Cache-Control | private |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
Vary | Accept-Encoding |
X-AspNetMvc-Version | 5.2 |
X-Content-Security-Policy | default-src 'self'; media-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com res.cloudinary.com; frame-ancestors 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.abtasty.com *.veinteractive.com www.nordicchoicehotels.com *.twitter.com *.google.com extads.net m.addthisedge.com m.addthis.com s7.addthis.com assets.juicer.io www.google-analytics.com www.googletagmanager.com tagmanager.google.com res.cloudinary.com *.cloudfront.net *.facebook.com connect.facebook.net track.adform.net *.fls.doubleclick.net nowinteract-nowinteractnordi.netdna-ssl.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io ve1storasstst.blob.core.windows.net *.veinteractive.com js-agent.newrelic.com bam.nr-data.net; connect-src 'self' wss://*.coop.se:* wss://*.kf.local:* emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.veinteractive.com *.abtasty.com ve1appseventssb.servicebus.windows.net apil1.spinnaker-js.com m.addthis.com s7.addthis.com www.juicer.io *.108proxy.se *.54proxy.se www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.facebook.com connect.facebook.net bam.nr-data.net; style-src 'self' 'unsafe-inline' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.abtasty.com *.pingdom.net *.veinteractive.com assets.juicer.io tagmanager.google.com fonts.googleapis.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io; img-src 'self' data: emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.zendesk.com *.abtasty.com www.gstatic.com api.hitta.se scontent.cdninstagram.com www.google.com www.google.se *.google-analytics.com *.googletagmanager.com tagmanager.google.com ssl.gstatic.com res.cloudinary.com *.cloudfront.net *.facebook.com stats.g.doubleclick.net track.adform.net *.fls.doubleclick.net *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io; font-src 'self' data: emp.jobylon.com cdn.jobylon.com *.jobylon.com assets.juicer.io fonts.gstatic.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io; frame-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.veinteractive.com accounts.google.com www.flysas.com app.ecoonline.com www.nordicchoicehotels.com recruit.visma.com www.recruit.visma.com www.aditrorecruit.com *.twitter.com www.youtube.com *.facebook.com c1.adform.net s7.addthis.com track.adform.net *.fls.doubleclick.net *.easyresearch.se *.abtasty.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io www.google.com ve1storasstst.blob.core.windows.net *.veinteractive.com; base-uri 'self' *.coop.se *.kf.local ; report-uri https://coop.report-uri.io/r/default/csp/enforce |
Content-Security-Policy | default-src 'self'; media-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com res.cloudinary.com; frame-ancestors 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.abtasty.com *.veinteractive.com www.nordicchoicehotels.com *.twitter.com *.google.com extads.net m.addthisedge.com m.addthis.com s7.addthis.com assets.juicer.io www.google-analytics.com www.googletagmanager.com tagmanager.google.com res.cloudinary.com *.cloudfront.net *.facebook.com connect.facebook.net track.adform.net *.fls.doubleclick.net nowinteract-nowinteractnordi.netdna-ssl.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io ve1storasstst.blob.core.windows.net *.veinteractive.com js-agent.newrelic.com bam.nr-data.net; connect-src 'self' wss://*.coop.se:* wss://*.kf.local:* emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.veinteractive.com *.abtasty.com ve1appseventssb.servicebus.windows.net apil1.spinnaker-js.com m.addthis.com s7.addthis.com www.juicer.io *.108proxy.se *.54proxy.se www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io *.facebook.com connect.facebook.net bam.nr-data.net; style-src 'self' 'unsafe-inline' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.abtasty.com *.pingdom.net *.veinteractive.com assets.juicer.io tagmanager.google.com fonts.googleapis.com *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io; img-src 'self' data: emp.jobylon.com cdn.jobylon.com *.jobylon.com *.pingdom.net *.zendesk.com *.abtasty.com www.gstatic.com api.hitta.se scontent.cdninstagram.com www.google.com www.google.se *.google-analytics.com *.googletagmanager.com tagmanager.google.com ssl.gstatic.com res.cloudinary.com *.cloudfront.net *.facebook.com stats.g.doubleclick.net track.adform.net *.fls.doubleclick.net *.easyresearch.se *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io; font-src 'self' data: emp.jobylon.com cdn.jobylon.com *.jobylon.com assets.juicer.io fonts.gstatic.com tagmanager.google.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io; frame-src 'self' emp.jobylon.com cdn.jobylon.com *.jobylon.com *.veinteractive.com accounts.google.com www.flysas.com app.ecoonline.com www.nordicchoicehotels.com recruit.visma.com www.recruit.visma.com www.aditrorecruit.com *.twitter.com www.youtube.com *.facebook.com c1.adform.net s7.addthis.com track.adform.net *.fls.doubleclick.net *.easyresearch.se *.abtasty.com *.zendesk.com *.zopim.com wss://*.zopim.com *.zopim.io www.google.com ve1storasstst.blob.core.windows.net *.veinteractive.com; base-uri 'self' *.coop.se *.kf.local ; report-uri https://coop.report-uri.io/r/default/csp/enforce |
X-Server-Name | 8 |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |