Server | nginx |
Content-Type | text/html; charset=utf-8 |
Status | 200 OK |
X-Frame-Options | SAMEORIGIN |
Edge-Control | no-store |
Cache-Control | no-store, max-age=0, private, must-revalidate |
ETag | W/"0e2a7f990101f78974df18a757749da5" |
Referrer-Policy | same-origin |
X-UA-Compatible | IE=Edge,chrome=1 |
Content-Security-Policy | default-src 'self' https: blob:; child-src *; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com app.link cdn.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io blob: webapi.amap.com restapi.amap.com *.inspectlet.com https: 'sha256-Gn3R3CfqodkNUs+C4gXoCllPFSnBVuhJSWkVuIlhYzc=' 'unsafe-inline' 'sha256-11bVsHJNXc3GrgcH8r4ZM9NwAw3ZwUVDm7MIdtgtPOs=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=host&controller=info&report_only=false&req_uuid=460fa01c-8d81-4b8e-bf7d-0124078c2e8e&version=ddcd10cb8f68d28d2752d1e536390fe8e8215724 |
Content-Security-Policy-Report-Only | default-src blob: *; connect-src blob: *; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; script-src 'self' 'unsafe-eval' webpack.localhost.airbnb.com jira.airbnb.biz googleads.g.doubleclick.net cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com maps.googleapis.com ajax.googleapis.com app.link cdn.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com ethn.io blob: webapi.amap.com restapi.amap.com *.inspectlet.com cdn.ampproject.org/v0.js cdn.ampproject.org/v0/ a.alipayobjects.com gw.alipayobjects.com static.agrant.com.cn t.agrantsem.com ditu.google.com *.muscache.cn *.muscache.com ss.musthird.cn www.google.com www.gstatic.com b92.yahoo.co.jp mc.yandex.ru wcs.naver.net 'sha256-Gn3R3CfqodkNUs+C4gXoCllPFSnBVuhJSWkVuIlhYzc=' 'unsafe-inline' 'sha256-11bVsHJNXc3GrgcH8r4ZM9NwAw3ZwUVDm7MIdtgtPOs=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src * blob: 'unsafe-inline'; report-uri /tracking/csp?action=host&controller=info&report_only=true&req_uuid=460fa01c-8d81-4b8e-bf7d-0124078c2e8e&version=ddcd10cb8f68d28d2752d1e536390fe8e8215724 |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Encoding | gzip |
Strict-Transport-Security | max-age=10886400; includeSubdomains |
X-Server-Name | www.airbnb.com |
Transfer-Encoding | chunked |
Accept-Ranges | bytes, bytes |
Via | 1.1 varnish, 1.1 varnish |
Connection | keep-alive |
X-Served-By | cache-iad2136-IAD, cache-yul8927-YUL |
X-Cache | MISS, MISS |
X-Cache-Hits | 0, 0 |
X-Timer | S1518446550.537596,VS0,VE440 |
Vary | Accept-Encoding |