X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com about: *.google.com *.gstatic.com *.googleapis.com *.planwerk6.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.planwerk6.de *.fonts.net *.fonts.com ; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.planwerk6.de; frame-src 'self' *.google.com; font-src 'self' data: *.gstatic.com *.planwerk6.de; report-uri /admin/config/system/seckit/csp-report
From-Origin: same
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Link: <https://www.planwerk6.de/>; rel="canonical",<https://www.planwerk6.de/>; rel="shortlink"
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Connection: Upgrade
X-UA-Compatible: IE=edge
Strict-Transport-Security: max-age=1000
Server: Apache/2.4.27 (Ubuntu)
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com about: *.google.com *.gstatic.com *.googleapis.com *.planwerk6.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.planwerk6.de *.fonts.net *.fonts.com ; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.planwerk6.de; frame-src 'self' *.google.com; font-src 'self' data: *.gstatic.com *.planwerk6.de; report-uri /admin/config/system/seckit/csp-report
Transfer-Encoding: chunked
Cache-Control: no-cache, must-revalidate
HTTP/1.1 200 OK
Date: Fri, 28 Jul 2017 06:26:44 GMT
Upgrade: h2
X-Generator: Drupal 7 (http://drupal.org)
X-Frame-Options: SameOrigin
Content-Language: de
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com about: *.google.com *.gstatic.com *.googleapis.com *.planwerk6.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.planwerk6.de *.fonts.net *.fonts.com ; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.planwerk6.de; frame-src 'self' *.google.com; font-src 'self' data: *.gstatic.com *.planwerk6.de; report-uri /admin/config/system/seckit/csp-report
Vary: Host,Accept-Encoding
X-XSS-Protection: 1; mode=block