'https://github.com/blog/1477-content-security-policy#bookmarklets'{'X-Served-

1. 'https://github.com/blog/1477-content-security-policy#bookmarklets'
2. {'X-Served-By': 'b9c2a2d2339d471239b174dbbc6d8be2', 'Server': 'GitHub.com', 'X-Frame-Options': 'deny', 'Set-Cookie': 'logged_in=no; domain=.github.com; path=/; expires=Thu, 25 Sep 2036 14:20:58 -0000; secure; HttpOnly, _gh_sess=eyJzZXNzaW9uX2lkIjoiYjExYjY2ODA1NzJjZTc5OWE1ZTgzNTBjZWMzMGY4NzMiLCJfY3NyZl90b2tlbiI6IktHNTNNMTdPN2ZYb25XeGNNODhwSTVDZUdYSTUwYitheE1mK0FPTng3d1E9In0%3D--9b86f7998956a48c0311c4279220f0087629009e; path=/; secure; HttpOnly', 'Vary': 'X-PJAX, Accept-Encoding', 'Date': 'Sun, 25 Sep 2016 14:20:58 GMT', 'X-Runtime': '0.115230', 'X-UA-Compatible': 'IE=Edge,chrome=1', 'Content-Security-Policy': "default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com www.youtube.com player.vimeo.com gist.github.com; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com", 'Public-Key-Pins': 'max-age=5184000; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="; pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains', 'X-GitHub-Request-Id': 'B0098972:358D:CFFCE70:57E7DD4A', 'X-Request-Id': 'e75ffe9425ed38c0a8105a8e7289b620', 'X-Content-Type-Options': 'nosniff', 'Content-Type': 'text/html; charset=utf-8', 'Strict-Transport-Security': 'max-age=31536000; includeSubdomains; preload', 'Content-Encoding': 'gzip', 'Cache-Control': 'no-cache', 'X-XSS-Protection': '1; mode=block', 'Status': '200 OK'}
3.  
4. 'https://www.flickr.com/photos/baldbrad/7134811991/'
5. {'X-Served-By': 'pprd1-node98-lh1.manhattan.bf1.yahoo.com', 'Server': 'ATS', 'X-Frame-Options': 'SAMEORIGIN', 'Set-Cookie': 'xb=458137; Domain=.flickr.com; Path=/; Expires=Mon, 25 Sep 2017 14:20:56 GMT, BX=2ieii7pbufna8&b=3&s=vs; expires=Sun, 25-Sep-2017 14:20:56 GMT; path=/; domain=.flickr.com', 'X-Instance': 'flickr.v1.production.manhattan.bf1.yahoo.com', 'Connection': 'keep-alive', 'Via': 'http/1.1 fts122.flickr.bf1.yahoo.com (ApacheTrafficServer [cMsSf ]), http/1.1 r18.ycpi.deb.yahoo.net (ApacheTrafficServer [cMsSf ])', 'Date': 'Sun, 25 Sep 2016 14:20:57 GMT', 'Content-Security-Policy': "default-src 'unsafe-inline' https://*.flickr.com https://*.flickr.net https://y-flickr.yahoo.com http://y-flickr.yahoo.com https://*.yimg.com https://*.braintreegateway.com https://*.kaptcha.com https://*.paypal.com https://*.conviva.com http://*.btrll.com http://api.flickr.com https://*.pinterest.com https://*.google-analytics.com; img-src data: blob: https://*.flickr.com https://*.flickr.net http://*.flickr.net https://*.staticflickr.com https://*.yimg.com https://*.yahoo.com https://*.cedexis.com https://*.cedexis-test.com https://*.cedexis-radar.net https://sb.scorecardresearch.com https://image.maps.api.here.com https://csync.yahooapis.com https://*.paypal.com https://*.pinterest.com http://*.static-alpha.flickr.com https://geo-um.btrll.com https://*.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.flickr.com http://*.flickr.net https://*.flickr.net https://*.yimg.com https://*.analytics.yahoo.com https://y-flickr.yahoo.com https://yep.video.yahoo.com https://video.media.yql.yahoo.com https://*.yahooapis.com https://fc.yahoo.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.cedexis.com https://*.cedexis-radar.net https://*.cedexis-test.com https://*.google-analytics.com; connect-src https://*.flickr.com https://*.flickr.net http://*.flickr.net https://*.yimg.com https://geo.query.yahoo.com https://*.yahooapis.com https://*.conviva.com http://api.flickr.com https://*.pinterest.com http://*.yahoo.com https://*.cedexis.com https://*.cedexis-radar.net https://*.cedexis-test.com; report-uri https://csp.flickr.com/beacon/csp?src=adsecflickr;", 'Pragma': 'no-cache', 'X-Powered-By': 'Express', 'X-Request-Id': 'f6cd5ef9', 'X-Content-Type-Options': 'nosniff', 'Content-Type': 'text/html; charset=utf-8', 'Age': '3', 'Content-Encoding': 'gzip', 'Cache-Control': 'no-cache, max-age=0, must-revalidate, no-store', 'X-XSS-Protection': '1; mode=block'}