X-Content-Type-Options: nosniff
Vary: Cookie,Accept-Encoding
X-UA-Compatible: IE=Edge,chrome=1
X-Frame-Options: SAMEORIGIN
X-WebKit-CSP: default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com https://pixel.convertize.io https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* https://postcode-api.apiwise.nl; report-uri /report-csp-violation
Last-Modified: Tue, 23 May 2017 06:17:15 GMT
Age: 65
Connection: close
Link: <https://ccv.eu/nl/frontpage>; rel="canonical",<https://ccv.eu/nl/frontpage>; rel="shortlink"
Date: Tue, 23 May 2017 06:24:05 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Content-Security-Policy: default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com https://pixel.convertize.io https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* https://postcode-api.apiwise.nl; report-uri /report-csp-violation
Expires: Sun, 19 Nov 1978 05:00:00 GMT
X-Drupal-Cache: HIT
HTTP/1.1 200 OK
Etag: "1495520235-1"
Content-Security-Policy: default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com https://pixel.convertize.io https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* https://postcode-api.apiwise.nl; report-uri /report-csp-violation
Content-Language: nl
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Cache-Control: public, max-age=0
X-Cache-Hits: 1
Content-Type: text/html; charset=utf-8
X-Varnish: 788815708 788815575
X-Generator: Drupal 7 (http://drupal.org)
Server: Apache
X-XSS-Protection: 1;mode=block
Via: 1.1 varnish
X-Frame-Options: SameOrigin