X-UA-Compatible: IE=edge
Connection: keep-alive
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net http://maps.google.com http://maps.googleapis.com https://*.vimeo.com https://*.vimeocdn.com https://*.newrelic.com https://*.nr-data.net http://connect.facebook.net; object-src 'self'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com https://hello.myfonts.net https://*.vimeocdn.com; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net http://csi.gstatic.com http://maps.gstatic.com http://maps.google.com http://maps.googleapis.com https://www.facebook.com; media-src 'self'; child-src 'self' https://www.youtube.com https://*.vimeo.com https://*.vimeocdn.com http://staticxx.facebook.com https://www.facebook.com;
X-XSS-Protection: 1; mode=block
Server: Apache/2.4.18 (Ubuntu)
Referrer-Policy: no-referrer-when-downgrade
Expires: Sun, 25 Feb 2018 20:42:00 GMT
Content-Language: de
Date: Sun, 25 Feb 2018 20:42:00 GMT
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Cache-Control: private, no-store, max-age=0
Content-Length: 24278