Content-Security-Policy: media-src data: blob: *; default-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.ateli.net *.s3.amazonaws.com *.google.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net imasdk.googleapis.com s0.2mdn.net *.facebook.com *.facebook.net *.twitter.com *.line.me *.kakao.com *.reamaze.com *.reamaze.io *.pusher.com *.ateli.com; font-src data: blob: *; img-src data: blob: *
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Set-Cookie: session=.eJwNx0sOwiAUBdC93DGJ_ATKzDW4gAbqI2mkD0NhonHvembng_VF_UhMPBBHnySwnb2soz2JEaF09raE_FDek3ZLUNImo40pJkgt5dWTW6zLEKhtS5UQedYqMPaD3o3_x-3c0-VObVZ8f-lSIzA.DDl03w.y9pgOQYvZeuFxPyzKo9pII5M7UU; Domain=.ateli.com; Expires=Tue, 01-Aug-2017 18:01:03 GMT; Secure; HttpOnly; Path=/
Content-Length: 64365
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
Server: nginx
Date: Sat, 01 Jul 2017 18:01:03 GMT
X-Content-Security-Policy: media-src data: blob: *; default-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.ateli.net *.s3.amazonaws.com *.google.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net imasdk.googleapis.com s0.2mdn.net *.facebook.com *.facebook.net *.twitter.com *.line.me *.kakao.com *.reamaze.com *.reamaze.io *.pusher.com *.ateli.com; font-src data: blob: *; img-src data: blob: *