X-XSS-Protection: 1; mode=block
x-cache: MISS
Server: nginx
Date: Wed, 31 Jan 2018 00:51:45 GMT
HTTP/1.1 200 OK
Transfer-Encoding: chunked
expires: -1
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
x-cacheable: TRUE
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=UTF-8
X-Request-ID: 59b8bc2b-4f75-470f-95e7-58b62a7fd372
Set-Cookie: session=eyJpdiI6Imo5a1ZcL3huYWlrbmd5VW9XcXB5Sm5RPT0iLCJ2YWx1ZSI6ImZcL0ZISTBORWp3TkZxZnZSQlRMNzMxTlNVWG9cL0NOeXBKXC94SHdLNkd0emR0ZGozUUt0NjZzXC9lbW5LbUZZMTVpcXVPR3J6M0NUS3ZuQ1J2TDRudSsxUT09IiwibWFjIjoiY2UxNjBiZDFjZjFjZDlkOWNmNzEwMmYzZmNkZWUwZjY5NjgzMDhhMGU0YWMzMDE3YTE2NjA0NjAyY2U2YmU4ZCJ9; expires=Wed, 31-Jan-2018 02:51:45 GMT; Max-Age=7200; path=/; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-Permitted-Cross-Domain-Policies: master-only
Connection: keep-alive
X-Request-ID-Origin: app
X-Frame-Options: sameorigin
Vary: Accept-Encoding
pragma: no-cache
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ikk0ZmNkZjUzWHhGbXphT1EwZ0xld0E9PSIsInZhbHVlIjoia21FTDJtNHVMRTFpK1lmSzdoYUZVaTJkVldMU05yR0N3VUxEM1VFckhhUlozNFBkVTFhSithVkFuV1ZLVFA4RnRqMGNXeEZVbWhpNks5RWVvcTFpbkE9PSIsIm1hYyI6IjlhNTRkZjgwMTk1ZTM4MTRjNTllYTc3NmU5ZDQ3MDA0NmU4NDFmOTAxNmU0NjBiNTBmZmE3OGM0ZTcxMmMwZjQifQ%3D%3D; expires=Wed, 31-Jan-2018 02:51:45 GMT; Max-Age=7200; path=/; secure; HttpOnly
Content-Security-Policy: base-uri 'self'; block-all-mixed-content; connect-src 'self' https://*.dropr.io https://collect.cdlvr.net https://sentry.maxcld.net/api/; default-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src https://player.vimeo.com/video/ https://static.cdlvr.net https://video.dropr.io/embed/ https://www.youtube.com/embed/; img-src 'self' https://*.dropr.io/image/ https://*.g.doubleclick.net https://*.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com/ https://maps.gstatic.com https://media.werkenbijasvz.nl/image/ https://static.cdlvr.net https://www.google.com/ads/ https://www.google.nl/ads/; media-src 'self' https://*.dropr.io/video/ https://media.werkenbijasvz.nl/video/ https://static.cdlvr.net; object-src 'none'; report-uri /csp-violation; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://ajax.googleapis.com/ajax/libs/ https://cdn.ravenjs.com https://maps.google.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com