HTTP/2 200 x-frame-options: SAMEORIGIN content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com; frame-src https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.recaptchaenterprise.googleapis.com/ https://www.facebook.com/; connect-src 'self' https://us-central1-tripp-prod.cloudfunctions.net/api/graphql https://firebaseinstallations.googleapis.com https://us-central1-tripp-stag.cloudfunctions.net https://recaptchaenterprise.googleapis.com/ https://firebase.googleapis.com/ https://identitytoolkit.googleapis.com/ https://securetoken.googleapis.com https://www.google.com https://sdk.iad-02.braze.com https://www.google-analytics.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com; img-src 'self' data: https://www.gstatic.com/recaptcha/ https://media-cdn.tripp.com https://flagcdn.com https://www.facebook.com https://graph.facebook.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha/; object-src 'none'; frame-ancestors 'self'; font-src 'self' data:; base-uri 'self'; strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding x-nextjs-cache: HIT cache-control: s-maxage=31536000, stale-while-revalidate etag: "oifi39uoc7ltn" content-type: text/html; charset=utf-8 content-encoding: gzip date: Fri, 26 Dec 2025 08:53:05 GMT server: Google Frontend