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://translate.googleapis.com/translate_static/css/ 'unsafe-inline' https://bbox.blackbaudhosting.com/webforms/ https://fonts.googleapis.com/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; img-src 'self' https://www.google-analytics.com/ https://www.gstatic.com/images/ https://www.google.com/images/ https://translate.googleapis.com/translate_static/ https://bbox.blackbaudhosting.com/webforms/images/ data: https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; frame-src 'self' https://bbox.blackbaudhosting.com/webforms/custom/mongo/scripts/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://w.soundcloud.com/player/; font-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ data: https://fonts.gstatic.com/s/opensans/v13/; connect-src 'self' https://svc.webspellchecker.net/spellcheck31/script/; report-uri /admin/config/system/seckit/csp-report
Last-Modified: Sun, 14 May 2017 13:06:07 GMT
P3P: CP="CURa ADMa OUR UNI INT STA PRE COM NAV NOI COR ONL"
Cache-Control: public, max-age=7
X-Content-Security-Policy: default-src 'self'; script-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://translate.google.com/translate_a/ 'unsafe-eval' https://translate.googleapis.com/translate_static/js/ https://translate.googleapis.com/translate_static/js/element/ https://translate.googleapis.com/translate_a/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; style-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://translate.googleapis.com/translate_static/css/ 'unsafe-inline' https://bbox.blackbaudhosting.com/webforms/ https://fonts.googleapis.com/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; img-src 'self' https://www.google-analytics.com/ https://www.gstatic.com/images/ https://www.google.com/images/ https://translate.googleapis.com/translate_static/ https://bbox.blackbaudhosting.com/webforms/images/ data: https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/; frame-src 'self' https://bbox.blackbaudhosting.com/webforms/custom/mongo/scripts/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://w.soundcloud.com/player/; font-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ data: https://fonts.gstatic.com/s/opensans/v13/; connect-src 'self' https://svc.webspellchecker.net/spellcheck31/script/; report-uri /admin/config/system/seckit/csp-report
X-Content-Type-Options: nosniff
X-AH-Environment: 01live
Link: <https://www.nfsa.gov.au/>; rel="canonical",<https://www.nfsa.gov.au/>; rel="shortlink"
HTTP/1.1 200 OK
Server: nginx
Content-Length: 37478
X-Generator: Drupal 7 (http://drupal.org) + govCMS (http://govcms.gov.au)
Expires: Sun, 14 May 2017 13:12:50 GMT
X-Frame-Options: SameOrigin
X-Request-ID: v-180708a2-38a6-11e7-8c92-22000a169b74
ETag: "1494767167-1"
From-Origin: same
Content-Language: en
Content-Type: text/html; charset=utf-8
X-Varnish: 855547169 855545966
X-Drupal-Cache: MISS
Strict-Transport-Security: max-age=1000