HTTP/2 200 
content-type: text/html; charset=UTF-8
content-length: 27675
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: ; rel="canonical", ; rel="shortlink"
link: ; rel="alternate"; hreflang="es-ES"
link: ; rel="alternate"; hreflang="nl-NL"
x-ua-compatible: IE=edge
content-language: nl
x-content-type-options: nosniff
x-frame-options: sameorigin
content-encoding: gzip
access-control-allow-origin: *
content-security-policy: upgrade-insecure-requests;   default-src 'self' *.openbank.es;   script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com track.adform.net     *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com *.openbank.com.ar     https://maps.googleapis.com simuladores-pre.afi.es simuladores.afi.es     *.nr-data.net https://browseranalytic.com https://www.google.com     *.gstatic.com https://tags.tiqcdn.com *.google-analytics.com *.tealiumiq.com     https://tealium.hs.llnwd.net https://*.g.doubleclick.net  *.amazonaws.com     *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net     *.ytimg.com api-ob.nd.nudatasecurity.com     https://cdnjs.cloudflare.com     *.googletagmanager.com *.we-stats.com static.browseranalytic.com     optimize.google.com bat.bing.com blob: openbanksimuladores-pre.afi.es     openbanksimuladores.afi.es;   style-src 'self' 'unsafe-inline' optimize.google.com https://fonts.googleapis.com     *.amazonaws.com *.openbankwealth.com *.openbank.es *.openbank.de *.openbank.nl *.openbank.com.ar     *.openbank.pt api-ob.nd.nudatasecurity.com https://maxcdn.bootstrapcdn.com;   img-src 'self' px.ads.linkedin.com *.idealista.com track.adform.net     www.financeads.net data: 'unsafe-inline' *.amazonaws.com     *.googletagmanager.com https://maps.googleapis.com *.gstatic.com     *.google-analytics.com *.doubleclick.net *.openbank.es     *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com.ar *.google.com *.google.es     *.google.ie *.facebook.com api-ob.nd.nudatasecurity.com     https://aax-eu.amazon-adsystem.com bat.bing.com     tr.outbrain.com www.linkedin.com s-central1-madrid-investing.cloudfunctions.net     tbl.tradedoubler.com dmpue.el-mundo.net action.metaffiliation.com;   media-src 'self' 'unsafe-inline' *.amazonaws.com  *.openbank.es *.youtube.com;   frame-src 'self' optimize.google.com https://www.google.com *.gstatic.com     *.youtube.com simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net     api-ob.nd.nudatasecurity.com *.openbank.es blob:     openbanksimuladores-pre.afi.es openbanksimuladores.afi.es;   child-src  https://www.google.com *.gstatic.com *.youtube.com     simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net     api-ob.nd.nudatasecurity.com *.openbank.es blob:     openbanksimuladores-pre.afi.es openbanksimuladores.afi.es;   font-src 'self' *.openbank.es *.openbank.de *.openbank.com.ar     *.openbank.nl *.openbank.pt maxcdn.bootstrapcdn.com data:     https://fonts.gstatic.com *.openbankwealth.com api-ob.nd.nudatasecurity.com     maxcdn.bootstrapcdn.com;   connect-src 'self' www.google-analytics.com *.openbank.pt *.openbank.nl     *.openbank.de *.openbank.es *.openbank.com.ar *.nr-data.net *.we-stats.com     *.tealiumiq.com api-ob.nd.nudatasecurity.com     lib-eu-1.brilliantcollector.com op.browseranalytic.com *.ok-cloud.net     adservice.google.com www.google.com *.openbank.com;   frame-ancestors 'self' *.openbank.de *.openbank.nl *.openbank.pt *.openbank.es     api.paycomet.com https://www.paytpv.com *.openbank.com.ar     https://openbank-mkt-dev1-1.campaign.adobe.com https://openbank-mkt-stage1-1.campaign.adobe.com https://openbank-mkt-prod1-1.campaign.adobe.com     https://openbank-mkt-dev1.campaign.adobe.com https://openbank-mkt-stage1.campaign.adobe.com https://openbank.campaign.adobe.com;   object-src 'self' *.openbank.es
