Cache-Control: public, max-age=724 Content-Security-Policy: default-src 'self' https: blob:; child-src *; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' a0.muscache.com cdn.siftscience.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com maps.googleapis.com ajax.googleapis.com app.link cdn.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com ethn.io blob: webapi.amap.com restapi.amap.com *.inspectlet.com https: 'sha256-Q5XE16X5zAhH/wvkJBoUIyRz1majl7a7U0JAZuQDRMc=' 'sha256-rfTud2kTm0UjtJ6PqxcrkglfrUD4H8WCcS9mCs6PJ5s='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=bd9d259a-fb04-4595-a4ff-333a79dcc9b3&version=cd31aa1ec53508bbc924787c2c2917c494c3f589 Content-Type: text/html; charset=utf-8 Date: Thu, 05 Oct 2017 10:33:11 GMT Etag: W/"7c40559e58b093f28fd6d6c43dd52466" Link: ;rel=preload;as=style,;rel=preload;as=style,;rel=preload;as=style,;rel=preload;as=style,;rel=preload;as=font;type=font/woff2;crossorigin=crossorigin,;rel=preload;as=font;type=font/woff2;crossorigin=crossorigin,;rel=preload;as=font;type=font/woff2;crossorigin=crossorigin,;rel=preload;as=script Server: nginx/1.7.12 Set-Cookie: xplwp2=new_marquee_2; expires=Mon, 04-Dec-2017 10:33:11 GMT; path=/; domain=.airbnb.com Status: 200 200 OK Strict-Transport-Security: max-age=10886400; includeSubdomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Ua-Compatible: IE=Edge,chrome=1 X-Xss-Protection: 1; mode=block