Server: Apache
Last-Modified: Tue, 31 Oct 2017 14:40:14 GMT
Connection: keep-alive
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.mapbox.com 'unsafe-inline' *.google.com data: *.gstatic.com *.googleapis.com; media-src 'self'; frame-src 'self' *.youtube.com *.soundcloud.com; font-src 'self' themes.googleusercontent.com *.gstatic.com; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.mapbox.com 'unsafe-inline' *.google.com data: *.gstatic.com *.googleapis.com; media-src 'self'; frame-src 'self' *.youtube.com *.soundcloud.com; font-src 'self' themes.googleusercontent.com *.gstatic.com; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security: max-age=1000; includeSubDomains
Link: <http://beteiligen.jetzt/start>; rel="canonical",<http://beteiligen.jetzt/node/668>; rel="shortlink"
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
X-Powered-By: PHP/7.0.24
Content-Language: de
HTTP/1.1 200 OK
Keep-Alive: timeout=15
X-Drupal-Cache: MISS
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.mapbox.com 'unsafe-inline' *.google.com data: *.gstatic.com *.googleapis.com; media-src 'self'; frame-src 'self' *.youtube.com *.soundcloud.com; font-src 'self' themes.googleusercontent.com *.gstatic.com; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report
Etag: "1509460814-0"
Date: Tue, 31 Oct 2017 14:40:14 GMT
X-Content-Type-Options: nosniff
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Transfer-Encoding: chunked
X-Frame-Options: SameOrigin
Vary: Cookie,Accept-Encoding