X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.nrw.de *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.jwplatform.com *.flickr.com *.staticflickr.com ; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com; font-src *; img-src data: *; frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; child-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org; object-src 'self'; connect-src 'self' *.nrw.de; media-src *;
Date: Mon, 16 Oct 2017 12:11:57 GMT
HTTP/1.1 200 OK
X-Content-Security-Policy: default-src 'self' *.nrw.de *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.jwplatform.com *.flickr.com *.staticflickr.com ; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com; font-src *; img-src data: *; frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; child-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org; object-src 'self'; connect-src 'self' *.nrw.de; media-src *;
Strict-Transport-Security: max-age=31536000; preload
X-UA-Compatible: IE=edge
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: master-only
Content-Type: text/html; charset=UTF-8
Content-language: de
X-Drupal-Dynamic-Cache: UNCACHEABLE
X-Content-Type-Options: nosniff
Server: Apache
Cache-Control: must-revalidate, no-cache, private
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 285035