access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2