x-content-security-policy: default-src 'self' *.openbank.es;   script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com track.adform.net     *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com *.openbank.com.ar     https://maps.googleapis.com simuladores-pre.afi.es simuladores.afi.es     *.nr-data.net https://browseranalytic.com https://www.google.com     *.gstatic.com https://tags.tiqcdn.com *.google-analytics.com *.tealiumiq.com     https://tealium.hs.llnwd.net https://*.g.doubleclick.net  *.amazonaws.com     *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net     *.ytimg.com api-ob.nd.nudatasecurity.com     https://cdnjs.cloudflare.com     *.googletagmanager.com *.we-stats.com static.browseranalytic.com     optimize.google.com bat.bing.com blob: openbanksimuladores-pre.afi.es     openbanksimuladores.afi.es;   style-src 'self' 'unsafe-inline' optimize.google.com     https://fonts.googleapis.com *.amazonaws.com *.openbankwealth.com     *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com.ar     api-ob.nd.nudatasecurity.com https://maxcdn.bootstrapcdn.com;   img-src 'self' *.idealista.com px.ads.linkedin.com track.adform.net     www.financeads.net data: 'unsafe-inline' *.amazonaws.com     *.googletagmanager.com https://maps.googleapis.com *.gstatic.com     data: *.google-analytics.com *.doubleclick.net *.openbank.es     *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com.ar *.google.com *.google.es     *.google.ie *.facebook.com api-ob.nd.nudatasecurity.com     https://aax-eu.amazon-adsystem.com bat.bing.com     tr.outbrain.com www.linkedin.com s-central1-madrid-investing.cloudfunctions.net     tbl.tradedoubler.com dmpue.el-mundo.net action.metaffiliation.com;   media-src 'self' 'unsafe-inline' *.amazonaws.com *.openbank.es *.youtube.com;   frame-src 'self' optimize.google.com https://www.google.com *.gstatic.com     *.youtube.com simuladores-pre.afi.es simuladores.afi.es     *.doubleclick.net api-ob.nd.nudatasecurity.com *.openbank.es blob:     openbanksimuladores-pre.afi.es openbanksimuladores.afi.es;   child-src  https://www.google.com *.gstatic.com *.youtube.com     simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net     api-ob.nd.nudatasecurity.com *.openbank.es blob:     openbanksimuladores-pre.afi.es openbanksimuladores.afi.es;   font-src 'self' *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt     maxcdn.bootstrapcdn.com data: https://fonts.gstatic.com     *.openbankwealth.com api-ob.nd.nudatasecurity.com maxcdn.bootstrapcdn.com;   connect-src 'self' www.google-analytics.com *.openbank.es *.nr-data.net     *.we-stats.com *.tealiumiq.com api-ob.nd.nudatasecurity.com     op.browseranalytic.com lib-eu-1.brilliantcollector.com     *.ok-cloud.net adservice.google.com www.google.com *.openbank.com;   frame-ancestors 'self' *.openbank.de *.openbank.nl *.openbank.pt *.openbank.es *.openbank.com.ar     api.paycomet.com https://www.paytpv.com     https://openbank-mkt-dev1-1.campaign.adobe.com https://openbank-mkt-stage1-1.campaign.adobe.com https://openbank-mkt-prod1-1.campaign.adobe.com     https://openbank-mkt-dev1.campaign.adobe.com https://openbank-mkt-stage1.campaign.adobe.com https://openbank.campaign.adobe.com;   object-src 'self' *.openbank.es
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
cache-control: no-cache, no-store, must-revalidate
expires: Wed, 13 Jan 2021 12:05:48 GMT
date: Wed, 13 Jan 2021 12:05:48 GMT
vary: Accept-Encoding
access-control-allow-credentials: false
access-control-max-age: 86400
access-control-allow-methods: GET,POST,HEAD