Server | Apache |
Content-Language | de |
Cache-Control | private |
strict-transport-security | max-age=31536000; includeSubDomains |
x-frame-options | SAMEORIGIN |
x-xss-protection | 1; mode=block |
x-content-type-options | nosniff |
x-powered-by | nothing |
referrer-policy | no-referrer-when-downgrade |
content-security-policy | default-src 'self' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; |
Content-Encoding | gzip |
Vary | Accept-Encoding |
Keep-Alive | timeout=15, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=utf-8 |