Open
Cached
·
just now
23
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31557600
Content-Security-Policy
Basic
font-src; form-action; frame-ancestors; +11 more
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' *.google.com *.facebook.com *.googleapis.com data: 'unsafe-inline' data: *.lucrin.com *.lucrin.de *.lucrin.fr *.lucrin.it *.lucrin.com.nl *.lucrin.fi *.lucrin.ie *.lucrin.at *.youtube.com *.cloudflare.com *.bing.com *.hotjar.com https://cdn.lucrin.com https://lucrin.my.salesforce.com *.salesforce-sites.com *.adn.cloud *.ctfcloud.net *.taboola.com ssets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com *.bing.net dpm.demdex.net amcglobal.sc.omtrdc.net geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ct.pinterest.com *.online-metrix.net magefan.com cm.magefan.com *.cdn-apple.com google.com cdn.polyfill.io pay.google.com test.saferpay.com saferpay.com assets.adobedtm.com *.aptrinsic.com lucrin.my.site.com tagmanager.google.com js.mollie.com *.stripe.network *.stripecdn.com *.klarnacdn.net *.amazon.com *.link.com *.trustpilot.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.gateway.spring.citi.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.magento-ds.com *.braintreegateway.com www.apptrian.com graph.facebook.com business.facebook.com https://maps.googleapis.com *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.adobe.io performance.typekit.net *.sentry.io *.braintree-api.com klarna.com *.klarnaevt.com *.stripe.com lucrin.my.salesforce-scrt.com *.fontawesome.com *.revolut.com *.klarna.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' *.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self' *.service.force.com *.googletagmanager.com *.youtube.com *.pcapredict.com http://service.force.com *.googleadservices.com *.paypal.com *.stripe.com *.youtube-nocookie.com/ *.adn.cloud *.ctfcloud.net *.salesforce-sites.com *.taboola.com *.tiktok.com *.cembrapay.ch *.revolut.com *.google.com *.cdn-apple.com cdn.polyfill.io google.com pay.google.com *.gstatic.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.lucrin.es *.lucrin.ca *.lucrin.pt *.lucrin.co.uk *.lucrin.se *.lucrin.ae *.lucrin.sg *.lucrin.hk *.lucrin.co.jp *.lucrin.in *.lucrin.com.au *.lucrin.ch *.lucrin.com *.lucrin.de *.lucrin.fr *.lucrin.it *.lucrin.com.nl *.lucrin.ie *.lucrin.at *.tiktok.com https://www.google.com https://www.facebook.com *.service.force.com http://service.force.com *.doubleclick.net *.paypalobjects.com *.klarna.com *.youtube-nocookie.com/ *.googletagmanager.com *.baidu.com *.googleapis.com *.googleadservices.com *.stripe.com *.hotjar.com https://lucrin.my.salesforce.com *.salesforce-sites.com *.adn.cloud *.ctfcloud.net *.taboola.com ssets.adobedtm.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com *.bing.net dpm.demdex.net amcglobal.sc.omtrdc.net *.bing.com ct.pinterest.com *.online-metrix.net magefan.com cm.magefan.com *.cdn-apple.com cdn.polyfill.io pay.google.com test.saferpay.com saferpay.com assets.adobedtm.com *.aptrinsic.com lucrin.my.site.com tagmanager.google.com js.mollie.com *.stripe.network *.stripecdn.com *.klarnacdn.net *.amazon.com *.link.com *.trustpilot.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.gateway.spring.citi.com *.commerce-payment-services.com t.paypal.com s.ytimg.com www.googleapis.com *.magento-ds.com use.typekit.net https://maps.googleapis.com *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.adobe.io performance.typekit.net *.sentry.io *.braintree-api.com klarna.com *.klarnaevt.com lucrin.my.salesforce-scrt.com *.cembrapay.ch *.revolut.com *.gstatic.com www.saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cembrapay.ch business.facebook.com https://images.unsplash.com *.cembrapay.ch 'self' *.lucrin.es *.lucrin.ca *.lucrin.pt *.lucrin.co.uk *.lucrin.se *.lucrin.ae *.lucrin.sg *.lucrin.hk *.lucrin.co.jp *.lucrin.in *.lucrin.com.au *.lucrin.ch *.lucrin.com *.lucrin.ie *.lucrin.de *.lucrin.fr *.lucrin.it *.lucrin.com.nl *.tiktok.com *.tiktokw.us *.yimg.jp *.google.com https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.connect.facebook.net https://stats.g.doubleclick.net https://image.lucrin.com *.image.lucrin.com *.s7d1.scene7.com https://s7d1.scene7.com https://cdn.lucrin.com *.algolia.net *.stats.g.doubleclick.net *.g.doubleclick.net *.google.fr *.google.com.au *.google.de *.google.ie *.google.ca *.google.nl *.google.it *.google.es *.google.co.uk *.google.in *.google.cn *.google.co.jp *.google.at *.google.be *.google.ch *.google.hk *.google.lu *.google.sg *.google.ae *.google.fi *.google.se *.google.pt *.google.sa *.google.mu *.googletagmanager.com *.baidu.com *.googleapis.com *.ups.com *.bam.nr-data.net *.zdassets.com *.zendesk.com *.bing.com lucrin.com meetanshi.com *.hotjar.com *.clarity.ms *.salesforce-sites.com https://lucrin.my.salesforce.com *.adn.cloud *.ctfcloud.net *.taboola.com ssets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.bing.net geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ct.pinterest.com *.online-metrix.net magefan.com cm.magefan.com *.cdn-apple.com google.com cdn.polyfill.io pay.google.com test.saferpay.com saferpay.com *.aptrinsic.com lucrin.my.site.com tagmanager.google.com js.mollie.com *.stripe.network *.stripecdn.com *.klarnacdn.net *.amazon.com *.link.com *.trustpilot.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.gateway.spring.citi.com *.commerce-payment-services.com www.sandbox.paypal.com s.ytimg.com www.googleapis.com *.magento-ds.com use.typekit.net *.braintreegateway.com https://maps.googleapis.com *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.adobe.io performance.typekit.net *.sentry.io *.braintree-api.com klarna.com *.klarnaevt.com *.stripe.com lucrin.my.salesforce-scrt.com *.certcapture.com app.certcapture.com https://www.mollie.com *.revolut.com www.saferpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com *.yimg.jp *.lucrin.ch *.lucrin.de *.lucrin.es *.lucrin.fr *.lucrin.it *.lucrin.ie *.lucrin.at *.lucrin.fi *.lucrin.com.nl *.lucrin.ca *.lucrin.pt *.lucrin.co.uk *.lucrin.se *.lucrin.ae *.lucrin.sg *.lucrin.hk *.lucrin.co.jp *.lucrin.in *.lucrin.com.au *.lucrin.com *.tiktokw.us *.facebook.com *.googleadservices.com *.google-analytics.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.tiktok.com *.pcapredict.com *.service.force.com http://service.force.com https://d.la1-c2-fra.salesforceliveagent.com https://d.la1-c2-cdg.salesforceliveagent.com/ *.algolia.net *.stats.g.doubleclick.net *.g.doubleclick.net *.gstatic.com https://lucrin.my.salesforce.com *.mfgroup.ch *.baidu.com *.googleapis.com *.googlesyndication.com *.zdassets.com api.eu-1.smooch.io bat.bing.com *.bing.com *.consent.cookiebot.com *.clarity.ms *.hotjar.com *.salesforce-sites.com *.adn.cloud *.ctfcloud.net *.taboola.com ssets.adobedtm.com *.bing.net dpm.demdex.net geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ct.pinterest.com *.online-metrix.net magefan.com cm.magefan.com cdn.polyfill.io pay.google.com test.saferpay.com saferpay.com *.aptrinsic.com lucrin.my.site.com tagmanager.google.com js.mollie.com *.stripe.network *.stripecdn.com *.klarnacdn.net *.amazon.com *.link.com *.trustpilot.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.gateway.spring.citi.com *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.adobe.io performance.typekit.net *.sentry.io *.braintree-api.com klarna.com *.klarnaevt.com *.stripe.com lucrin.my.salesforce-scrt.com *.certcapture.com app.certcapture.com *.cembrapay.ch *.revolut.com www.saferpay.com *.