Referrer-Policy: strict-origin-when-cross-origin
HTTP/1.1 200 OK
Timing-Allow-Origin: *
Upgrade: h2,h2c
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, private
Content-Security-Policy: script-src 'self' data: 'unsafe-inline' *.klarna.com *.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com www.googleadservices.com connect.facebook.net cdn.polyfill.io
Server: Apache
X-Content-Type-Options: nosniff
Connection: Upgrade
X-FRAME-OPTIONS: SAMEORIGIN
Transfer-Encoding: chunked
Expires: Fri, 23 Mar 2018 12:31:12 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-UA-Compatible: IE=edge
Set-Cookie: XSRF-TOKEN=eyJpdiI6InpqY0NCenBhOHdIRmxXWjhJK2tkbnc9PSIsInZhbHVlIjoiTUJCK2ppQWowUXU2cjUyM0NralllN1VBNFpxWXlQcDZmNHdzaldyVDcydzRSWUJUZE1hcFZSc25OejVKSGlKT1N2OGZEeDFtSmIwNWoyN3FDUHFOOEE9PSIsIm1hYyI6IjAxNDAxMDc2NzFjY2U3ZmQ5M2NkMDEwM2MwMjVjN2RiMWVhYzlmMGQ2OWM1NWY1MTBmZTViOWRkMzZiZmY3YTMifQ%3D%3D; expires=Fri, 23-Mar-2018 14:31:12 GMT; Max-Age=7200; path=/; secure
Cache-Control: max-age=0
Date: Fri, 23 Mar 2018 12:31:12 GMT
Set-Cookie: merch_session=eyJpdiI6IjFNZ3NTQ1FIdWRBdko0S0hjXC9nMXRnPT0iLCJ2YWx1ZSI6IjlzdXBVTXBLRnpWVE1BMEJJeDI0YnROeGJreXpqVTdjcTlpamhwbmdqUW55cm1YUlkydE1IT0t4YmE1Ym9hOGZaTTY1MXl2SjRxRkhiNmhoMjNOeXJRPT0iLCJtYWMiOiIyZjdjN2I1MDJiNGIxZWI5N2FkNTM1NWVmM2M3MmEyNGJlY2ZmMDAzZDBkZTlmNDc2ZDNlZjU5YzA5MGY5MmIzIn0%3D; path=/; secure; HttpOnly
X-XSS-Protection: 1; mode=block