content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://api.paypal.com/v1/oauth2/login https://api.sandbox.paypal.com/v1/oauth2/login; X-XSS-Protection: 0 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Content-Type-Options: nosniff X-Frame-Options: DENY X-FB-Debug: Z7jfkUOTfLld+0aYk5jUuHsx6/ftK9sowi7+n7gGNy4gmu8pGsXatRq8EXeB74huKn9cZ/4/WvgyHm41/QqH4w== Cache-Control: private, no-cache, no-store, must-revalidate Pragma: no-cache Date: Wed, 14 Feb 2018 03:26:31 GMT Expires: Sat, 01 Jan 2000 00:00:00 GMT HTTP/1.1 200 OK Strict-Transport-Security: max-age=15552000; preload Vary: Accept-Encoding