Connection: keep-alive
Content-Security-Policy: default-src * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.twitter.com https://*.twitter.com http://*.google.com http://*.google.hu http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com https://*.google.com https://*.google.hu http://*.google-analytics.com https://*.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net https://*.googleadservices.com http://*.googleadservices.com http://*.schema.org https://*.schema.org http://*.w3.org https://*.w3.org http://*.googletagmanager.com https://*.googletagmanager.com http://*.ampproject.org https://*.ampproject.org; style-src 'unsafe-inline' *
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-XSS-Protection: 1; mode=block
HTTP/1.1 200 OK
X-Powered-By: PHP/7.1.15
X-UA-Compatible: IE=edge
Vary: Accept-Encoding,User-Agent
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Transfer-Encoding: chunked
Set-Cookie: PHPSESSID=55b1d854d6be592de68a6a9f8858ccac; path=/
Timing-Allow-Origin: *
Cache-Control: no-transform
Date: Sun, 11 Mar 2018 15:51:46 GMT
Access-Control-Allow-Origin: *
Server: nginx
Cache-control: must-revalidate
Content-Security-Policy: default-src * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.twitter.com https://*.twitter.com http://*.google.com http://*.google.hu http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com https://*.google.com https://*.google.hu http://*.google-analytics.com https://*.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net https://*.googleadservices.com http://*.googleadservices.com http://*.schema.org https://*.schema.org http://*.googletagmanager.com https://*.googletagmanager.com http://*.ampproject.org https://*.ampproject.org; style-src 'unsafe-inline' *
X-Frame-Options: deny
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
Expires: Sun, 18 Mar 2018 15:51:46 GMT
Last-Modified: Sun, 11 Mar 2018 14:51:46 GMT