Expect-CT: max-age=5; report-uri="https://pepeverde.report-uri.io/r/default/ct/reportOnly"
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload;
Date: Sat, 01 Jul 2017 18:11:58 GMT
Connection: keep-alive
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: nginx
X-UA-Compatible: IE=Edge
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=6kso0sqlakuurvj8pljgratkbojghqtj; path=/; secure; HttpOnly
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge
Content-Security-Policy-Report-Only: base-uri 'none'; default-src 'self' https://www.google.com; child-src https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://facebook.com https://plusone.google.com https://platform.twitter.com https://*.twimg.com; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://facebook.com https://plusone.google.com https://platform.twitter.com https://*.twimg.com; img-src 'self' https://www.google.com https://www.google.it https://www.google-analytics.com https://www.googleadservices.com https://*.gstatic.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.facebook.com https://connect.facebook.net/ https://bat.bing.com https://syndication.twitter.com https://*.twimg.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://www.google.com https://www.googleadservices.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.facebook.net https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://bat.bing.com 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://*.googleapis.com 'unsafe-inline'; report-uri https://pepeverde.report-uri.io/r/default/csp/reportOnly; upgrade-insecure-requests