HTTP/2 200 cache-control: no-cache,no-cache, no-storecontent-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:referrer-policy: strict-origin-when-cross-originset-cookie: gvc=MTA2NTM4MDA3MDQ4NTU3NjE5MTI4MDMyOTMwMDkzMTU4NjE1NjU%3D; expires=Fri, 27 Aug 2027 09:14:23 GMT; HttpOnly; Path=/; SameSite=None; Secureset-cookie: t=RXbTpjsJv5IzEIea9V9TOAbN; Domain=dropbox.com; expires=Wed, 27 Aug 2025 09:14:23 GMT; HttpOnly; Path=/; SameSite=None; Secureset-cookie: __Host-js_csrf=RXbTpjsJv5IzEIea9V9TOAbN; expires=Wed, 27 Aug 2025 09:14:23 GMT; Path=/; SameSite=None; Secureset-cookie: __Host-ss=IBK1wWS_54; expires=Wed, 27 Aug 2025 09:14:23 GMT; HttpOnly; Path=/; SameSite=Strict; Secureset-cookie: locale=en; Domain=dropbox.com; expires=Fri, 27 Aug 2027 09:14:23 GMT; Path=/; SameSite=None; Securex-content-type-options: nosniffx-frame-options: DENYx-permitted-cross-domain-policies: nonex-xss-protection: 1; mode=blockcontent-type: application/jsonaccept-encoding: identity,gzipdate: Sun, 28 Aug 2022 09:14:23 GMTserver: envoystrict-transport-security: max-age=31536000; includeSubDomainsstrict-transport-security: max-age=31536000; includeSubDomainsstrict-transport-security: max-age=31536000; includeSubDomains; preloadcontent-encoding: gzipvary: Accept-Encodingx-dropbox-response-origin: far_remotex-dropbox-request-id: 9a141a60af6549bb8de757cb87698beb