| date: |
Tue, 01 Oct 2024 04:53:33 GMT |
| content-type: |
text/html; charset=UTF-8 |
| transfer-encoding: |
chunked |
| connection: |
close |
| accept-ch: |
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA |
| critical-ch: |
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA |
| cross-origin-embedder-policy: |
require-corp |
| cross-origin-opener-policy: |
same-origin |
| cross-origin-resource-policy: |
same-origin |
| origin-agent-cluster: |
?1 |
| permissions-policy: |
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() |
| referrer-policy: |
same-origin |
| x-content-options: |
nosniff |
| x-frame-options: |
SAMEORIGIN |
| cf-mitigated: |
challenge |
| cf-chl-out: |
lNJzUU0dBTf0tdpBG4TL2qQaz9TcgWU1X285hH5c1wVLNeQC1PfR9cT34tbZPkH1ycASGTkfB89LcRflXK8B/fxQZ0KKfWruU133vLtg6QWWDdJfz5QwgAMfer/hJLEdhBtZpfwwJlQxnLzj0YphYw==$L7I68Df6gB5pZBoNh6oWVA== |
| cache-control: |
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
| expires: |
Thu, 01 Jan 1970 00:00:01 GMT |
| set-cookie: |
__cf_bm=gSfxvNVm9xrIAU1JV3crInp3UHqN.FNLY_16shCGS_k-1727758413-1.0.1.1-rI4DLF9vZCZV02WWiGIhANiPd1f1bFGn3hmrC8_qmyViVNaLdCqcH_8wZ9f7vLMWzOZgorV0mlwl.qZpiVQ2ew; path=/; expires=Tue, 01-Oct-24 05:23:33 GMT; domain=.oxo.com; HttpOnly; Secure; SameSite=None |
| content-security-policy: |
base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com cdn.crobox.io api.crobox.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com cdn.crobox.io api.crobox.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com cdn.crobox.io api.crobox.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=tYWG_PtaPzx0vuY.qmdcmwXNmcCY9ERjiJRS0cC9Oms-1727758413-1.0.1.1-jmFbKjSdenI1PKRcNzy0jS1ZX5gDLiTY8GXVqiTXH4x2cM9Xdl.2NhNBeSqLnF2.iDgZjljDG0Cq.H6iU4FTm7GWBhRrgv7gREJg.pGuBjP1m_hQ9DV3Ef0BnAlTVHvd_CXyGoehCOPurV38aJIDzx6HydvFL2tjb.6dSM95WZvT4BB84bT0rGM3Cqqo3EUA_iSvBgEeNAv8misuZI9elg; report-to cf-ztifqqyrtdxemcam, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com *.crobox.com *.crobox.io cdnjs.cloudflare.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com cdn.crobox.io api.crobox.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=vmBFNSIkCEgdPECz09ADc2RoEN.XTqUD7qyuvgV5iKo-1727758413-1.0.1.1-EZGEueedqKBasnklDSFsJbQpReyVEelHbZvq6YTpYUhWifc_BEyuVOVSdjqD5YtQyab2JIQOtlKw0P9lvtXxbWivPmPNaxxImDdaMlhlQ8ewzTmXVJ8528b6NJWngMSZjM.LrH7e3RIstmr3abRxKiTJ1Y1gOKk0kEugitkfTujO4.Sznrd1PxJqcTFm6N7cGWNdkMqUAUDKVmjlM1Ig0A; report-to cf-yqjfuqetfkttqsab |
| report-to: |
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=tYWG_PtaPzx0vuY.qmdcmwXNmcCY9ERjiJRS0cC9Oms-1727758413-1.0.1.1-jmFbKjSdenI1PKRcNzy0jS1ZX5gDLiTY8GXVqiTXH4x2cM9Xdl.2NhNBeSqLnF2.iDgZjljDG0Cq.H6iU4FTm7GWBhRrgv7gREJg.pGuBjP1m_hQ9DV3Ef0BnAlTVHvd_CXyGoehCOPurV38aJIDzx6HydvFL2tjb.6dSM95WZvT4BB84bT0rGM3Cqqo3EUA_iSvBgEeNAv8misuZI9elg"}],"group":"cf-ztifqqyrtdxemcam","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=vmBFNSIkCEgdPECz09ADc2RoEN.XTqUD7qyuvgV5iKo-1727758413-1.0.1.1-EZGEueedqKBasnklDSFsJbQpReyVEelHbZvq6YTpYUhWifc_BEyuVOVSdjqD5YtQyab2JIQOtlKw0P9lvtXxbWivPmPNaxxImDdaMlhlQ8ewzTmXVJ8528b6NJWngMSZjM.LrH7e3RIstmr3abRxKiTJ1Y1gOKk0kEugitkfTujO4.Sznrd1PxJqcTFm6N7cGWNdkMqUAUDKVmjlM1Ig0A"}],"group":"cf-yqjfuqetfkttqsab","max_age":86400} |
| server: |
cloudflare |
| cf-ray: |
8cb9d9874dbbb8c6-AMS |
|