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'self' *.googleapis.com *.google.com *.facebook.com *.youtube.com *.typekit.net *.cloudflare.com/ *.service.force.com http://service.force.com *.lucrin.com *.lucrin.de *.lucrin.fr *.lucrin.it *.lucrin.com.nl *.lucrin.fi *.lucrin.ie *.lucrin.at *.algolia.net *.stats.g.doubleclick.net *.gstatic.com *.mfgroup.ch *.googletagmanager.com *.baidu.com *.zdassets.com *.smooch.io *.bing.com *.consent.cookiebot.com *.hotjar.com *.salesforce-sites.com https://lucrin.my.salesforce.com *.adn.cloud *.ctfcloud.net *.taboola.com ssets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com *.bing.net dpm.demdex.net amcglobal.sc.omtrdc.net geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ct.pinterest.com *.online-metrix.net magefan.com cm.magefan.com *.cdn-apple.com google.com cdn.polyfill.io pay.google.com test.saferpay.com saferpay.com assets.adobedtm.com *.aptrinsic.com lucrin.my.site.com tagmanager.google.com js.mollie.com *.stripe.network *.stripecdn.com *.klarnacdn.net *.amazon.com *.link.com *.trustpilot.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.gateway.spring.citi.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.magento-ds.com use.typekit.net *.braintreegateway.com www.apptrian.com graph.facebook.com business.facebook.com https://maps.googleapis.com *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.adobe.io performance.typekit.net *.sentry.io *.braintree-api.com klarna.com *.klarnaevt.com *.stripe.com lucrin.my.salesforce-scrt.com *.certcapture.com app.certcapture.com *.cembrapay.ch *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' *.lucrin.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://player.vimeo.com 'self' *.yimg.jp *.lucrin.es *.lucrin.ca *.lucrin.pt *.lucrin.co.uk *.lucrin.se *.lucrin.ae *.lucrin.sg *.lucrin.hk *.lucrin.co.jp *.lucrin.in *.lucrin.com.au *.lucrin.ch *.lucrin.com *.lucrin.de *.lucrin.fr *.lucrin.it *.lucrin.ie *.lucrin.com.nl *.lucrin.fi *.lucrin.at *.tiktokw.us *.tiktok.com *.facebook.com *.google-analytics.com *.doubleclick.net *.gstatic.com *.youtube.com *.klarnaevt.com *.googletagmanager.com *.baidu.com *.googleapis.com *.googleadservices.com *.zdassets.com *.zendesk.com wss://api.eu-1.smooch.io/faye *.googlesyndication.com *.clarity.ms wss://ws.hotjar.com *.hotjar.io *.salesforce-sites.com https://lucrin.my.salesforce.com *.adn.cloud *.ctfcloud.net *.taboola.com ssets.adobedtm.com *.adobe.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net *.bing.net *.bing.com ct.pinterest.com *.online-metrix.net magefan.com cm.magefan.com *.cdn-apple.com cdn.polyfill.io pay.google.com test.saferpay.com saferpay.com assets.adobedtm.com *.aptrinsic.com lucrin.my.site.com tagmanager.google.com js.mollie.com *.stripe.network *.stripecdn.com *.klarnacdn.net *.amazon.com *.link.com *.trustpilot.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.gateway.spring.citi.com *.commerce-payment-services.com t.paypal.com s.ytimg.com www.googleapis.com *.magento-ds.com use.typekit.net klarna.com *.stripe.com lucrin.my.salesforce-scrt.com *.certcapture.com app.certcapture.com *.cembrapay.ch *.revolut.com www.saferpay.com *.klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' *.klarna.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Accept-Encoding,X-Store-
Caching Headers
4 headers
Age
Caching
3422
Cache-Control
Caching
no-store, no-cache, must-revalidate, max-age=0
Expires
Caching
Thu, 22 Jan 2026 04:38:33 GMT
Pragma
Caching
cache
Content Headers
2 headers
Content-Length
Content
1268122
Content-Type
Content
text/html; charset=UTF-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
9 headers
Date
Other
Wed, 21 Jan 2026 05:35:37 GMT
Traceresponse
Other
00-188ca520a2c9677489c40224500b3d49-853af3831c990505-01
X-Built-With
Other
Hyva Themes
X-Cache
Other
MISS, HIT, MISS
X-Cache-Hits
Other
0, 29, 0
X-Debug-Info
Other
eyJyZXRyaWVzIjowfQ==
X-Platform-Server
Other
i-0b0477b7cc10f28fd
X-Served-By
Other
cache-par-lfpb1150048-PAR, cache-par-lfpb1150048-PAR, cache-ewr-kewr1740094-EWR
X-Timer
Other
S1768970313.238073,VS0,VE1496
Recommendations
Enable compression (gzip/brotli) to improve performance