Allow: GET, HEAD, OPTIONS
Connection: keep-alive
Content-Security-Policy-Report-Only: default-src blob: data: 'unsafe-inline' 'unsafe-eval' mail.ru *.mail.ru *.devmail.ru *.imgsmail.ru *.mradx.net *.doubleverify.com *.doubleclick.net www.google.com *.googlesyndication.com *.googleapis.com themes.googleusercontent.com *.youtube.com facebook.com *.facebook.com twitter.com *.twitter.com coub.com *.coub.com giphy.com instagram.com *.instagram.com soundcloud.com *.soundcloud.com www.dailymail.co.uk s0.2mdn.net vk.com *.vk.com *.playbuzz.com ok.ru *.ok.ru *.ampproject.net player.vimeo.com rutube.ru *.rutube.ru vine.co video.khl.ru yandexadexchange.net *.yandexadexchange.net *.yandex.ru *.yandex.net yandex.st yastatic.net renderer.qmerce.com *.gemius.pl *.weborama.fr *.adriver.ru *.serving-sys.com *.moatads.com *.twimg.com *.gstatic.com *.ampproject.org *.2gis.com *.2gis.ru; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru *.devmail.ru *.imgsmail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.doubleverify.com *.dvtps.com *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.google-analytics.com translate.google.com *.googleapis.com ok.ru *.ok.ru vk.com *.vk.com *.doubleclick.net *.yandex.ru *.mtproxy.yandex.net yandex.st yastatic.net *.facebook.net *.facebook.com *.twitter.com *.twimg.com coub.com *.coub.com *.api.2gis.ru s3.amazonaws.com mediatoday.ru s0.2mdn.net sb.scorecardresearch.com static.bbc.co.uk news.files.bbci.co.uk cdn.ampproject.org *.instagram.com cdn.playbuzz.com platform.vine.co js-inject *.webvisor.com *.flickr.com *.adlooxtracking.com *.google.com *.gstatic.com; connect-src 'self' wss://*.mail.ru wss://*.devmail.ru *.mail.ru *.devmail.ru *.imgsmail.ru *.mradx.net *.googleapis.com *.google-analytics.com *.googlesyndication.com *.yandex.ru yandex.st yastatic.net *.api.2gis.ru s0.2mdn.net *.instagram.com facebook.com *.facebook.com *.facebook.net *.ampproject.net *.flickr.com geo.query.yahoo.com; img-src * data: blob:; worker-src *.mail.ru; report-uri https://portal-csp-report.corp.mail.ru/report/
Content-Type: text/html; charset=utf-8
Date: Thu, 05 Oct 2017 16:00:50 GMT
Server: nginx/1.10.3
Set-Cookie: csrftoken=AG_cGrI6DH7vRN4Ba5SAEyop; expires=Thu, 04-Oct-2018 16:00:50 GMT; Max-Age=31449600; Path=/ sessionid=c0ipg71w1180e2qozh912n3lztnvwriz; expires=Thu, 19-Oct-2017 16:00:50 GMT; httponly; Max-Age=1209600; Path=/
Strict-Transport-Security: max-age=16070400; preload
Transfer-Encoding: chunked
Vary: User-Agent
X-Content-Type-Options: nosniff
X-Csrf-Token: AG_cGrI6DH7vRN4Ba5SAEyop
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection