Public-Key-Pins: pin-sha256="vW87ZTn/rDoTflwaQMI4RZk4KSK1yuJw+DdMj5wuq44="; pin-sha256="tAe8QCTrCqQ4OjeSL17CopH/ZLDqQuwPwGPxs6q7/yw="; max-age=2592000; includeSubDomains
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=2592000; includeSubDomains
Content-Type: text/html; charset=UTF-8
X-XSS-Protection: 1; mode=block
Content-Length: 30372
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
Last-Modified: Sat, 27 May 2017 23:02:20 GMT
Cache-Control: max-age=0
X-Permitted-Cross-Domain-Policies: master-only
Server: Apache
Date: Sun, 28 May 2017 01:17:36 GMT
X-Frame-Options: sameorigin
Content-Security-Policy: default-src 'self' data: sdc.credit-suisse.com *.nab.ch www.nabhome.ch www.youtube.com maps.gstatic.com csi.gstatic.com *.googleapis.com fonts.gstatic.com api.rkd.reuters.com secure.credit-now.ch *.g.doubleclick.net; img-src 'self' data: *.nab.ch *.ggpht.com maps.gstatic.com csi.gstatic.com sdc.credit-suisse.com *.googleapis.com api.rkd.reuters.com www.googleadservices.com *.g.doubleclick.net www.google.com www.google.ch www.google.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nab.ch www.credit-suisse.com assets.adobedtm.com fast.fonts.net maps.googleapis.com mts0.googleapis.com mts1.googleapis.com ajax.googleapis.com www.googleadservices.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.nab.ch fast.fonts.net fonts.googleapis.com; child-src 'self' *.nab.ch www.youtube.com www.bank-now.ch *.g.doubleclick.net www.google.ch www.google.com; report-uri /cspreport-service/csp-report
Vary: Accept-Encoding,User-Agent
Expires: Sun, 28 May 2017 01:17:36 GMT