HTTP/1.1 302 Found
Date: Thu, 23 Dec 2021 06:33:35 GMT
Content-Type: text/html; charset=UTF-8
Set-Cookie: PHPSESSID=psvem10h7leobr5joleisn9vui; expires=Fri, 24-Dec-2021 06:33:35 GMT; Max-Age=86400; path=/; domain=www.dermanor.no; HttpOnly
Location: https://www.dermanor.no/
Report-To: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"https:\/\/eng.vdc.dev\/csp-report"}]}
Content-Security-Policy: font-src *.gstatic.com data: script.hotjar.com *.typekit.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net dermanor.stage.vismadigital.com *.dermanor.stage.vismadigital.com dermanor.no *.dermanor.no dermarome.se *.dermarome.se dermarome.fi *.dermarome.fi dermarome.dk *.dermarome.dk dermanor.com *.dermanor.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.youtube.com *.klarna.com big.g.doubleclick.net vars.hotjar.com *.google.com *.dibspayment.eu 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.dermanor.no *.dermarome.se *.dermarome.fi *.dermarome.dk *.dermanor.com *.googleapis.com dermanor.stage.vismadigital.com *.dermanor.stage.vismadigital.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://*.dibspayment.eu *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.klarna.com static.hotjar.com script.hotjar.io *.googleapis.com cdnjs.cloudflare.com *.dibspayment.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.gstatic.com *.googleapis.com tagmanager.google.com *.typekit.net *.dibspayment.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.dibspayment.eu *.googleapis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Pragma: no-cache
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 23 Dec 2021 06:33:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
fastly-page-cacheable: YES
Report-To: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"https:\/\/eng.vdc.dev\/csp-report"}]}
Content-Security-Policy: font-src *.gstatic.com data: script.hotjar.com *.typekit.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net dermanor.stage.vismadigital.com *.dermanor.stage.vismadigital.com dermanor.no *.dermanor.no dermarome.se *.dermarome.se dermarome.fi *.dermarome.fi dermarome.dk *.dermarome.dk dermanor.com *.dermanor.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.youtube.com *.klarna.com big.g.doubleclick.net vars.hotjar.com *.google.com *.dibspayment.eu 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.dermanor.no *.dermarome.se *.dermarome.fi *.dermarome.dk *.dermanor.com *.googleapis.com dermanor.stage.vismadigital.com *.dermanor.stage.vismadigital.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://*.dibspayment.eu *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.klarna.com static.hotjar.com script.hotjar.io *.googleapis.com cdnjs.cloudflare.com *.dibspayment.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.gstatic.com *.googleapis.com tagmanager.google.com *.typekit.net *.dibspayment.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.dibspayment.eu *.googleapis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Accept-Ranges: bytes
|