X-Permitted-Cross-Domain-Policies: master-only
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.googleapis.com *.youtube.com *.youtu.be *.twimg.com platform.twitter.com; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com *.google.com *.googleapis.com; font-src *; img-src data: *; child-src *.nrw.de *.facebook.com *.facebook.de *.twitter.com *.google.com *.googleapis.com *.youtube.com *.youtu.be; frame-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com *.google.com *.googleapis.com *.youtube.com *.youtu.be; object-src 'none'; media-src *.nrw.de *.nrw;
Content-Length: 123955
Server: Apache
Last-Modified: Fri, 01 Dec 2017 11:02:16 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: de
Date: Fri, 01 Dec 2017 11:11:25 GMT
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.googleapis.com *.youtube.com *.youtu.be *.twimg.com platform.twitter.com; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com *.google.com *.googleapis.com; font-src *; img-src data: *; child-src *.nrw.de *.facebook.com *.facebook.de *.twitter.com *.google.com *.googleapis.com *.youtube.com *.youtu.be; frame-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com *.google.com *.googleapis.com *.youtube.com *.youtu.be; object-src 'none'; media-src *;
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=7200
Vary: Cookie,Accept-Encoding