X-WebKit-CSP: default-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net *.facebook.com; img-src 'self' *.econda-monitor.de *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.haufe-group.com *.tellja.de; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.bing.com *.adroll.com *.adnxs.com *.typekit.net; script-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net 'unsafe-inline' 'unsafe-eval';
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Date: Sun, 04 Mar 2018 12:28:29 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Set-Cookie: PHPSESSID=9nfqern460k3dl08s96bvphvd7; path=/; HttpOnly
X-Content-Security-Policy: default-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net *.facebook.com; img-src 'self' *.econda-monitor.de *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.haufe-group.com *.tellja.de; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.bing.com *.adroll.com *.adnxs.com *.typekit.net; script-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net 'unsafe-inline' 'unsafe-eval'; options eval-script
Server: Apache
Content-Security-Policy: default-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net *.facebook.com; img-src 'self' *.econda-monitor.de *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.haufe-group.com *.tellja.de; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.bing.com *.adroll.com *.adnxs.com *.typekit.net; script-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net 'unsafe-inline' 'unsafe-eval';
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding