Server | Apache |
Strict-Transport-Security | max-age=31536000; includeSubdomains; preload |
X-Drupal-Cache | HIT |
Etag | "1517771011-1" |
Content-Security-Policy | default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com pixel.convertize.io https://static.hotjar.com https://script.hotjar.com api.salesfeed.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com https://ct.convertize.io https://static.hotjar.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com https://www.googletagmanager.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com https://www.googletagmanager.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* wss://*.hotjar.com https://postcode-api.apiwise.nl https://stats.g.doubleclick.net https://syndication.twitter.com; report-uri /report-csp-violation |
X-Content-Security-Policy | default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com pixel.convertize.io https://static.hotjar.com https://script.hotjar.com api.salesfeed.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com https://ct.convertize.io https://static.hotjar.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com https://www.googletagmanager.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com https://www.googletagmanager.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* wss://*.hotjar.com https://postcode-api.apiwise.nl https://stats.g.doubleclick.net https://syndication.twitter.com; report-uri /report-csp-violation |
X-WebKit-CSP | default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com pixel.convertize.io https://static.hotjar.com https://script.hotjar.com api.salesfeed.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com https://app.getscenario.com https://c.getscenario.com https://s3-eu-west-1.amazonaws.com https://rest-production.mollom.com https://ct.convertize.io https://static.hotjar.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com https://www.googletagmanager.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com https://www.googletagmanager.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com hotjar.com *.hotjar.com *.hotjar.com:* wss://*.hotjar.com https://postcode-api.apiwise.nl https://stats.g.doubleclick.net https://syndication.twitter.com; report-uri /report-csp-violation |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff, nosniff |
X-Frame-Options | SAMEORIGIN, SameOrigin |
Content-Language | de |
X-Generator | Drupal 7 (http://drupal.org) |
Cache-Control | public, max-age=0 |
Last-Modified | Sun, 04 Feb 2018 19:03:31 GMT |
Expires | Sun, 19 Nov 1978 05:00:00 GMT |
Vary | Cookie,Accept-Encoding |
Content-Encoding | gzip |
X-UA-Compatible | IE=Edge,chrome=1 |
Content-Type | text/html; charset=utf-8 |
Accept-Ranges | bytes |
X-Varnish | 1911231806 |
Age | 0 |
Via | 1.1 varnish |
Connection | keep-alive |