Date: Mon, 05 Jun 2017 14:27:53 GMT
X-Content-Type-Options: nosniff
Link: </css/app.4d190b58065f593e3aa6.css>; rel=preload; as=style
X-Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mouseflow.com cdn.polyfill.io connect.facebook.net graph.facebook.com *.youtube.com ajax.googleapis.com code.angularjs.org s.ytimg.com www.google-analytics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com; img-src 'self' *.facebook.com i.ytimg.com www.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; connect-src 'self' dabei.sebastian-kurz.at graph.facebook.com o2.mouseflow.com; media-src 'self'; object-src *; child-src *; frame-src *; upgrade-insecure-requests; block-all-mixed-content;
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html; charset=UTF-8
Set-Cookie: splashpage_shown=eyJpdiI6InVoT0VOeFZRUW8yb0paWlwvcHpReFdnPT0iLCJ2YWx1ZSI6ImFmU3lDNzVERnVVK3FSelZVUTllcmc9PSIsIm1hYyI6ImNlYjlmY2YyNjg5N2YyYjE2OGM1ZmY1NGE3NGM2ZWQwZDNkNTBkMDQ4ZjE2MWZmMjJmNmY0MDc2MmEyMTg5OWYifQ%3D%3D; path=/; secure
Vary: Accept-Encoding
Set-Cookie: sk=eyJpdiI6Im1QQjZTNFAyNTI2aytUVjkyMXQzOWc9PSIsInZhbHVlIjoiZXduXC9mMCs0ZzVMMG9CXC85STB4VmtXWDd5RHFNR0crcDBkTURFSzJRTDQwUWc1S1A5VFc0QmJtWFA5VUFcLzZuSk1QaXpiYUZ1dmhpdHdzQUtRV1FQMXc9PSIsIm1hYyI6Ijk5ZTg5MTM1MTZhOTc3YWE2ODhjZGUyNGZiNTJjMGU2NGI4YTUyZjMwZGViMzcyNWIyMGZhMGJlOTM0MDFhNzcifQ%3D%3D; expires=Mon, 05-Jun-2017 16:27:53 GMT; Max-Age=7200; path=/; HttpOnly
Connection: keep-alive
Set-Cookie: __cfduid=d235f9767f9a83ad5bf64296b5b647ffa1496672873; expires=Tue, 05-Jun-18 14:27:53 GMT; path=/; domain=.sebastian-kurz.at; HttpOnly
CF-RAY: 36a3d0b17c27235a-FRA
Server: cloudflare-nginx
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mouseflow.com cdn.polyfill.io connect.facebook.net graph.facebook.com *.youtube.com ajax.googleapis.com code.angularjs.org s.ytimg.com www.google-analytics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com; img-src 'self' *.facebook.com i.ytimg.com www.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; connect-src 'self' dabei.sebastian-kurz.at graph.facebook.com o2.mouseflow.com; media-src 'self'; object-src *; child-src *; frame-src *; upgrade-insecure-requests; block-all-mixed-content;
Transfer-Encoding: chunked
HTTP/1.1 200 OK
Expires: Mon, 05 Jun 2017 14:27:53 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: no-cache, private
MS-Author-Via: DAV
Cache-Control: max-age=0
Referrer-Policy: no-referrer-when-downgrade
X-WebKit-CSP: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mouseflow.com cdn.polyfill.io connect.facebook.net graph.facebook.com *.youtube.com ajax.googleapis.com code.angularjs.org s.ytimg.com www.google-analytics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com; img-src 'self' *.facebook.com i.ytimg.com www.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; connect-src 'self' dabei.sebastian-kurz.at graph.facebook.com o2.mouseflow.com; media-src 'self'; object-src *; child-src *; frame-src *; upgrade-insecure-requests; block-all-mixed-content;