Vary: Accept-Encoding
Content-Security-Policy: default-src 'self'; frame-src 'self' calendar.google.com www.google.com accounts.google.com player.vimeo.com www.youtube.com s7.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: f.vimeocdn.com player.vimeo.com *.google-analytics.com graph.facebook.com piw.varndean.ac.uk platform.twitter.com cdn.syndication.twimg.com *.addthis.com m.addthisedge.com api.flickr.com; style-src 'self' 'unsafe-inline' platform.twitter.com; img-src 'self' data: *.twimg.com platform.twitter.com syndication.twitter.com www.google-analytics.com *.staticflickr.com piw.varndean.ac.uk; block-all-mixed-content; report-uri https://varndean.report-uri.io/r/default/csp/enforce
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Link: <https://varndean.ac.uk/>; rel="canonical",<https://varndean.ac.uk/>; rel="shortlink"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
X-XSS-Protection: 1; mode=block
X-Drupal-Cache: HIT
Vary: Cookie
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Etag: "1497059792-0"
Content-Language: en
Expect-CT: max-age=0; report-uri=https://varndean.report-uri.io/r/default/ct/reportOnly
Connection: keep-alive
Cache-Control: public, max-age=0
X-Content-Type-Options: nosniff
Date: Sat, 10 Jun 2017 03:08:00 GMT
Last-Modified: Sat, 10 Jun 2017 01:56:32 GMT
Referrer-Policy: strict-origin-when-cross-origin