Cache-Control | post-check=0, pre-check=0 |
Pragma | no-cache |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
Expires | Sun, 01 Jan 2014 00:00:00 GMT |
Vary | Accept-Encoding |
Server | Microsoft-IIS/8.5 |
Content-Security-Policy | default-src 'none'; frame-src 'self' *.g.doubleclick.net www.google.com www.google.de *.intranet.jungheinrich.com *.jungheinrich.de https://gateway.zscloud.net; script-src 'self' *.googleapis.com www.google.com/jsapi www.googleadservices.com googleads.g.doubleclick.net cdnjs.cloudflare.com cdn.optimizely.com stage.excentos.com *.excentos.com csi.gstatic.com rum-static.pingdom.ncet rum-static.pingdom.net stats.g.doubleclick.net *.intranet.jungheinrich.com connect.facebook.net www.gblwebcen.com *.marketo.com *.marketo.net 'unsafe-eval' 'unsafe-inline' https://gateway.zscloud.net ajax.aspnetcdn.com; connect-src 'self' *.log.optimizely.com *.mktoresp.com; img-src 'self' *.googleapis.com *.excentos.com *.log.optimizely.com rum-collector.pingdom.net csi.gstatic.com maps.gstatic.com *.intranet.jungheinrich.com *.jungheinrich.com *.jungheinrich.de *.facebook.com *.google.de data: https://gateway.zscloud.net; style-src 'self' stage.excentos.com *.excentos.com *.googleapis.com *.intranet.jungheinrich.com 'unsafe-inline'; font-src 'self' *.excentos.com *.intranet.jungheinrich.com fonts.gstatic.com ;object-src 'self' *.intranet.jungheinrich.com; |
X-Content-Security-Policy | default-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.optimizely.com www.googleadservices.com *.doubleclick.net *.google.com *.google.de; img-src 'self' *.excentos.com; font-src 'self' ; style-src 'self'; form-action 'self'; |
X-Frame-Options | AllowAll |