HTTP/1.1 200 OK
Connection: close
Content-Length: 81700
Access-Control-Allow-Headers: Access-Control-Allow-Headers,Access-Control-Allow-Methods,Access-Control-Expose-Headers,Cache-Control,Content-Length,Content-Type,Date,Expires,Pragma,Server,X-Robots-Tag
Access-Control-Allow-Methods: *
Access-Control-Expose-Headers: Access-Control-Allow-Headers,Access-Control-Allow-Methods,Access-Control-Expose-Headers,Cache-Control,Content-Length,Content-Type,Date,Expires,Pragma,Server,X-Robots-Tag
Cache-Control: max-age=900
Content-Security-Policy: %0d%0adefault-src 'self' 'unsafe-inline' 'unsafe-eval' akamai.tiqcdn.com export.highcharts.com hsbcbankglobal.sc.omtrdc.net www.stoneshot.com ad.doubleclick.net tags.tiqcdn.com *.doubleclick.net snap.licdn.com www.stoneshot.com hsbcbankglobal.sc.omtrdc.net cdn.linkedin.oribi.io px.ads.linkedin.com adservice.google.com *.brightcove.net metrics.brightcove.com vjs.zencdn.net cf-images.us-east-1.prod.boltdns.net cm.everesttech.net cm.everesttech.net cdn.izooto.com cf-images.eu-west-1.prod.boltdns.net js.adsrvr.org s.yimg.com sp.analytics.yahoo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cx.camsonline.com ad.doubleclick.net www.google.com.hk www.stoneshot.com www.googletagmanager.com sp.analytics.yahoo.com s.yimg.com oauth.brightcove.com js.adsrvr.org insight.adsrvr.org hsbcbankglobal.sc.omtrdc.net cms.api.brightcove.com cf-images.eu-west-1.prod.boltdns.net cdn.izooto.com adservice.google.com.hk adservice.google.com 8118717.fls.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com googletagmanager.com *.googletagmanager.com collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net snap.licdn.com code.highcharts.com http://pbs.twimg.com irs.tools.investis.com maps.googleapis.com s.ytimg.com http://i3.ytimg.com www.youtube.com blob: www.recaptcha.net www.gstatic.com brightcove.net *.brightcove.net brightcove.com *.brightcove.com tags.tiqcdn.com tags.tiqcdn.cn facebook.com connect.facebook.net ads.linkedin.com www.linkedin.com dc.ads.linkedin.com twitter.com analytics.twitter.com static.ads-twitter.com adsymptotic.com hsbcglobalcommon.tt.omtrdc.net vjs.zencdn.net pws.internal.hsbc *.pws.internal.hsbc hsbc.com; connect-src 'self' *.linkedin.com cx.camsonline.com *.izooto.com collect-eu-central-1.tealiumiq.com hsbcglobalgbm.sc.omtrdc.net akamai.tiqcdn.com hsbcbankglobal.sc.omtrdc.net cdn.linkedin.oribi.io manifest.prod.boltdns.net collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net cf.brightcove.com *.cf.brightcove.com ingestion-upload-production.s3.amazonaws.com bcvp0rtal.com *.bcvp0rtal.com gallerysites.net *.gallerysites.net vjs.zencdn.net *.vjs.zencdn.net hlstoken-a.akamaihd.net *.hlstoken-a.akamaihd.net media.brightcove.com *.media.brightcove.com cloudfront.net *.cloudfront.net analytics.edgekey.net *.analytics.edgekey.net akafms.net *.akafms.net llnwd.net *.llnwd.net llnw.net *.llnw.net brightcove.vo.llnwd.net *.brightcove.vo.llnwd.net uds.ak.o.brightcove.com *.uds.ak.o.brightcove.com hls.ak.o.brightcove.com *.hls.ak.o.brightcove.com players.brightcove.net *.players.brightcove.net o.brightcove.com *.o.brightcove.com bcovlive-a.akamaihd.net *.bcovlive-a.akamaihd.net sep.bcovlive.io *.sep.bcovlive.io bcovlive.io *.bcovlive.io api.bcovlive.io *.api.bcovlive.io api.brightcove.com *.api.brightcove.com bcove.video *.bcove.video brightcove.net *.brightcove.net *.brightcovecdn.com boltdns.net *.boltdns.net hsbcglobalcommon.sc.omtrdc.net dpm.demdex.net brightcove.com *.brightcove.com bcsecure01-a.akamaihd.net *.akamaihd.net hsbcglobalcommon.tt.omtrdc.net brightcove.com *.brightcove.com www.youtube.com; img-src 'self' www.google.com.hk cx.camsonline.com *.google.co.in dpm.demdex.net adservice.google.com.hk sp.analytics.yahoo.com adservice.google.com www.stoneshot.com ad.doubleclick.net hsbcbankglobal.sc.omtrdc.net boltdns.net media.licdn.com *.boltdns.net collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net https://www.google.com https://www.google.co.uk px.ads.linkedin.com pxl.yoptima.com pixel.quantserve.com i.ytimg.com http://i3.ytimg.com data: http://pbs.twimg.com sprcdn-assets.sprinklr.com media-exp1.licdn.com brightcove.net dms.licdn.com *.brightcove.net brightcove.com *.brightcove.com tags.tiqcdn.com twitter.com analytics.twitter.com static.ads-twitter.com adsymptotic.com tags.tiqcdn.cn facebook.com connect.facebook.net ads.linkedin.com www.linkedin.com dc.ads.linkedin.com hsbcglobalcommon.tt.omtrdc.net hsbcglobalcommon.sc.omtrdc.net akamaihd.net *.akamaihd.net maps.gstatic.com maps.googleapis.com blob: pws.internal.hsbc *.pws.internal.hsbc hsbc.com; style-src 'self' 'unsafe-inline' cx.camsonline.com players.brightcove.net; base-uri 'self'; form-action 'self' export.highcharts.com; font-src 'self' cx.camsonline.com data:; frame-src 'self' cdn.izooto.com td.doubleclick.net partners.hsbcmf.juvlon.com hextra.harvest.fr rente-hsbc.harvest.fr calculetteepargne-hsbc.harvest.fr diagnosticretraite-hsbc.harvest.fr apl.wealthadvisor.jp match.adsrvr.org insight.adsrvr.org *.demdex.net youtube-nocookie.com *.youtube-nocookie.com *.recaptcha.net recaptcha.net players.brightcove.net www.youtube.com www.google.com irs.tools.investis.com 8118717.fls.doubleclick.net; media-src 'self' blob: akafms.net *.akafms.net llnwd.net *.llnwd.net llnw.net *.llnw.net media.brightcove.com *.media.brightcove.com brightcovecdn.com *.brightcovecdn.com boltdns.net *.boltdns.net video.twimg.com dms.licdn.com pws.internal.hsbc *.pws.internal.hsbc hsbc.com hsbcbankcommon.demdex.net brightcove.com *.brightcove.com *.akamaihd.net;
Content-Type: text/html; charset=utf-8
Date: Fri, 04 Oct 2024 05:07:08 GMT
Etag: "JpoVf+C8nAke9rW1cvp+Gw=="
Expires: Fri, 04 Oct 2024 05:22:08 GMT
Last-Modified: Mon, 04 Apr 2022 01:38:02 GMT
Permissions-Policy: accelerometer=(self),ambient-light-sensor=(self),autoplay=(self),battery=(self),camera=(self),display-capture=(self),document-domain=(*),encrypted-media=(self),execution-while-not-rendered=(*),execution-while-out-of-viewport=(*),fullscreen=(self),gamepad=(self),geolocation=(self),gyroscope=(self),hid=(self),identity-credentials-get=(self),idle-detection=(self),local-fonts=(self),magnetometer=(self),microphone=(self),midi=(self),otp-credentials=(self),payment=(self),picture-in-picture=(*),publickey-credentials-create=(self),publickey-credentials-get=(self),screen-wake-lock=(self),serial=(self),speaker-selection=(self),storage-access=(*),usb=(self),web-share=(self),window-management=(self),xr-spatial-tracking=(self)
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: index, follow
X-Xss-Protection: 1; mode=block