Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Server: nginx/1.13.7
X-Powered-By: PHP/5.6.32
Referrer-Policy: origin-when-cross-origin
Cache-Control: no-cache
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Set-Cookie: laravel_session=eyJpdiI6IkJ6U2s3ZVwvQjdTamtncld2NnFoN1J3PT0iLCJ2YWx1ZSI6Ink4alp3VklJK1RxZlJhcnZ6SzljQjlTRWtIV1lrUUlLaUZqeEZ0amdqemF4aDdpeTlzZ0JObGs4VzdQb0JFYVZIRVIra3FxQTl6bU5xVTl3KzhISG9BPT0iLCJtYWMiOiI1MjAyOWFhMTAyN2QzMjZmMzBkYzQ1ZTZhYjJiYzdhMjMyMjMyZDA5MDhlMzRmNTYyY2UxNmE5N2I5Nzc3NTFmIn0%3D; expires=Thu, 23-Nov-2017 05:15:14 GMT; Max-Age=7200; path=/; httponly
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Date: Thu, 23 Nov 2017 03:15:14 GMT
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token
X-Xss-Protection: 1; mode=block
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImRFbk1RcE5DVG9saUtMaHU1OU4xS1E9PSIsInZhbHVlIjoiR0Q2MjAwS212ZnFzWTZvWXNmWE5YZjBVak9vNE5jekVjSmlQZkF3ejdzVUhHMUgwN2h1bXZlaFJuWkZtRU5zalM0U0l0T0ZMTTl5bUQ5ZUVYQytEb3c9PSIsIm1hYyI6ImJhZmJmMmRjNGVkMzcxNmRhNjIzNDNjMjc0OGMyZWEyODg5OTUxOTBhZDZiY2Q4ZTMxZTU2MmRlYWY3NWVlMmUifQ%3D%3D; expires=Thu, 23-Nov-2017 05:15:14 GMT; Max-Age=7200; path=/
Content-Security-Policy: default-src https: data:; style-src https: http://fonts.googleapis.com http://fonts.google.com 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data: 'unsafe-inline'