HTTP/1.1 200 OKServer: nginxDate: Sat, 04 Apr 2020 19:19:42 GMTContent-Type: text/html; charset=utf-8Connection: keep-aliveVary: Accept-EncodingCache-Control: no-cacheContent-Security-Policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://dropboxconnect.co.uk/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://flash.dropboxstatic.com https://swf.dropboxstatic.com https://dbxlocal.dropboxstatic.com ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/js/ https://www.dropboxstatic.com/static/js/ https://cfl.dropboxstatic.com/static/src/dws-ensemble-appshell/ https://www.dropboxstatic.com/static/src/dws-ensemble-appshell/ https://cfl.dropboxstatic.com/static/previews/ https://www.dropboxstatic.com/static/previews/ https://cfl.dropboxstatic.com/static/api/ https://www.dropboxstatic.com/static/api/ https://cfl.dropboxstatic.com/static/cms/ https://www.dropboxstatic.com/static/cms/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:Dropbox-Streaming: V=1Pragma: no-cacheReferrer-Policy: origin-when-cross-originSet-Cookie: locale=en; Domain=dropbox.com; expires=Thu, 03 Apr 2025 19:19:42 GMT; Path=/; secureSet-Cookie: gvc=MTg2Nzk2NDY1MzkxNjY1MzQ0ODYzMjg0ODkzMzU3MDYwNDAxMDYy; expires=Thu, 03 Apr 2025 19:19:42 GMT; httponly; Path=/; secureSet-Cookie: flash=; Domain=dropbox.com; expires=Sat, 04 Apr 2020 19:19:42 GMT; Path=/; secureSet-Cookie: puc=; expires=Sat, 04 Apr 2020 19:19:42 GMT; httponly; Path=/; secureSet-Cookie: bang=; Domain=dropbox.com; expires=Sat, 04 Apr 2020 19:19:42 GMT; Path=/; secureSet-Cookie: t=YVOAAF21wcNeA7gyP3miX_4e; Domain=dropbox.com; expires=Tue, 04 Apr 2023 19:19:42 GMT; httponly; Path=/; secureSet-Cookie: __Host-js_csrf=YVOAAF21wcNeA7gyP3miX_4e; expires=Tue, 04 Apr 2023 19:19:42 GMT; Path=/; secureX-Content-Type-Options: nosniffX-Dropbox-Request-Id: 862d6e89853e3a5dc88b055fac929a6eX-Frame-Options: DENYX-Xss-Protection: 1; mode=blockStrict-Transport-Security: max-age=15552000; includeSubDomainsContent-Encoding: gzip