Date: Tue, 16 May 2017 16:05:36 GMT
Set-Cookie: ISHD_SESSION=392s3eia3fk906tfrukmevsi64; path=/; secure; HttpOnly
Cache-Control: no-cache, private
X-Frame-Options: DENY
Server: Apache/2.4.7 (Ubuntu)
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
X-XSS-Protection: 1; mode=block
Content-Security-Policy-Report-Only: default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ *.ak.facebook.com www.facebook.com staticxx.facebook.com https://*.twitter.com https://googleads.g.doubleclick.net/ disqus.com; img-src 'self' data: https://ssl.gstatic.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google-analytics.com *.googlesyndication.com https://syndication.twitter.com https://*.twimg.com platform.twitter.com https://www.facebook.com referrer.disqus.com *.disquscdn.com; object-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com connect.facebook.net platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js-agent.newrelic.com *.nr-data.net *.googlesyndication.com maps.googleapis.com ish-deutschland-dev.disqus.com ish-deutschland.disqus.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com platform.twitter.com https://*.twimg.com fonts.googleapis.com *.disquscdn.com; report-uri /csp/report
Vary: Accept-Encoding
X-Content-Security-Policy-Report-Only: default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ *.ak.facebook.com www.facebook.com staticxx.facebook.com https://*.twitter.com https://googleads.g.doubleclick.net/ disqus.com; img-src 'self' data: https://ssl.gstatic.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google-analytics.com *.googlesyndication.com https://syndication.twitter.com https://*.twimg.com platform.twitter.com https://www.facebook.com referrer.disqus.com *.disquscdn.com; object-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com connect.facebook.net platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js-agent.newrelic.com *.nr-data.net *.googlesyndication.com maps.googleapis.com ish-deutschland-dev.disqus.com ish-deutschland.disqus.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com platform.twitter.com https://*.twimg.com fonts.googleapis.com *.disquscdn.com; report-uri /csp/report
X-Content-Type-Options: nosniff
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=15768000; includeSubDomains
Referrer-Policy: no-referrer, strict-origin-when-cross-origin