HTTP/1.1 302 Found
Date: Wed, 03 Nov 2021 15:21:59 GMT
Content-Type: text/html; charset=UTF-8
Set-Cookie: PHPSESSID=u2vrtqgl9t6prlvmrrdoh4c8tt; expires=Wed, 03-Nov-2021 16:21:59 GMT; Max-Age=3600; path=/; domain=.bellashus.no; HttpOnly; SameSite=Lax
Set-Cookie: wp_customerId=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.bellashus.no; SameSite=Lax
Set-Cookie: wp_customerGroup=NOT%20LOGGED%20IN; expires=Thu, 03-Nov-2022 15:21:59 GMT; Max-Age=31536000; path=/; domain=.bellashus.no; SameSite=Lax
Location: https://www.bellashus.no/
Report-To: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"https:\/\/eng.vdc.dev\/csp-report"}]}
Content-Security-Policy: font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' data: data: script.hotjar.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.youtube.com *.klarna.com big.g.doubleclick.net vars.hotjar.com *.weltpixel.com *.facebook.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com *.yotpo.com ebizmarts-website.s3.amazonaws.com 'self' data: *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.google.lt analytics.sleeknote.com images.sleeknote.com *.facebook.com blob: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com www.youtube.com video.google.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.klarna.com static.hotjar.com script.hotjar.io https://www.googletagmanager.com tagmanager.google.com *.fullstory.com fullstory.com connect.facebook.net sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com *.googletagmanager.com *.chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.yotpo.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com https://www.google-analytics.com *.facebook.com sleeknotestaticcontent.sleeknote.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint;
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: upgrade-insecure-requests;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Pragma: no-cache
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
HTTP/2 200
server: nginx/1.14.0 (Ubuntu)
date: Wed, 03 Nov 2021 15:22:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=0jvi8boledt6fcubp5hgucn4f0; expires=Wed, 03-Nov-2021 16:22:00 GMT; Max-Age=3600; path=/; domain=.bellashus.no; secure; HttpOnly; SameSite=Lax
report-to: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"https:\/\/eng.vdc.dev\/csp-report"}]}
content-security-policy: font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' data: data: script.hotjar.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.youtube.com *.klarna.com big.g.doubleclick.net vars.hotjar.com *.weltpixel.com *.facebook.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com *.yotpo.com ebizmarts-website.s3.amazonaws.com 'self' data: *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.google.lt analytics.sleeknote.com images.sleeknote.com *.facebook.com blob: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com www.youtube.com video.google.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.klarna.com static.hotjar.com script.hotjar.io https://www.googletagmanager.com tagmanager.google.com *.fullstory.com fullstory.com connect.facebook.net sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com *.googletagmanager.com *.chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.yotpo.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com https://www.google-analytics.com *.facebook.com sleeknotestaticcontent.sleeknote.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint;
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: gzip
pragma: no-cache
expires: -1
cache-control: no-store, no-cache, must-revalidate, max-age=0
|