Accept-Ranges: bytes
Server: Apache
X-Frame-Options: sameorigin
Strict-Transport-Security: max-age=2592000; includeSubDomains
X-Content-Type-Options: nosniff
Public-Key-Pins: pin-sha256="vW87ZTn/rDoTflwaQMI4RZk4KSK1yuJw+DdMj5wuq44="; pin-sha256="tAe8QCTrCqQ4OjeSL17CopH/ZLDqQuwPwGPxs6q7/yw="; max-age=2592000; includeSubDomains
Date: Sat, 28 Oct 2017 05:12:27 GMT
HTTP/1.1 200 OK
Cache-Control: max-age=0
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8
Last-Modified: Fri, 27 Oct 2017 23:18:59 GMT
X-Permitted-Cross-Domain-Policies: master-only
Expires: Sat, 28 Oct 2017 05:12:27 GMT
Content-Length: 55531
Content-Security-Policy: default-src 'self' data: sdc2.credit-suisse.com *.nab.ch www.nabhome.ch *.omtrdc.net *.demdex.net www.youtube.com maps.gstatic.com csi.gstatic.com *.googleapis.com fonts.gstatic.com api.rkd.reuters.com secure.credit-now.ch *.g.doubleclick.net www.google.ch www.google.com www.google.de; img-src 'self' data: *.nab.ch *.ggpht.com maps.gstatic.com csi.gstatic.com sdc2.credit-suisse.com *.demdex.net *.googleapis.com api.rkd.reuters.com www.googleadservices.com *.g.doubleclick.net www.google.com www.google.ch www.google.de *.everesttech.net f24.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nab.ch www.credit-suisse.com assets.adobedtm.com fast.fonts.net maps.googleapis.com mts0.googleapis.com mts1.googleapis.com ajax.googleapis.com www.googleadservices.com f24.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.nab.ch fast.fonts.net fonts.googleapis.com; child-src 'self' *.nab.ch www.youtube.com www.bank-now.ch *.g.doubleclick.net www.google.ch www.google.com cdnapisec.kaltura.com *.demdex.net; report-uri /cspreport-service/csp-report
Vary: Accept-Encoding,User-Agent