Cache-Control: no-store, no-cache, must-revalidate Content-Security-Policy-Report-Only: default-src * data: blob:; object-src 'self' https://d1ztvzf22lmr1j.cloudfront.net; connect-src 'self' wss://ws-lb.crowdin.com ws://ws-lb.crowdin.com www.google-analytics.com *.googleapis.com crowdin.com graph.facebook.com www.facebook.com/tr/ *.crowdin.com *.crowdin.net crowdin.polldaddy.com s.ytimg.com; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' www.google-analytics.com *.googleadservices.com *.googleapis.com connect.facebook.net a.quora.com q.quora.com polldaddy.com/survey.js i0.poll.fm/survey.js *.linkedin.com crowdin.com *.crowdin.com *.crowdin.net https://d1ztvzf22lmr1j.cloudfront.net www.youtube.com s.ytimg.com; style-src 'self' 'unsafe-inline' crowdin.com *.crowdin.com fonts.googleapis.com https://d1ztvzf22lmr1j.cloudfront.net; report-uri /csp; Content-Type: text/html; charset=UTF-8 Date: Thu, 05 Oct 2017 10:19:48 GMT Expires: Thu, 19 Nov 1981 08:52:00 GMT Pragma: no-cache Referrer-Policy: origin-when-cross-origin Server: nginx Set-Cookie: cid=b20a3a5ih3h5r2q282ml0sl0q7; expires=Sat, 04-Nov-2017 10:19:48 GMT; Max-Age=2592000; path=/; domain=.crowdin.com; secure; HttpOnly Status: 200 Strict-Transport-Security: max-age=15768000 Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 1; mode=block