HTTP/1.1 200 OKCache-Control: no-cache, no-storePragma: no-cacheContent-Length: 16561Content-Type: text/html; charset=utf-8Content-Encoding: gzipExpires: -1Vary: Accept-EncodingSet-Cookie: sxa_site=ir_cd; path=/; secureX-UA-Compatible: IE=EdgeRequest-Context: appId=cid-v1:c4cc0587-4cf1-4873-bc42-abb0692129ecStrict-Transport-Security: max-age=31536000Content-Security-Policy: default-src * 'self' 'unsafe-inline' ; script-src 'self' *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.hotjar.com data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com staticcdn.co.nz *.staticcdn.co.nz *.ird.govt.nz *.gstatic.com *.google.com *.google.com.au *.google.co.nz *.doubleclick.net *.cloudfront.net; connect-src * ; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' *.ird.govt.nz staticcdn.co.nz *.staticcdn.co.nz *.google.com *.youtube.com *.cloudfront.net *.googletagmanager.com *.hotjar.com; form-action 'self' *.ird.govt.nz; font-src 'self' data: *.typekit.net *.gstatic.com;X-Frame-Options: DENYX-Content-Type-Options: nosniffDate: Mon, 27 Apr 2020 20:15:51 GMTSet-Cookie: TS01bb2522=0117e34ade18da1dd22fa31a8713943fa65b4585af9b4c7657ef0735a87eececb7b53da9ef01ec857929800c73f0f37f8e01120668413f4c5756f85bbc398121f3b6bf265a; Path=/; Secure; HTTPOnly