X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge,chrome=1
X-WebKit-CSP: default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com pixel.convertize.io https://static.hotjar.com https://script.hotjar.com api.salesfeed.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* https://postcode-api.apiwise.nl; report-uri /report-csp-violation
X-XSS-Protection: 1; mode=block
X-Content-Security-Policy: default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com pixel.convertize.io https://static.hotjar.com https://script.hotjar.com api.salesfeed.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* https://postcode-api.apiwise.nl; report-uri /report-csp-violation
X-Drupal-Cache: HIT
Server: Apache
X-Varnish: 125535597 125535064
X-Content-Type-Options: nosniff
X-Cache-Hits: 2
HTTP/1.1 200 OK
Content-Language: de
Via: 1.1 varnish
Content-Type: text/html; charset=utf-8
X-Frame-Options: SameOrigin
X-Generator: Drupal 7 (http://drupal.org)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: public, max-age=0
X-Frame-Options: SAMEORIGIN
Age: 632
Date: Thu, 26 Oct 2017 20:10:56 GMT
Last-Modified: Thu, 26 Oct 2017 19:22:22 GMT
Etag: "1509045742-1"
Connection: close
X-XSS-Protection: 1;mode=block
Content-Security-Policy: default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com pixel.convertize.io https://static.hotjar.com https://script.hotjar.com api.salesfeed.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* https://postcode-api.apiwise.nl; report-uri /report-csp-violation
Vary: Cookie,Accept-Encoding
Link: <https://ccv-deutschland.de/de/frontpage>; rel="canonical",<https://ccv-deutschland.de/de/frontpage>; rel="shortlink"
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload