Vary: Accept-Encoding
Content-Security-Policy: script-src 'nonce-+DN/0kCtw311Q9I+LCVg' 'nonce-nOUDpALE26IqFjn24q0j' 'unsafe-eval' 'strict-dynamic'
Set-Cookie: cookie_notif=seen; expires=Tue, 31 May 2022 05:24:55 GMT; httponly; Path=/; secure
Set-Cookie: flash=; Domain=dropbox.com; expires=Thu, 01 Jun 2017 05:24:55 GMT; httponly; Path=/; secure
Set-Cookie: __Host-js_csrf=xm8eJMe3MiuO2nWk3EBnG_u_; expires=Sun, 31 May 2020 05:24:55 GMT; Path=/; secure
X-Server-Response-Time: 991
HTTP/1.1 200 OK
Cache-Control: no-cache
Set-Cookie: gvc=MTkxMTcwNzUyMTQxMDgzODQ1ODEzNDY3MzA2MTc5NDgwNDEyMDY%3D; expires=Tue, 31 May 2022 05:24:55 GMT; httponly; Path=/; secure
Content-Type: text/html; charset=utf-8
Set-Cookie: puc=; expires=Thu, 01 Jun 2017 05:24:55 GMT; httponly; Path=/; secure
Date: Thu, 01 Jun 2017 05:24:55 GMT
Server: nginx
X-Dropbox-Http-Protocol: None
Set-Cookie: __Host-ss=5zYFl6Kfrw; expires=Sun, 31 May 2020 05:24:55 GMT; httponly; Path=/; SameSite=strict; secure
Set-Cookie: t=xm8eJMe3MiuO2nWk3EBnG_u_; Domain=dropbox.com; expires=Sun, 31 May 2020 05:24:55 GMT; httponly; Path=/; secure
X-Frame-Options: SAMEORIGIN
Set-Cookie: bang=; Domain=dropbox.com; expires=Thu, 01 Jun 2017 05:24:55 GMT; httponly; Path=/; secure
X-Xss-Protection: 1; mode=block
Content-Security-Policy: script-src 'unsafe-eval' https://www.dropbox.com/static/compiled/js/ https://www.dropbox.com/static/javascript/ https://www.dropbox.com/static/api/ https://cfl.dropboxstatic.com/static/compiled/js/ https://www.dropboxstatic.com/static/compiled/js/ https://cfl.dropboxstatic.com/static/previews/ https://www.dropboxstatic.com/static/previews/ https://cfl.dropboxstatic.com/static/javascript/ https://www.dropboxstatic.com/static/javascript/ https://cfl.dropboxstatic.com/static/api/ https://www.dropboxstatic.com/static/api/ 'unsafe-inline' 'nonce-+DN/0kCtw311Q9I+LCVg' ; default-src 'none' ; worker-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; connect-src https://* ws://127.0.0.1:*/ws ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; form-action 'self' https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ ; base-uri 'self' api-stream.dropbox.com showbox-tr.dropbox.com ; img-src https://* data: blob: ; frame-src https://* carousel://* dbapi-6://* dbapi-7://* dbapi-8://* itms-apps://* itms-appss://* ; object-src https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ 'self' https://flash.dropboxstatic.com https://swf.dropboxstatic.com https://dbxlocal.dropboxstatic.com ; media-src https://* blob: ; font-src https://* data:
Vary: Accept-Encoding
Connection: keep-alive
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
Set-Cookie: locale=en; Domain=dropbox.com; expires=Tue, 31 May 2022 05:24:55 GMT; Path=/; secure
X-Dropbox-Request-Id: 4ac6b0dc2d3413b60beb8e689ee344c2
Transfer-Encoding: chunked
Pragma: no-cache