Vary: Accept-Encoding
Content-Security-Policy: default-src 'self' https://js.stripe.com https://use.typekit.net https://api.segment.io/ https://*.livechatinc.com/* https://www.google-analytics.com/ https://cdn.mxpnl.com/ https://api.mixpanel.com/ https://player.vimeo.com https://*.errorception.com/ https://secure.livechatinc.com/ https://lon.netverify.com/ https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://performance.typekit.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io; script-src 'self' 'unsafe-inline' https://js.stripe.com https://use.typekit.net https://*.livechatinc.com/ https://api.segment.io/ https://cdn.segment.io/ https://www.google-analytics.com/ https://cdn.mxpnl.com/ https://api.mixpanel.com/ https://*.errorception.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://lon.netverify.com/ https://ajax.googleapis.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://www.facebook.com; style-src 'self' 'unsafe-inline' https://use.typekit.net; img-src 'self' data: https://www.gravatar.com https://maps.googleapis.com https://www.google-analytics.com/ https://p.typekit.net https://*.stripe.com https://stats.g.doubleclick.net/ http://maps.googleapis.com https://s3-ap-southeast-2.amazonaws.com/zipid35/ https://s3-ap-southeast-2.amazonaws.com/zipid14/ https://s3-ap-southeast-2.amazonaws.com/zipid21/ https://js.intercomcdn.com https://static.intercomassets.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://secure.livechatinc.com https://connect.facebook.net https://www.facebook.com; font-src 'self' data: https://*.typekit.net https://cdn.livechatinc.com/ https://js.intercomcdn.com; frame-ancestors 'self'; media-src 'self' blob: https://js.intercomcdn.com
X-Content-Type-Options: nosniff
X-WebKit-CSP: default-src 'self' https://js.stripe.com https://use.typekit.net https://api.segment.io/ https://*.livechatinc.com/* https://www.google-analytics.com/ https://cdn.mxpnl.com/ https://api.mixpanel.com/ https://player.vimeo.com https://*.errorception.com/ https://secure.livechatinc.com/ https://lon.netverify.com/ https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://performance.typekit.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io; script-src 'self' 'unsafe-inline' https://js.stripe.com https://use.typekit.net https://*.livechatinc.com/ https://api.segment.io/ https://cdn.segment.io/ https://www.google-analytics.com/ https://cdn.mxpnl.com/ https://api.mixpanel.com/ https://*.errorception.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://lon.netverify.com/ https://ajax.googleapis.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://www.facebook.com; style-src 'self' 'unsafe-inline' https://use.typekit.net; img-src 'self' data: https://www.gravatar.com https://maps.googleapis.com https://www.google-analytics.com/ https://p.typekit.net https://*.stripe.com https://stats.g.doubleclick.net/ http://maps.googleapis.com https://s3-ap-southeast-2.amazonaws.com/zipid35/ https://s3-ap-southeast-2.amazonaws.com/zipid14/ https://s3-ap-southeast-2.amazonaws.com/zipid21/ https://js.intercomcdn.com https://static.intercomassets.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://secure.livechatinc.com https://connect.facebook.net https://www.facebook.com; font-src 'self' data: https://*.typekit.net https://cdn.livechatinc.com/ https://js.intercomcdn.com; frame-ancestors 'self'; media-src 'self' blob: https://js.intercomcdn.com
Expires: 0
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400000; includeSubDomains
Content-Length: 13735
Vary: Accept-Encoding
Connection: keep-alive
X-Content-Security-Policy: default-src 'self' https://js.stripe.com https://use.typekit.net https://api.segment.io/ https://*.livechatinc.com/* https://www.google-analytics.com/ https://cdn.mxpnl.com/ https://api.mixpanel.com/ https://player.vimeo.com https://*.errorception.com/ https://secure.livechatinc.com/ https://lon.netverify.com/ https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://performance.typekit.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io; script-src 'self' 'unsafe-inline' https://js.stripe.com https://use.typekit.net https://*.livechatinc.com/ https://api.segment.io/ https://cdn.segment.io/ https://www.google-analytics.com/ https://cdn.mxpnl.com/ https://api.mixpanel.com/ https://*.errorception.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://lon.netverify.com/ https://ajax.googleapis.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://www.facebook.com; style-src 'self' 'unsafe-inline' https://use.typekit.net; img-src 'self' data: https://www.gravatar.com https://maps.googleapis.com https://www.google-analytics.com/ https://p.typekit.net https://*.stripe.com https://stats.g.doubleclick.net/ http://maps.googleapis.com https://s3-ap-southeast-2.amazonaws.com/zipid35/ https://s3-ap-southeast-2.amazonaws.com/zipid14/ https://s3-ap-southeast-2.amazonaws.com/zipid21/ https://js.intercomcdn.com https://static.intercomassets.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://secure.livechatinc.com https://connect.facebook.net https://www.facebook.com; font-src 'self' data: https://*.typekit.net https://cdn.livechatinc.com/ https://js.intercomcdn.com; frame-ancestors 'self'; media-src 'self' blob: https://js.intercomcdn.com
X-Frame-Options: SAMEORIGIN
Date: Wed, 01 Nov 2017 20:42:55 GMT
Accept-Ranges: bytes
X-UA-Compatible: IE=edge
Server: nginx
X-XSS-Protection: 1; mode=block
ETag: W/"35a7-af/7imwger9hRyubSxXcl+k4ec4"
Content-Type: text/html; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
P3P: CP="CAO PSA OUR"
Surrogate-Control: no-store
set-cookie: sid=s%3AkVn5dkp1cG74H2WaSJQAb6xqISX-Mw5M.VJzjds%2F40rap%2FGYKQSmFLrboW0JuWhIMg%2FRbA4hjCrA; Path=/; Expires=Thu, 02 Nov 2017 00:42:55 GMT; HttpOnly; Secure