Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Content-Language: en-US
Content-Length: 2732
Content-Security-Policy: default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline'
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=83AEE36F8E5961655256F1AE5AB2890F; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block