| Content-Security-Policy | default-src 'self' https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net http://www.googleadservices.com https://www.google-analytics.com https://www.google.com; style-src 'self' 'unsafe-inline' https://use.typekit.net; img-src 'self' https://s3.eu-central-1.amazonaws.com/eyeonid-public/ https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com http://images.contentful.com; font-src 'self' data: https://use.typekit.net https://ping.typekit.net https://fonts.typekit.net; object-src; media-src 'self' *; frame-src https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google.se |
| Content-Type | text/html; charset=utf-8 |
| ETag | W/"Om6vqA/Ji1wIXZwbbdDHXg==" |
| X-Content-Type-Options | nosniff |
| X-DNS-Prefetch-Control | off |
| X-Download-Options | noopen |
| X-Frame-Options | SAMEORIGIN |
| X-XSS-Protection | 1; mode=block |
| Connection | keep-alive |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| X-Iinfo | 4-17527305-17527342 NNNN CT(136 277 0) RT(1519420297948 187) q(0 0 4 5) r(9 10) U12 |
| X-CDN | Incapsula |
| Content-Encoding | gzip |
| Transfer-Encoding | chunked |