Security Analysis Results

bytes

no-store, no-cache, must-revalidate, max-age=0

keep-alive

gzip

default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: rp.liadm.com newassets.hcaptcha.com i.liadm.com onetrust.com r2.trackedweb.net *.demdex.net cookielaw.org bat.bing.net api.giftcardimpressions.com *.rfihub.com kit.fontawesome.com apis.google.com *.everesttech.net api.fpjs.io *.rfihub.net translate.google.com metrics.nsureapi.com www.google-analytics.com cdn.cookielaw.org *.gstatic.com b.visitor-speed.com *.facebook.com edge.adobedc.net *.facebook.net balance.vanillagift.com device.maxmind.com cdn.glassboxcdn.com c.evidon.com *.tt.omtrdc.net *.omtrdc.net media.vanillagift.com www.googletagmanager.com r2-t.trackedlink.net report.incomm.glassboxdigital.io l.evidon.com static.trackedweb.net cm.everesttech.net expressentry.melissadata.net *.onetrust.com *.incomm.com region1.analytics.google.com sdk-error-manager-service.nsureapi.com www.bing.com sdk-service.nsureapi.com a.visitor-speed.com assets.adobedtm.com *.googleapis.com idx.liadm.com justone.ai www.vanillagift.com *.googleadservices.com region1.google-analytics.com *.cookielaw.org analytics.google.com bat.bing.com *.doubleclick.net live.rezync.com www.google.com google.com sdk.nsureapi.com js.hcaptcha.com d-code.liadm.com *.googlesyndication.com; frame-ancestors 'self' imperva.com *.imperva.com

font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://staging.justone.ai https://justone.ai https://www.justone.ai data: https://fonts.googleapis.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.incomm.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com td.doubleclick.net sdk.nsureapi.com *.rfihub.com *.googleapis.com *.gstatic.com *.zip.co *.hcaptcha.com *.incomm.com www.paypal.com www.paypalobjects.com *.accdab.net *.cdn-net.com https://staging.justone.ai https://justone.ai https://www.justone.ai https://fonts.googleapis.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net *.trackedlink.net c.evidon.com l.evidon.com partners.tremorhub.com image2.pubmatic.com us-u.openx.net aa.agkn.com dsum-sec.casalemedia.com x.bidswitch.net bpi.rtactivate.com idsync.rlcdn.com bat.bing.com *.rfihub.com x.dlx.addthis.com ib.adnxs.com contextual.media.net ps.eyeota.net www.facebook.com pippio.com *.giftcardimpressions.com lex.33across.com cdn.cookielaw.org live.rezync.com *.doubleclick.net *.thegiftcardshop.com *.vanillagift.com *.mastercardgiftcard.com https://www.magezon.com *.incomm.com t.paypal.com *.zip.co https://staging.justone.ai https://justone.ai https://www.justone.ai https://fonts.googleapis.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cdn.glassboxcdn.com c.evidon.com bat.bing.com c1.rfihub.net r2-t.trackedlink.net static.trackedweb.net sdk.nsureapi.com connect.facebook.net live.rezync.com device.maxmind.com urldefense.com www.gstatic.com cdn.cookielaw.org *.gbqofs.com *.glassboxdigital.io *.gbss.io *.console.glassboxsaas.com *.report.gbss.io *.gbqofs.io edge.adobedc.net *.demdex.net cm.everesttech.net *.tt.omtrdc.net *.hcaptcha.com www.paypal.com bam.nr-data.net *.accdab.net *.cdn-net.com *.accertify.net *.zip.co https://staging.justone.ai https://justone.ai https://www.justone.ai 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://api.justuno.com *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.incomm.com https://staging.justone.ai https://justone.ai https://www.justone.ai 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.incomm.com *.magento2-incomm.local edge.adobedc.net report.incomm.glassboxdigital.io sdk.nsureapi.com sdk-service.nsureapi.com d-ipv6.mmapiws.com cdn.cookielaw.org *.hcaptcha.com *.melissadata.net *.cardinalcommerce.com www.paypalobjects.com www.paypal.com bam.nr-data.net *.zip.co https://staging.justone.ai https://justone.ai https://www.justone.ai https://fonts.googleapis.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://api.justuno.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com googleads.g.doubleclick.net r2.trackedweb.net google.com *.vanillagift.incomm.com *.vanillagift.com www.paypal.com bam.nr-data.net *.accdab.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';

text/html; charset=UTF-8

Fri, 19 Dec 2025 18:55:40 GMT

-1

no-cache

max-age=31536000

chunked

Accept-Encoding

Imperva

nosniff

SAMEORIGIN

56-27559111-27559153 NNNN CT(31 64 0) RT(1766170540643 193) q(0 0 1 -1) r(2 2) U12

IE=Edge,chrome=1

1; mode=block