Cache-Control | post-check=0, pre-check=0 |
Pragma | public |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
Expires | Sun, 01 Jan 2014 00:00:00 GMT |
ETag | "1b546700fab1d40bcf390fbbe93fc126" |
Vary | Accept-Encoding |
Server | Microsoft-IIS/8.5 |
Content-Security-Policy | default-src 'none'; frame-src 'self' service.giosg.com *.g.doubleclick.net www.google.com www.google.de *.intranet.jungheinrich.com *.jungheinrich.de https://gateway.zscloud.net; script-src 'self' tr.prospecteye.com bat.bing.com wm2.wiredminds.de eu2.snoobi.eu dev.visualwebsiteoptimizer.com www.google-analytics.com/analytics.js *.googletagmanager.com service.giosg.com px.ads.linkedin.com snap.licdn.com *.leady.cz *.leady.com *.imedia.cz ethn.io mc.yandex.ru public.wixab-cloud.com *.googleapis.com www.google.com/jsapi www.googleadservices.com googleads.g.doubleclick.net cdnjs.cloudflare.com cdn.optimizely.com stage.excentos.com *.excentos.com csi.gstatic.com rum-static.pingdom.ncet rum-static.pingdom.net stats.g.doubleclick.net *.intranet.jungheinrich.com connect.facebook.net www.gblwebcen.com *.marketo.com *.marketo.net 'unsafe-eval' 'unsafe-inline' https://gateway.zscloud.net ajax.aspnetcdn.com; connect-src 'self' service.giosg.com mc.yandex.ru *.log.optimizely.com *.mktoresp.com; img-src 'self' bat.bing.com t2.leadlab.click wm2.wiredminds.de dev.visualwebsiteoptimizer.com www.google-analytics.com giosg-chat-public-eu.s3.amazonaws.com service.giosg.com *.leady.com *.imedia.cz public.wixab-cloud.com *.google.com stats.g.doubleclick.net *.googleapis.com *.excentos.com *.log.optimizely.com rum-collector.pingdom.net csi.gstatic.com maps.gstatic.com *.intranet.jungheinrich.com *.jungheinrich.com *.jungheinrich.de *.facebook.com *.google.de data: https://gateway.zscloud.net; style-src 'self' service.giosg.com stage.excentos.com *.excentos.com *.googleapis.com *.intranet.jungheinrich.com 'unsafe-inline'; font-src 'self' *.excentos.com *.intranet.jungheinrich.com fonts.gstatic.com ;object-src 'self' *.intranet.jungheinrich.com; |
X-Content-Security-Policy | default-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.optimizely.com www.googleadservices.com *.doubleclick.net *.google.com *.google.de; img-src 'self' *.excentos.com; font-src 'self' ; style-src 'self'; form-action 'self'; |
X-Frame-Options | AllowAll |