HTTP/1.1 200 
Date: Sun, 05 Apr 2026 17:44:42 GMT
Content-Length: 0
Connection: keep-alive
SS: s
Access-Control-Allow-Methods: POST, GET
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Origin,Accept,Authorization,authorization,access-control-allow-origin,content-type,x-requested-with,X-Book-Id,X-Step
Access-Control-Expose-Headers: access-control-allow-origin,content-type,x-requested-with,X-Book-Id,X-Step
Access-Control-Allow-Credentials: true
X-XSS-Protection: 1
Content-Security-Policy: 
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536; includeSubDomains
Referrer-Policy: no-referrer-when-downgrade
X-Permitted-Cross-Domain-Policies: master-only
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-XSS-Protection: 1
Set-Cookie: Path=/; HttpOnly; Secure; SameSite=Lax;
Content-Security-Policy: frame-ancestors 'self'
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: : master-only
X-Download-Options: noopen
Server: panyun