X-Cache-Hits: 0
Vary: Accept-Encoding, Accept-Encoding, X-Chorus-Unison-Testing, Origin, X-Forwarded-Proto, X-Chorus-Unison-Testing
Server: nginx
Set-Cookie: _chorus_geoip_continent=EU; expires=Tue, 12 Sep 2017 11:20:47 GMT; path=/;
Age: 82
X-XSS-Protection: 1; mode=block
Via: 1.1 varnish-v4
Pragma: no-cache
X-Served-By: cache-ams4435-AMS
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
X-Runtime: 0.388954
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Timer: S1505128847.558733,VS0,VE706
X-Request-Id: b904d1c072330621c426c373c6afc19c24974faf
X-Cache: MISS
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://recode.report-uri.io/r/default/csp/enforce
Via: 1.1 varnish
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Strict-Transport-Security: max-age=7776000
Cache-Control: max-age=0, must-revalidate
Content-Length: 278098
Date: Mon, 11 Sep 2017 11:20:47 GMT
Connection: close
Content-Security-Policy-Report-Only: default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://recode.report-uri.io/r/default/csp/reportOnly