| Cache-Control | no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0 |
| Content-Encoding | gzip |
| Content-Security-Policy-Report-Only | default-src 'none'; child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org www.fullstory.com 'nonce-b4329d5c-90de-470f-9b38-88c536f13012'; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation |
| Content-Type | text/html; charset=utf-8 |
| ETag | W/"c849-7pkDVIHZD0ntHbN7uJiY5ppuX9Q" |
| set-cookie | connect.sid=s%3Afe_oNo2EMVWMk4WsiWcfKujySkoF1_vj.K6G4J1Y05RtZaL9xyQGRnbDLGXMvfKBUEpHMfVSQdZk; Path=/; HttpOnly; Secure |
| Strict-Transport-Security | max-age=15552000; includeSubDomains |
| Vary | Accept-Encoding |
| X-Content-Type-Options | nosniff |
| X-DNS-Prefetch-Control | off |
| X-Download-Options | noopen |
| X-Frame-Options | SAMEORIGIN |
| X-XSS-Protection | 1; mode=block |
| transfer-encoding | chunked |
| Connection | keep-alive |