www.oxo.com Open in urlscan Pro
104.17.95.156 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.oxo.com//categories//cooking/-and/-baking//utensils.html/?brand\=14
Effective URL:
https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
Submission: On September 13 via api (September 13th 2024, 8:55:30 pm UTC) from US — Scanned from CA

Summary HTTP 145 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 40 IPs in 2 countries across 33 domains to perform 145 HTTP transactions. The main IP is 104.17.95.156, located in and belongs to CLOUDFLARENET, US. The main domain is www.oxo.com. The Cisco Umbrella rank of the primary domain is 847295.
TLS certificate: Issued by WE1 on August 31st 2024. Valid for: 3 months.

This is the only time www.oxo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 36	104.17.95.156 104.17.95.156	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	18.238.49.62 18.238.49.62	16509 (AMAZON-02) (AMAZON-02)
1	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
8	2600:141b:1c0... 2600:141b:1c00:8::1728:b32c	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
12	2600:141b:1c0... 2600:141b:1c00:2096::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:821::2008	15169 (GOOGLE) (GOOGLE)
2	204.2.133.136 204.2.133.136	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
2	2600:141b:1c0... 2600:141b:1c00:8::1728:b323	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	172.67.68.249 172.67.68.249	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.208.75.12 3.208.75.12	14618 (AMAZON-AES) (AMAZON-AES)
2 4	2606:4700::68... 2606:4700::6811:f7cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	44.196.30.37 44.196.30.37	14618 (AMAZON-AES) (AMAZON-AES)
4	54.224.113.8 54.224.113.8	14618 (AMAZON-AES) (AMAZON-AES)
1	63.140.39.224 63.140.39.224	14618 (AMAZON-AES) (AMAZON-AES)
2	34.230.160.65 34.230.160.65	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.65.198 142.250.65.198	15169 (GOOGLE) (GOOGLE)
2	157.240.241.1 157.240.241.1	32934 (FACEBOOK) (FACEBOOK)
1	142.251.40.168 142.251.40.168	15169 (GOOGLE) (GOOGLE)
11	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
1	44.196.169.18 44.196.169.18	14618 (AMAZON-AES) (AMAZON-AES)
1	35.186.249.72 35.186.249.72	15169 (GOOGLE) (GOOGLE)
4	2620:1ec:33::10 2620:1ec:33::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.171.134.120 3.171.134.120	16509 (AMAZON-02) (AMAZON-02)
2	18.164.116.90 18.164.116.90	16509 (AMAZON-02) (AMAZON-02)
1	35.244.142.80 35.244.142.80	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	23.206.172.62 23.206.172.62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	142.251.40.230 142.251.40.230	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
2	2600:141b:1c0... 2600:141b:1c00:2582::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
1	2607:f8b0:400... 2607:f8b0:4006:81e::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c09::9d	15169 (GOOGLE) (GOOGLE)
4	2606:4700:440... 2606:4700:4400::6812:2889	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	151.101.192.84 151.101.192.84	54113 (FASTLY) (FASTLY)
1	151.101.128.84 151.101.128.84	54113 (FASTLY) (FASTLY)
145	40

36 104.17.95.156 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.oxo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.238.49.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-62.jfk52.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

rapid-cdn.yottaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:141b:1c00:8::1728:b32c (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:141b:1c00:2096::1e80 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
commerce.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.2.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

static.klaviyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.2.133.136 (United States)

ASN393259 (YOTTAA-AS-1, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:1c00:8::1728:b323 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.68.249 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-assets.rapidspike.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.208.75.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-75-12.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:f7cb (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.196.30.37 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-196-30-37.compute-1.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.224.113.8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-224-113-8.compute-1.amazonaws.com

lib-us-1.brilliantcollector.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.39.224 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-224.data.adobedc.net

oxo.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.230.160.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-160-65.compute-1.amazonaws.com

commerce.adobedc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.198 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.241.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.168 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.130.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

static-tracking.klaviyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fast.a.klaviyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.196.169.18 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-196-169-18.compute-1.amazonaws.com

helenoftroy.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.249.72 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 72.249.186.35.bc.googleusercontent.com

d.impactradius-event.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.171.134.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-171-134-120.jfk52.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.164.116.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-90.jfk50.r.cloudfront.net

cdn.kustomerapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.206.172.62 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-206-172-62.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.230 (Queens, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f6.1e100.net

14167590.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81e::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:1c00:2582::1931 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

static-forms.klaviyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::6812:2889 (United States)

ASN13335 (CLOUDFLARENET, US)

