HTTP/2 200 content-type: text/html; charset=utf-8 date: Fri, 23 Jan 2026 05:56:08 GMT permissions-policy: camera=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),usb=() referrer-policy: strict-origin-when-cross-origin server: nginx access-control-allow-origin: https://localhost:3001 vary: Origin, Accept-Encoding access-control-allow-credentials: true etag: W/"1e89e-AR+/G6NQmzQBiwd9t/ddMjjDoE8" content-encoding: gzip content-security-policy: default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.steinberg.net *.usercentrics.eu *.personio.de *.personio.com *.googletagmanager.com fonts.googleapis.com *.soundcloud.com *.youtube-nocookie.com *.optimizely.com *.eu-central-1.compute.amazonaws.com *.onfastspring.com *.impactcdn.com *.twitch.tv *.twitchcdn.net; connect-src https: 'self' wss://ws.hotjar.com; img-src https: 'self' *.steinberg.net *.ytimg.com *.usercentrics.eu data:; font-src https: 'self' fonts.gstatic.com fonts.googleapis.com data:; x-frame-options: SAMEORIGIN x-content-type-options: nosniff feature-policy: camera 'none';gamepad 'none';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';usb 'none' via: 1.1 c745fe464cb9993204ab3aaa0012f3f4.cloudfront.net (CloudFront) alt-svc: h3=":443"; ma=86400 cache-control: public, max-age=3600 strict-transport-security: max-age=31536000; includeSubdomains; preload x-cache: Miss from cloudfront x-amz-cf-pop: TLV50-C1 x-amz-cf-id: utpSfzFMQ49IYoeQqQq6UgeE6t0rJGNliaZm46QVXeDuxSYiufrI8g==