Content-Security-Policy: default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdnjs.cloudflare.com https://connect.facebook.net https://maps.googleapis.com; img-src 'self' data: https://www.facebook.com https://web.facebook.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; frame-src https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com; connect-src 'self' http://api3.geo.admin.ch; object-src 'none'
HTTP/1.1 200 OK
Set-Cookie: csrftoken=ct4DyD2yEGpjYdDIx0MzhnM1RY7j3SE2D5Ka1qEDqulwR2RMtxm0czVMsPuIfo0B; expires=Wed, 13-Feb-2019 19:45:44 GMT; Max-Age=31449600; Path=/; secure
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=31536000; includeSubdomains
Connection: keep-alive
Transfer-Encoding: chunked
X-Frame-Options: deny
Content-Type: text/html; charset=utf-8
Vary: Cookie
X-Content-Type-Options: nosniff
Date: Wed, 14 Feb 2018 19:45:44 GMT
Server: nginx
X-XSS-Protection: 1; mode=block
Set-Cookie: sessionid=m2165p0pr44vo6c9nc59wkyo4axh6mfq; expires=Wed, 28-Feb-2018 19:45:44 GMT; httponly; Max-Age=1209600; Path=/; secure
Vary: Accept-Encoding
Content-Language: fr