Cache-Control: max-age=36000, public
Pragma: public
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self' https://www.youtube.com https://platform.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://platform.twitter.com; img-src 'self' data: https://*.geoportail.lu https://syndication.twitter.com https://www.google-analytics.com https://cdnjs.cloudflare.com *.tile.openstreetmap.se *.tile.thunderforest.com *.tile.openstreetmap.org *.global.ssl.fastly.net https://secure.gravatar.com https://pbs.twimg.com https://s.w.org https://ssl.google-analytics.com https://s-static.ak.facebook.com https://ipv6.he.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://cdnjs.cloudflare.com https://themes.googleusercontent.com https://fonts.gstatic.com; child-src 'self' https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://platform.twitter.com; object-src 'self'; connect-src 'self' https://overpass-api.de https://api.openstreetmap.fr https://api.tfl.lu; report-uri https://ucalegon.stereo.lu/csp-report.php
Date: Wed, 14 Mar 2018 21:16:11 GMT
X-Content-Type-Options: nosniff
Expires: Thu, 15 Mar 2018 07:16:11 GMT
Content-Type: text/html; charset=UTF-8
Server: nginx
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
ETag: "226111c81fde8c748d0542d8ebc2cba9"
Strict-Transport-Security: max-age=31415926; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: keep-alive