Server | Apache |
X-Powered-By | PHP/5.4.45-0+deb7u3 |
X-Drupal-Cache | HIT |
Etag | "1490787101-0" |
Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' *.bostadlulea.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com; media-src 'self' *.bostadlulea.se; frame-src 'self'; font-src 'self' *.myfonts.net *.gstatic.com; connect-src 'self' *.googleapis.com; report-uri /admin/config/system/seckit/csp-report |
X-Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' *.bostadlulea.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com; media-src 'self' *.bostadlulea.se; frame-src 'self'; font-src 'self' *.myfonts.net *.gstatic.com; connect-src 'self' *.googleapis.com; report-uri /admin/config/system/seckit/csp-report |
X-WebKit-CSP | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' *.bostadlulea.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com; media-src 'self' *.bostadlulea.se; frame-src 'self'; font-src 'self' *.myfonts.net *.gstatic.com; connect-src 'self' *.googleapis.com; report-uri /admin/config/system/seckit/csp-report |
X-XSS-Protection | 1; mode=block |
Content-Language | sv |
X-Generator | Drupal 7 (http://drupal.org) |
Cache-Control | public, max-age=600 |
Expires | Sun, 19 Nov 1978 05:00:00 GMT |
Vary | Cookie,Accept-Encoding |
Last-Modified | Wed, 29 Mar 2017 11:31:41 GMT |
X-Content-Type-Options | nosniff, nosniff |
X-Frame-Options | SameOrigin, sameorigin |
Content-Encoding | gzip |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=utf-8 |