HTTP/1.1 200 OKServer: nginxContent-Type: text/html; charset=utf-8Vary: Accept-Encodingx-frame-options: SAMEORIGINx-content-type-options: nosniffx-xss-protection: 1; mode=blockx-ua-compatible: IE=Edge,chrome=1content-security-policy: child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src * https://*.cardinalcommerce.com; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://songbird.cardinalcommerce.com/ 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-IBmijTI70MI5yqm9CrYD1Ts0ndWzpYl3q53xisLCtLo=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://includes.ccdc02.com https://includestest.ccdc02.com https://js.stripe.com 'sha256-Hjyu3Jo7IOtvwdah7nCspIxlken63R3fn3fWRdAD2yE='; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=56812bec-11b5-4480-86c6-2a4d5354bb46&version=sha%3D299c9b81753f&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=56812bec-11b5-4480-86c6-2a4d5354bb46&version=sha%3D299c9b81753f&report_only=falseLink: ;rel=preload;as=style,;rel=preload;as=font;type=font/woff2;crossorigin=crossorigin,;rel=preload;as=font;type=font/woff2;crossorigin=crossorigin,;rel=preload;as=font;type=font/woff2;crossorigin=crossoriginETag: W/"34b32-gcxN/0pc+tGk2jQqZAae0pNLBUA"Content-Encoding: gzipx-envoy-upstream-service-time: 313Strict-Transport-Security: max-age=10886400; includeSubdomainsContent-Length: 45519Cache-Control: public, max-age=920Date: Sat, 07 Dec 2019 20:11:47 GMTConnection: keep-aliveSet-Cookie: bev=1575749507_YmUwNTgxZWRmYzYy; expires=Mon, 06-Dec-2021 20:11:47 GMT; path=/; domain=.airbnb.com.br; secureSet-Cookie: cdn_exp_d61e2daed7f787351=treatment; expires=Wed, 05-Feb-2020 20:11:47 GMT; path=/; domain=.airbnb.com.brSet-Cookie: cache_state=1; path=/; Domain=.airbnb.com.br; Secure;x-erf-bev-bev-is-generated: 1x-erf-bev-bev: 1575749507_YmUwNTgxZWRmYzYy