X-WebKit-CSP: default-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net *.facebook.com; img-src 'self' *.econda-monitor.de *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.haufe-group.com *.tellja.de; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.bing.com *.adroll.com *.adnxs.com *.typekit.net; script-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net 'unsafe-inline' 'unsafe-eval';
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Date: Thu, 01 Feb 2018 12:33:08 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Set-Cookie: PHPSESSID=s6iavhsvhn846ink7fol3st7g2; path=/
X-Content-Security-Policy: default-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net *.facebook.com; img-src 'self' *.econda-monitor.de *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.haufe-group.com *.tellja.de; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.bing.com *.adroll.com *.adnxs.com *.typekit.net; script-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net 'unsafe-inline' 'unsafe-eval'; options eval-script
Server: Apache
Content-Security-Policy: default-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net *.facebook.com; img-src 'self' *.econda-monitor.de *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.haufe-group.com *.tellja.de; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.bing.com *.adroll.com *.adnxs.com *.typekit.net; script-src 'self' *.bing.com *.adroll.com *.adnxs.com *.typekit.net *.google.com *.google.de *.googleadservices.com *.google-analytics.com *.doubleclick.net *.tellja.de *.facebook.net 'unsafe-inline' 'unsafe-eval';
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding