bmas.de

Content-Type: text/html;charset=utf-8
Connection: keep-alive
Date: Thu, 04 Jun 2026 15:49:16 GMT
Content-Language: de
Set-Cookie: AWSALB=AOB17/DQu8VuHOylsxhDgN8OiR4Wq6KiLIE9NADj5xiLz5RH8YV11imy8V5/Dce0dYD7aFyLn+xelceLzmRMo313o3GFu5YhygnmrsP/rUBGHW/0Ove+BWkIgfjn; Expires=Thu, 11 Jun 2026 15:49:16 GMT; Path=/, AWSALBCORS=AOB17/DQu8VuHOylsxhDgN8OiR4Wq6KiLIE9NADj5xiLz5RH8YV11imy8V5/Dce0dYD7aFyLn+xelceLzmRMo313o3GFu5YhygnmrsP/rUBGHW/0Ove+BWkIgfjn; Expires=Thu, 11 Jun 2026 15:49:16 GMT; Path=/; SameSite=None; Secure, JSESSIONID=61C9405D437D3E2E9534BE9ECEB064EF.delivery2-replication; Path=/; HttpOnly;Secure, ROUTEID=.delivery2-replication; path=/; HttpOnly;Secure;HttpOnly
Server: Apache
Cache-Control: no-cache
Pragma: no-cache, no-cache
X-Server-Generated: Thu, 04 Jun 2026 17:49:16 CEST
Referrer-Policy: same-origin
X-Frame-Options: sameorigin
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' about: *.bmas.de  www.etracker.de api.flockler.com api.flockler.app analytics-api.flockler.com; base-uri 'self'; connect-src 'self' 'unsafe-inline' *.etracker.de *.etracker.com analytics-api.flockler.com api.flockler.app api.flockler.com streaming.bmas.de *.delivery.consentmanager.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com *.delivery.consentmanager.net *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com *.podigee.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.flockler.app *.etracker.com *.etracker.de tagmanager.google.com *.delivery.consentmanager.net *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.pixelpark.com *.openstreetmap.org *.twitter.com *.twimg.com *.google-analytics.com *.podigee.com cdn.consentmanager.mgr.consensu.org *.consentmanager.net consentmanager.mgr.consensu.org https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/tables.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/landmarks.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/images.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lists.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lang.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/focus.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/aria.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/headings.js code.highcharts.com about: ; object-src 'self'; font-src 'self' data: *.podigee.com fonts.googleapis.com; media-src 'self' blob: *.youtube.com *.bmas.de; child-src *.google.com *.gstatic.com *.youtube.com *.pixelpark.com *.twitter.com *.twimg.com *.3qsdn.com *.podigee.com *.bmbf.de cdn.jwplayer.com player.vimeo.com *.video-stream-hosting.de cdn.consentmanager.mgr.consensu.org; img-src 'self' blob: data: *.bmas.de fonts.googleapis.com ssl.gstatic.com *.google.com *.bmas.de *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.twitter.com *.twimg.com  *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net media-api.flockler.com *.fbcdn.net scontent.cdninstagram.com *.cdninstagram.com social-proxy.flocklr.com about: ; upgrade-insecure-requests; form-action 'self' validator.w3.org export.highcharts.com; frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.consentmanager.net *.delivery.consentmanager.net *.syecontentdelivery.de *.3qsdn.com *.unitylivestream.com; frame-ancestors 'self' *.facebook.com
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1;mode=block
Location: https://www.bmas.de/DE/Startseite/start.html
X-Cache: Miss from cloudfront
Via: 1.1 15319820542bb361a19d84a76dad0c80.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MXP53-P7
X-Amz-Cf-Id: 38G_1wBTpMSF4jeMd5Hk85gKxdv88M21AjVF7K5mW8wfZ-KOLYbIdg==