@elliott-davis: Using Firefox Debugging, here are the request/response headers to GitHub:
Request:
Host: github.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hab-depot.dbright.com/
Cookie: logged_in=yes; _octo=GH1.1.1351481130.1517324159; _ga=GA1.2.1174774092.1517324159; _gh_sess=..................................=America%2FNew_York; user_session=..................................; dotcom_user=danielcbright; _gat=1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Response:
HTTP/1.1 302 Found
Server: GitHub.com
Date: Tue, 29 May 2018 16:21:57 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Status: 302 Found
Cache-Control: no-cache
Vary: X-PJAX
Location: https://hab-depot.dbright.com/?code=.........................................
Set-Cookie: user_session=.........................................; path=/; expires=Tue, 12 Jun 2018 16:21:57 -0000; secure; HttpOnly
Set-Cookie: __Host-user_session_same_site=.........................................; path=/; expires=Tue, 12 Jun 2018 16:21:57 -0000; secure; HttpOnly; SameSite=Strict
Set-Cookie: _gh_sess=.........................................; path=/; secure; HttpOnly
X-Request-Id: b63b53c1-255f-410c-bf0e-f6df1b51c18c
X-Runtime: 0.085335
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'self'; frame-src render.githubusercontent.com; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com
X-Runtime-rack: 0.096285
X-GitHub-Request-Id: CD2E:6EEE:418A116:78297D4:5B0D7E1C