Content-Security-Policy: default-src 'self'; frame-src 'self' calendar.google.com www.google.com accounts.google.com player.vimeo.com www.youtube.com s7.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: f.vimeocdn.com player.vimeo.com *.google-analytics.com graph.facebook.com piw.varndean.ac.uk platform.twitter.com cdn.syndication.twimg.com *.addthis.com m.addthisedge.com api.flickr.com; style-src 'self' 'unsafe-inline' platform.twitter.com; img-src 'self' data: *.twimg.com platform.twitter.com syndication.twitter.com www.google-analytics.com *.staticflickr.com piw.varndean.ac.uk; block-all-mixed-content; report-uri https://varndean.report-uri.io/r/default/csp/enforce
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Server: nginx
Cache-Control: public, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
HTTP/1.1 200 OK
Link: <https://varndean.ac.uk/>; rel="canonical",<https://varndean.ac.uk/>; rel="shortlink"
Vary: Cookie
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
Content-Language: en
Etag: "1497059792-0"
X-Frame-Options: SAMEORIGIN
Expect-CT: max-age=0; report-uri=https://varndean.report-uri.io/r/default/ct/reportOnly
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Connection: keep-alive
Last-Modified: Sat, 10 Jun 2017 01:56:32 GMT
Date: Sat, 10 Jun 2017 03:08:00 GMT
X-Drupal-Cache: HIT