Cache-Control: max-age=0, private, must-revalidate
Content-Security-Policy: default-src 'self'; child-src 'self' platform.twitter.com staticxx.facebook.com http://www.facebook.com https://fast.wistia.net https://player.vimeo.com https://www.facebook.com https://www.youtube.com; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://app.intercom.io https://app.intercom.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io https://alexandria-api.internal.intercom.io; font-src data: https:; img-src data: blob: https: http:; media-src data: blob: https:; object-src 'self' static.intercomassets.com; script-src 'self' connect.facebook.net platform.twitter.com static.intercomassets.com googleadservices.com googletagmanager.com google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://www.google-analytics.com 'nonce-8+DReseV/Mus72cPwJFiR7CYiGA2fsSTT59OQdaua9o='; style-src 'self' 'unsafe-inline' static.intercomassets.com static.intercomcdn.com marketing.intercomassets.com marketing.intercomcdn.com; report-uri https://app.getsentry.com/api/78262/csp-report/?sentry_key=b1a921ff303348079cbfcc760f7e790d
Server: nginx
X-Runtime: 0.334546
Date: Sun, 03 Dec 2017 15:49:08 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Request-Id: b03k8hl0qkt6f24h27cg
Status: 200 OK
Content-Type: text/html; charset=utf-8
ETag: W/"4dfc3442d138fac587d3ac1712f310b5"
HTTP/1.1 200 OK
Connection: keep-alive
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN