Content-Type: text/html; charset=utf-8
Last-Modified: Fri, 30 Jun 2017 10:50:19 GMT
X-Drupal-Cache: HIT
Date: Fri, 30 Jun 2017 10:53:01 GMT
Content-Language: sv
X-Powered-By: PHP/5.4.45-0+deb7u3
Cache-Control: public, max-age=600
HTTP/1.1 200 OK
X-Frame-Options: SameOrigin
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' *.bostadlulea.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com; media-src 'self' *.bostadlulea.se; frame-src 'self'; font-src 'self' *.myfonts.net *.gstatic.com; connect-src 'self' *.googleapis.com; report-uri /admin/config/system/seckit/csp-report
Vary: Cookie,Accept-Encoding
X-XSS-Protection: 1; mode=block
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' *.bostadlulea.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com; media-src 'self' *.bostadlulea.se; frame-src 'self'; font-src 'self' *.myfonts.net *.gstatic.com; connect-src 'self' *.googleapis.com; report-uri /admin/config/system/seckit/csp-report
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Etag: "1498819819-0"
X-Generator: Drupal 7 (http://drupal.org)
Server: Apache
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' *.bostadlulea.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com; media-src 'self' *.bostadlulea.se; frame-src 'self'; font-src 'self' *.myfonts.net *.gstatic.com; connect-src 'self' *.googleapis.com; report-uri /admin/config/system/seckit/csp-report