Vary: Accept-Encoding
X-Request-Id: 6bb24ac2-8084-4c28-b2c3-148d7c47937e
HTTP/1.1 200 OK
Set-Cookie: _listminut_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFVEkiJWJkOGQ3Y2UxYjFjYjBjNGFhN2Q2YjYwNjhjY2QwZDFkBjsAVEkiDWxhbmd1YWdlBjsARkkiB2ZyBjsARkkiEF9jc3JmX3Rva2VuBjsARkkiMThtbTl5a29VSndZZUhvdzBWSlF5RmJhallKVnFkVnJzSkZkWnM0UEoxcW89BjsARg%3D%3D--6d5e9ac6e9496dda6026d34fb86acbc2f8a73b7a; path=/; secure; HttpOnly
X-Runtime: 0.055488
Strict-Transport-Security: max-age=631152000; includeSubdomains; preload
Content-Type: text/html; charset=utf-8
Set-Cookie: XSRF-TOKEN=8mm9ykoUJwYeHow0VJQyFbajYJVqdVrsJFdZs4PJ1qo%3D; path=/; secure; HttpOnly
Set-Cookie: current_country=fr; path=/; secure; HttpOnly
Referrer-Policy: origin-when-cross-origin
X-Ua-Compatible: IE=Edge,chrome=1
Date: Fri, 16 Jun 2017 13:59:11 GMT
X-Content-Type-Options: nosniff
Server: Cowboy
X-Rack-Cache: miss
X-Permitted-Cross-Domain-Policies: none
Content-Length: 27583
Etag: "2a4dc388c57845ca0ccd19594a383ae6"
Via: 1.1 vegur
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Cache-Control: max-age=0, private, must-revalidate
Content-Security-Policy: default-src https: 'self' d3sjx7m1rsw5t2.cloudfront.net *.optimizely.com ss42phpnet.phpnet.org; child-src 'self' player.vimeo.com payment.hipay.com test-payment.hipay.com www.youtube.com www.google.com www.google.be *.optimizely.com secure.ogone.com www.kbc.be www.cbc.be secure-gateway.hipay-tpp.com payment-web.sips-atos.com platform.twitter.com syndication.twitter.com *.facebook.com *.talkgadget.google.com *.stripe.com *.ing.be *.g.doubleclick.net *.visiturn.com; connect-src wss: 'self' d3sjx7m1rsw5t2.cloudfront.net ws://d3sjx7m1rsw5t2.cloudfront.net api.rollbar.com *.hotjar.com *.intercom.io *.log.optimizely.com *.inspectlet.com *.stripe.com agilecrm.s3.amazonaws.com *.visiturn.com; font-src 'self' d3sjx7m1rsw5t2.cloudfront.net data: *.gstatic.com cdnjs.cloudflare.com *.intercomcdn.com; img-src 'self' data: d3sjx7m1rsw5t2.cloudfront.net listminutv3-prod-assets.s3.amazonaws.com listminut.be cidoum.s3.amazonaws.com *.gstatic.com *.googleapis.com www.google-analytics.com www.google.com pci.usd.de code.jquery.com *.facebook.com scontent.xx.fbcdn.net my.clickdesk.com s3.amazonaws.com d1gwclp1pmzk26.cloudfront.net d25wh3ilibgxb0.cloudfront.net contactuswidget.appspot.com stats.g.doubleclick.net *.log.optimizely.com js.intercomcdn.com cdn.ckeditor.com www.google.be *.inspectlet.com *.stripe.com pbs.twimg.com *.chiens-chats.be *.toutoublog.com *.gralon.net *.seniorsavotreservice.com *.ldh.be cluster015.ovh.net ss42phpnet.phpnet.org *.visiturn.com; media-src https: 'self' d3sjx7m1rsw5t2.cloudfront.net js.intercomcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' d3sjx7m1rsw5t2.cloudfront.net cdnjs.cloudflare.com cdn.ckeditor.com cdn.jsdelivr.net ajax.cloudflare.com code.jquery.com code.highcharts.com js-agent.newrelic.com bam.nr-data.net connect.facebook.net my.clickdesk.com d1gwclp1pmzk26.cloudfront.net d3dy5gmtp8yhk7.cloudfront.net clickdeskvisitors.appspot.com www.google-analytics.com www.googleadservices.com *.googleapis.com *.hotjar.com *.optimizely.com *.intercom.io js.intercomcdn.com *.stripe.com cdn.inspectlet.com platform.twitter.com graph.facebook.com talkgadget.google.com d37gvrvc0wt4s1.cloudfront.net *.visiturn.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' code.jquery.com cdnjs.cloudflare.com d3sjx7m1rsw5t2.cloudfront.net d1gwclp1pmzk26.cloudfront.net cdn.ckeditor.com *.stripe.com *.visiturn.com
X-Download-Options: noopen