POST https://www.example./ HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.

1. POST https://www.example./ HTTP/1.1
2. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
3. Pragma: no-cache
4. Cache-Control: no-cache
5. Content-Type: application/x-www-form-urlencoded
6. Content-Length: 195
7. Referer: https://www.example.com/run timeout /T 5
8. X-ZAP-Scan-ID: 90020
9. Host: www.example.com
10.  
11. username=foo-bar%40example.com&password=ZAP&screenSize=desktop&interface=ajax&hasPushState=0&sessionKey=33dd6c741affafeef106ede200e510a7c0ba8e00a630398d3271649db0878cdcf1e7cc7fbd77c30d&remember=1
12.  
13. HTTP/1.1 200 OK
14. Server: nginx
15. Date: Tue, 26 Jan 2016 06:02:06 GMT
16. Content-Type: text/html; charset=utf-8
17. Content-Length: 34075
18. Connection: close
19. X-Request-Id: web3-3017604-1453788125-73
20. Set-Cookie: s_=1%3Bnyi%3Bnyi%3B4897e65805da04c0f9c6208c1ef21967%3B1453788126%3B89609bbbece2c72f5cc2e6a4acea1c2944c3deb6; path=/; domain=www.example.com; secure; HttpOnly
21. X-Backend: web3
22. X-Frame-Options: SAMEORIGIN
23. X-Frontend: frontend2
24. X-UA-Compatible: IE=edge,chrome=1
25. X-Content-Type-Options: nosniff
26. Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
27. Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.pin.net.au https://api.stripe.com https://tag.perfectaudience.com; frame-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src data: https://fonts.gstatic.com; img-src * data: blob:; media-src 'none'; object-src 'none'