HTTP/2 200 server: nginxdate: Wed, 28 Jul 2021 12:06:28 GMTcontent-type: text/html; charset=UTF-8cache-control: max-age=10800,publicpragma: no-cacheexpires: Wed, 28 Jul 2021 15:06:28 GMTset-cookie: XSRF-TOKEN=eyJpdiI6IjZvTDVueVlVN21hSHQ4QmhWcGFsQWc9PSIsInZhbHVlIjoiZlwvVWZQMUFnZzFUcjRDMmo1dDFkTklhalRFYTFJKzc1a2xmRGdQSHdBV0syeGxyMUJTXC9ROEFVTVFkXC96Y3VZU05lbHlpaldzdFhhYjYwV0hvaUZMb0JNcGM0cU5ISFhhNEJKblRMNmJUVG1YU2ZzSFMzSnBNVGo5bmRyV2lkS3YiLCJtYWMiOiJkZDhkMjI1ZmIxOGUxMzNiNWNhNDc3MTllZjM2OTUyNTcyZDViMDQxMDNhMjc1MTM3ODY2MWY2ZjIwYTc3YmNjIn0%3D; expires=Wed, 28-Jul-2021 14:06:28 GMT; Max-Age=7200; path=/; secure; HttpOnlyset-cookie: payfasthome_session=eyJpdiI6ImF3WW52ZHJ4dStweFFUSzkwMzZld2c9PSIsInZhbHVlIjoiMjZBVVJPcmc0SjI3MzZFT2xrMzNUN2lyREZFXC9PYnM5NlZXeGMxaWtETHZhXC9CQVZUQlduZ0g3NDM0R0tXTE01MWgzNW9HSkpqV0hYMXJ5WTQ1OHhyclRXcjFobHA0dTVKWkdsSnNkVkRhd3RSdHpyaUdcL1V2RHVLQ2pxZzlOdzkiLCJtYWMiOiIwNzg3MWYxM2E0Njk0MDhkZWU5N2Q4OTRjMWIzM2IyYmUzOTM3NGRmNGIwODJhNGMxYjlmN2E5MDFmNmJjOTliIn0%3D; expires=Wed, 28-Jul-2021 14:06:28 GMT; Max-Age=7200; path=/; secure; HttpOnly; httponlyvary: Accept-Encoding,User-Agentcontent-encoding: gzipstrict-transport-security: max-age=63072000;x-content-type-options: nosniffx-xss-protection: 1; mode=blockcontent-security-policy: default-src 'self' blob: ; base-uri 'self'; object-src 'self'; worker-src 'self' blob: 'nonce-a9wm3KRVt4' *.hotjar.com; script-src 'self' blob: 'nonce-a9wm3KRVt4' 'sha256-8ef+8jnEIogv9YWJAXCkQFxecSZc1o51nZcDkvGmyn4=' 'sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs=' 'sha256-/BhA9ZYoOzQN8i98bBGCeb9T48LXIq1lONEqe8GesXM=' *.googletagmanager.com *.google-analytics.com *.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.statuspage.io *.facebook.net ; img-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net *.googletagmanager.com https://assets.grammarly.com *.linkedin.com www.gstatic.com translate.google.com www.google-analytics.com *.facebook.com; font-src 'self' blob: fonts.gstatic.com script.hotjar.com; style-src 'self' blob: 'unsafe-inline'; connect-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com *.g.doubleclick.net *.statuspage.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.facebook.com; frame-src blob: https://www.google.com/recaptcha/ *.hotjar.com *.youtube-nocookie.com; report-uri https://payfast.report-uri.com/r/d/csp/enforcex-frame-options: SAMEORIGINx-cache-status: MISSvia: 1.1 googlealt-svc: clear