HTTP/2 301 date: Thu, 11 Oct 2018 18:43:54 GMT content-type: text/html; charset=utf-8 vary: Accept-Encoding server: Mastodon Location: https://test.other/some/ x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block vary: Accept-Encoding etag: W/"706e6c48957e1d46ecf9d7597a7880af" cache-control: max-age=0, private, must-revalidate set-cookie: _mastodon_session=v3kcy%2FW3aZYBBvZUohuwksEKwzYIyEUlEuJ1KqTAfWPKvVQq%2F4UuJ39zp621VyfpQNlvY46TL%2FYutzXowSLYQBNFCJcrEiF04aU0TdtHls9zynMiyeHhoVgCijOXWXNt9%2FCmpQ49RkNEujkv9NaJ0cum32MCVZKjE9%2BMKmLM%2F8ZygZeLBGJ7sg%3D%3D--QGIiU0%2FpXc3Aym8F--he2iRRPePOdtEs3z%2BufSXg%3D%3D; path=/; secure; HttpOnly x-request-id: a0c0b8e7-cd60-4efa-b79b-cf1b0d5a0784 x-runtime: 0.049566 strict-transport-security: max-age=31536000; includeSubDomains; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff referrer-policy: same-origin content-security-policy: frame-ancestors 'none'; script-src 'self'; object-src 'self'; img-src * data: blob:; media-src 'self' data:; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' blob: wss://mastodonten.de x-xss-protection: 1; mode=block