Set-Cookie: AL_SESS-S=AAABLtv8y9I5YzVmNWI1NGJjNDkyNzIzN2JjYTUyODkzMDc4NDQyNwAAFjETbADBRgQuCwBPdAKCUtTUcDc=; path=/; secure; HttpOnly
Public-Key-Pins: pin-sha256="8CZSWyrXW3MPX9Q74nE61QJmniAPZjcSxWYGVC2Yv68="; pin-sha256="VlPBYkgbTTuPpnJ9DZUkRC64/Ijf7pTauv7tkO91z/M="; max-age=1200; includeSubDomains
Transfer-Encoding: chunked
Server: Apache
X-Content-Type-Options: nosniff
HTTP/1.1 200 OK
Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com www.googleapis.com https://code.jquery.com; connect-src 'self' *.bancastato.ch apis.google.com accounts.google.com; img-src 'self' *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com www.googleapis.com; style-src 'self' 'unsafe-inline' *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com; frame-src 'self' apis.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch; child-src 'self' apis.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch; font-src 'self' fonts.googleapis.com fonts.google.com fonts.gstatic.com
Date: Mon, 24 Apr 2017 20:43:26 GMT
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
X-Magnolia-Registration: Registered
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com www.googleapis.com https://code.jquery.com; connect-src 'self' *.bancastato.ch apis.google.com accounts.google.com; img-src 'self' *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com www.googleapis.com; style-src 'self' 'unsafe-inline' *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com; frame-src 'self' apis.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch; child-src 'self' apis.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch; font-src 'self' fonts.googleapis.com fonts.google.com fonts.gstatic.com