Strict-Transport-Security: max-age=2592000; includeSubdomains
Date: Sat, 10 Mar 2018 04:47:44 GMT
X-Frame-Options: DENY
Content-Security-Policy: script-src 'self' https://www.googleapis.com https://apis.google.com *.googleanalytics.com *.google-analytics.com https://stats.g.doubleclick.net https://accounts.google.com https://www.youtube.com https://s.ytimg.com https://www.google.com 'unsafe-eval'; img-src 'self' data: *.gstatic.com https://img.youtube.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://storage.googleapis.com/yt-reach-data.appspot.com/; report-uri /csp; default-src 'self'; font-src 'self' themes.googleusercontent.com fonts.gstatic.com; frame-src 'self' *.google.com www.youtube.com *.googleapis.com https://accounts.google.com https://apis.google.com https://content.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://www.google.com https://ajax.googleapis.com
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"
X-Content-Type-Options: nosniff
Content-Length: 1001
Cache-Control: no-cache
Server: Google Frontend
X-Cloud-Trace-Context: 66a2a74603d31a27a9f8659df7340917
HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=utf-8
WWW-Authenticate: Basic realm="Secure Area"
X-XSS-Protection: 1; mode=block