| X-XSS-Protection | 0 |
| Pragma | no-cache |
| content-security-policy | default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self' *.m-freeway.com;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.m-freeway.com chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm https://api.paypal.com/v1/oauth2/login https://api.sandbox.paypal.com/v1/oauth2/login; |
| Cache-Control | private, no-cache, no-store, must-revalidate |
| X-Frame-Options | DENY |
| P3P | CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" |
| Strict-Transport-Security | max-age=15552000; preload |
| X-Content-Type-Options | nosniff |
| Expires | Sat, 01 Jan 2000 00:00:00 GMT |
| Vary | Accept-Encoding |
| Content-Encoding | gzip |
| Content-Type | text/html |
| X-FB-Debug | FPvg5uzd4Co2MVOIBQ+eFvI6TAORceV5/5/Ve1r7nFqdRsLXVeLJldHOQX5IO6n8jaRlpGUCKvq/NJZKlyy65A== |
| Transfer-Encoding | chunked |
| Connection | keep-alive |