HTTP/2 200 referrer-policy: strict-origin-when-cross-origin cross-origin-opener-policy: same-origin via: 1.1 google, 1.1 varnish, 1.1 varnish x-backend-server: bedrock-6594f89b97-6v7bf.gcp-us-west1 strict-transport-security: max-age=31536000 content-language: en-US expires: Wed, 01 Oct 2025 12:54:56 GMT etag: "359fa0547701d32ae2d47641fce8d585" x-frame-options: DENY x-clacks-overhead: GNU Terry Pratchett cache-control: max-age=600 server: granian content-security-policy-report-only: frame-ancestors 'none'; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; object-src 'none'; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; base-uri 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; style-src 'self' www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; upgrade-insecure-requests; font-src 'self' www.mozilla.org; default-src 'self' *.mozilla.org content-type: text/html; charset=utf-8 content-security-policy: frame-ancestors 'none'; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; object-src 'none'; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; base-uri 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; upgrade-insecure-requests; font-src 'self' www.mozilla.org; default-src 'self' *.mozilla.org x-content-type-options: nosniff content-encoding: gzip accept-ranges: bytes age: 0 date: Wed, 01 Oct 2025 12:44:57 GMT x-served-by: cache-bom-vanm7210040-BOM, cache-bom-vanm7210026-BOM x-cache: MISS, MISS x-cache-hits: 0, 0 x-timer: S1759322697.609742,VS0,VE480 vary: Accept-Encoding content-length: 6825