Server: Apache
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Security-Policy-Report-Only: default-src 'self' ws://127.0.0.1:35729 ws://localhost:3000 fbrpc://call https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://d2wy8f7a9ursnm.cloudfront.net https://*.bosch.com https://statse.webtrendslive.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com; img-src 'self' data: https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.facebook.com https://notify.bugsnag.com https://*.gravatar.com https://*.webtrendslive.com; font-src 'self' data: https://*.gstatic.com; child-src 'self' https://*.joomunited.com; object-src 'self'; report-uri https://csp.spinnwerk.at https://spinnwerk.report-uri.io/r/default/csp/reportOnly
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-UA-Compatible: IE=edge
Last-Modified: Sun, 04 Feb 2018 14:23:58 GMT
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Date: Sun, 04 Feb 2018 21:27:06 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=0
Content-Security-Policy: upgrade-insecure-requests
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html; charset=UTF-8
X-Frame-Options: SAMEORIGIN
Expires: Sun, 04 Feb 2018 21:27:06 GMT