X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Referrer-Policy | no-referrer-when-downgrade |
X-Content-Security-Policy | default-src 'none'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com; img-src 'unsafe-inline' data: 'self' *.google.com *.google.de *.googleapis.com *.gstatic.com *.google-analytics.com; form-action 'self' maps.google.de; connect-src 'self'; |
X-WebKit-CSP | default-src 'none'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com; img-src 'unsafe-inline' data: 'self' *.google.com *.google.de *.googleapis.com *.gstatic.com *.google-analytics.com; form-action 'self' maps.google.de; connect-src 'self'; |
Content-Security-Policy | default-src 'none'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gatatic.com *.google-analytics.com; img-src 'unsafe-inline' data: 'self' *.google.com *.google.de *.googleapis.com *.gstatic.com *.google-analytics.com; form-action 'self' maps.google.de; connect-src 'self'; |
X-UA-Compatible | IE=edge |
Content-Type | text/html;charset=UTF-8 |
Transfer-Encoding | chunked |
Content-Encoding | gzip |
Vary | Accept-Encoding |
Server | Hessischer Verwaltungsschulverband |