Content-Security-Policy: default-src https://*.cler.ch https://*.mycler.ch; img-src data: https://*.cler.ch https://*.mycler.ch https://metrics.bankcoop.ch https://secmetrics.bankcoop.ch; script-src 'unsafe-inline' 'unsafe-eval' https://*.cler.ch https://*.mycler.ch https://assets.adobedtm.com https://www.contovista.com https://metrics.bankcoop.ch https://secmetrics.bankcoop.ch https://secure-ds.serving-sys.com https://bs.serving-sys.com; frame-src https://*.cler.ch https://*.mycler.ch https://*.quovadisglobal.com https://www.google.com; style-src 'unsafe-inline' 'unsafe-eval' https://*.cler.ch https://*.mycler.ch; connect-src wss://*.mycler.ch https://*.mycler.ch https://*.cler.ch https://www.contovista.com; child-src blob: https://*.mycler.ch https://*.cler.ch; media-src blob: https://*.mycler.ch https://*.cler.ch; frame-ancestors https://*.cler.ch https://*.mycler.ch ; form-action https://*.cler.ch https://*.mycler.ch;
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains;
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Transfer-Encoding: chunked
Server: Apache
X-Content-Type-Options: nosniff
Pragma: no-cache
HTTP/1.1 200 OK
Date: Mon, 25 Sep 2017 18:35:04 GMT
X-XSS-Protection: 1
Set-Cookie: AL_SESS-S=AfOA1gqLGpP2h!sXqj7cgxNz3LWekCGVoZyZNxFFQ4tbg0Tzxu2jn6bSwAkPsw9lN0qi; Path=/; Domain=.mycler.ch; Secure; HttpOnly