dropbox.com Review

 N/A

HTTP/1.1 301 Moved Permanently
location: https://dropbox.com/
date: Wed, 28 Jan 2026 21:49:28 GMT
server: envoy
x-dropbox-request-id: 2806c15837e44e8cac534328697a8468
content-length: 0

HTTP/1.1 301 Moved Permanently
Location: https://www.dropbox.com/
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: no-cache, no-store
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Vary: Accept-Encoding
X-Dropbox-Response-Origin: local
Date: Wed, 28 Jan 2026 21:49:28 GMT
Server: envoy
X-Dropbox-Request-Id: 0a8d8c48f14040aeb6e430e9697a8469
Content-Length: 0

HTTP/1.1 200 OK
Content-Security-Policy: worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; font-src https://* data: ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; frame-src https://* dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; default-src 'none' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; media-src https://* blob: ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://applepay.cdn-apple.com 'nonce-b9tMjg+42DI6R6TFiDD3s0/l4qo=' ; base-uri 'self' ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self'
Content-Security-Policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-b9tMjg+42DI6R6TFiDD3s0/l4qo=' 'nonce-vlEI8P01nhkaDmUNZzX4w7qcbe8='
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: gvc=MzI3MzM3NjQyNzkxMjEyMDU5NDM4NDQ1ODI3MDcyNzA5MjIxMTE3; Path=/; Expires=Mon, 27 Jan 2031 21:49:29 GMT; HttpOnly; Secure
Set-Cookie: t=Bll_pr0DDcvLPKj_ecFu6a-O; Path=/; Domain=dropbox.com; Expires=Thu, 28 Jan 2027 21:49:29 GMT; HttpOnly; Secure
Set-Cookie: __Host-js_csrf=Bll_pr0DDcvLPKj_ecFu6a-O; Path=/; Expires=Thu, 28 Jan 2027 21:49:29 GMT; Secure
Set-Cookie: __Host-ss=6WOs6ZUHHk; Path=/; Expires=Thu, 28 Jan 2027 21:49:29 GMT; HttpOnly; Secure; SameSite=Strict
Set-Cookie: locale=ja; Path=/; Domain=dropbox.com; Expires=Mon, 27 Jan 2031 21:49:29 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 1; mode=block
Date: Wed, 28 Jan 2026 21:49:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: envoy
Cache-Control: no-cache, no-store
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Encoding: gzip
Vary: Accept-Encoding
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: 1a4f86fef3a849ba914087eb697a8469
Transfer-Encoding: chunked