X-Dns-Prefetch-Control: on
CF-RAY: 3a56fa63fd3f268a-FRA
Via: 1.1 vegur
CF-Cache-Status: REVALIDATED
Link: <https://fonts.googleapis.com>; rel=preconnect; crossorigin
Etag: W/"1e5ae-1Zi+yyg931av7S63lQRsPxJNrtw"
Link: <https://cdnjs.cloudflare.com/>; rel=preconnect; crossorigin
Date: Thu, 28 Sep 2017 13:16:36 GMT
Connection: keep-alive
HTTP/1.1 200 OK
Link: <https://www.googletagmanager.com>; rel=preconnect; crossorigin
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 27 Sep 2017 04:28:17 GMT
Set-Cookie: __cfduid=da74fa1e62c685239cb98539c5a61bdc61506604595; expires=Fri, 28-Sep-18 13:16:35 GMT; path=/; domain=.transfers.do; HttpOnly; Secure
Content-Security-Policy-Report-Only: default-src 'self'; base-uri 'self'; upgrade-insecure-requests; form-action 'self' *.facebook.com *.paypal.com; frame-ancestors 'self'; object-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.io cdn.jsdelivr.net www.googletagmanager.com *.google-analytics.com *.googleapis.com www.gstatic.com apis.google.com www.googleadservices.com www.paypalobjects.com bat.bing.com cf.trsv.co cdnjs.cloudflare.com twemoji.maxcdn.com connect.facebook.net graph.facebook.com mc.yandex.ru yastatic.net www.linkedin.com snap.licdn.com *.bizographics.com *.ads.linkedin.com https://d31qbv1cthcecs.cloudfront.net https://js.stripe.com https://checkout.stripe.com icm.aexp-static.com *.americanexpress.com cdn.ravenjs.com *.livechatinc.com; connect-src 'self' cdnjs.cloudflare.com twemoji.maxcdn.com *.googleapis.com *.google-analytics.com *.googlesyndication.com www.googleadservices.com fonts.gstatic.com bat.bing.com mc.yandex.ru www.facebook.com https://api.stripe.com https://checkout.stripe.com sentry.io *.livechatinc.com; style-src 'self' 'unsafe-inline' cf.trsv.co *.googleapis.com cdnjs.cloudflare.com; font-src 'self' blob: data: https://fonts.gstatic.com *.livechatinc.com themes.googleusercontent.com; child-src 'self' *.facebook.com *.google.com *.doubleclick.net https://js.stripe.com https://checkout.stripe.com *.americanexpress.com *.livechatinc.com; media-src cdn.livechatinc.com storage.googleapis.com; report-uri https://sentry.io/api/178018/csp-report/?sentry_key=ad09370c9f2f42888b35457e8fb6ce89
Content-Type: text/html; charset=utf-8
Link: </assets/v/4.11.19/stylesheets/homepage.min.css>; rel="preload"; as="style"
Transfer-Encoding: chunked
Link: </assets/v/4.11.19/scripts/tino.min.es6>; rel="preload"; as="script"
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Strict-Transport-Security: max-age=31557600; includeSubDomains; preload
Link: </assets/images/logo/icons/16.png; rel=icon; type="image/png"; crossorigin
X-Content-Type-Options: nosniff
Link: </assets/images/transfers.do/homepage/welcome-1600px.jpg 1600w,/assets/images/transfers.do/homepage/welcome-1024px.jpg 1024w,/assets/images/transfers.do/homepage/welcome-600px.jpg 600w>; rel="preload"; as="image"; nopush
Public-Key-Pins: pin-sha256="YyDbJDDCZeicJIbXdShYHDfvjpbIrgwjOdxHLrkhmaI="; pin-sha256="dN2T4auLcpY6xQddYHQIg588DJcHVaJ/g52AegjT00k="; max-age=5616000; report-uri="https://tino.report-uri.io/r/default/hpkp/enforce"
Server: cloudflare-nginx
Vary: Accept-Encoding
Cache-Control: public, max-age=86400