a.klaviyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.192.84 (San Francisco, United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.128.84 (San Francisco, United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	oxo.com 2 redirects www.oxo.com — Cisco Umbrella Rank: 847295	3 MB
25	klaviyo.com static.klaviyo.com — Cisco Umbrella Rank: 3370 static-tracking.klaviyo.com — Cisco Umbrella Rank: 3990 fast.a.klaviyo.com — Cisco Umbrella Rank: 4538 static-forms.klaviyo.com — Cisco Umbrella Rank: 4218 a.klaviyo.com — Cisco Umbrella Rank: 4126	173 KB
12	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 452 commerce.adobedtm.com — Cisco Umbrella Rank: 37879	98 KB
10	typekit.net use.typekit.net — Cisco Umbrella Rank: 462 p.typekit.net — Cisco Umbrella Rank: 578	131 KB
6	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 975	6 KB
6	doubleclick.net 1 redirects ad.doubleclick.net — Cisco Umbrella Rank: 153 14167590.fls.doubleclick.net td.doubleclick.net — Cisco Umbrella Rank: 189 stats.g.doubleclick.net — Cisco Umbrella Rank: 130	982 B
6	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 3430	48 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 801	139 KB
4	bing.com bat.bing.com — Cisco Umbrella Rank: 361	15 KB
4	brilliantcollector.com lib-us-1.brilliantcollector.com — Cisco Umbrella Rank: 20443	597 B
4	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 797	74 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 256 helenoftroy.demdex.net — Cisco Umbrella Rank: 404702	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	253 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	4 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 1018	25 KB
2	kustomerapp.com cdn.kustomerapp.com — Cisco Umbrella Rank: 19346	14 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 178	73 KB
2	adobedc.net commerce.adobedc.net — Cisco Umbrella Rank: 29733	285 B
2	rapidspike.com cdn-assets.rapidspike.com — Cisco Umbrella Rank: 133209 rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com — Cisco Umbrella Rank: 303531	2 KB
2	yottaa.net qoe-1.yottaa.net — Cisco Umbrella Rank: 12083	2 KB
1	google.com analytics.google.com — Cisco Umbrella Rank: 140
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	962 B
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 3890	22 KB
1	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 356	6 KB
1	impactradius-event.com d.impactradius-event.com — Cisco Umbrella Rank: 4030	16 KB
1	omtrdc.net oxo.sc.omtrdc.net	344 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1463	490 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 670	7 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 215	767 B
1	yottaa.com rapid-cdn.yottaa.com — Cisco Umbrella Rank: 13775	39 KB
0	google.ca Failed www.google.ca Failed
0	teads.tv Failed p.teads.tv Failed
0	crobox.io Failed cdn.crobox.io Failed
145	33

	Domain	Requested by
36	www.oxo.com	2 redirects www.oxo.com rapid-cdn.yottaa.com
11	assets.adobedtm.com	www.oxo.com rapid-cdn.yottaa.com
10	static-tracking.klaviyo.com	rapid-cdn.yottaa.com
9	static.klaviyo.com	www.oxo.com rapid-cdn.yottaa.com
8	use.typekit.net	www.oxo.com use.typekit.net client
6	ct.pinterest.com	rapid-cdn.yottaa.com
6	consent.trustarc.com	www.oxo.com consent.trustarc.com
5	analytics.tiktok.com	rapid-cdn.yottaa.com analytics.tiktok.com
4	a.klaviyo.com	rapid-cdn.yottaa.com
4	bat.bing.com	rapid-cdn.yottaa.com bat.bing.com
4	lib-us-1.brilliantcollector.com	rapid-cdn.yottaa.com
4	unpkg.com	2 redirects www.oxo.com
3	www.googletagmanager.com	www.oxo.com assets.adobedtm.com rapid-cdn.yottaa.com
2	www.facebook.com
2	s.pinimg.com	rapid-cdn.yottaa.com
2	td.doubleclick.net	rapid-cdn.yottaa.com
2	14167590.fls.doubleclick.net	1 redirects rapid-cdn.yottaa.com
2	cdn.kustomerapp.com	rapid-cdn.yottaa.com
2	connect.facebook.net	rapid-cdn.yottaa.com
2	commerce.adobedc.net	unpkg.com
2	dpm.demdex.net	rapid-cdn.yottaa.com www.oxo.com
2	p.typekit.net	use.typekit.net
2	qoe-1.yottaa.net	rapid-cdn.yottaa.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	rapid-cdn.yottaa.com
1	fonts.googleapis.com	client
1	static-forms.klaviyo.com	rapid-cdn.yottaa.com
1	fast.a.klaviyo.com	rapid-cdn.yottaa.com
1	rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com	cdn-assets.rapidspike.com
1	cdn.pdst.fm	rapid-cdn.yottaa.com
1	c.amazon-adsystem.com	rapid-cdn.yottaa.com
1	d.impactradius-event.com	rapid-cdn.yottaa.com
1	helenoftroy.demdex.net	rapid-cdn.yottaa.com
1	ad.doubleclick.net	www.oxo.com
1	oxo.sc.omtrdc.net	www.oxo.com
1	commerce.adobedtm.com	rapid-cdn.yottaa.com
1	cm.everesttech.net	1 redirects
1	cdn-assets.rapidspike.com	rapid-cdn.yottaa.com
1	static.cloudflareinsights.com	www.oxo.com
1	cdnjs.cloudflare.com	www.oxo.com
1	rapid-cdn.yottaa.com	www.oxo.com
0	www.google.ca Failed
0	p.teads.tv Failed	assets.adobedtm.com
0	cdn.crobox.io Failed	assets.adobedtm.com
145	44

This site contains links to these domains. Also see Links.

Domain
faq.oxo.com
careers.helenoftroy.com
investor.helenoftroy.com
instagram.com
www.facebook.com
twitter.com
tiktok.com
www.youtube.com
www.pinterest.com
levelaccess.com
www.helenoftroy.com
www.oxojapan.com
www.oxouk.com
www.oxo.de.com

Subject Issuer	Validity	Valid
oxo.com WE1	`2024-08-31` - `2024-11-29`	3 months	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2024-03-16` - `2025-04-14`	a year	crt.sh
*.yottaa.com GlobalSign RSA OV SSL CA 2018	`2024-07-23` - `2025-08-24`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-27` - `2025-09-27`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
static.klaviyo.com R11	`2024-09-09` - `2024-12-08`	3 months	crt.sh
cloudflareinsights.com WE1	`2024-09-03` - `2024-12-02`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2024-09-05` - `2025-10-07`	a year	crt.sh
rapidspike.com E6	`2024-09-03` - `2024-12-02`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.brilliantcollector.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-08` - `2025-04-16`	a year	crt.sh
*.sc.omtrdc.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-07` - `2025-03-09`	a year	crt.sh
commerce.adobedc.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-23` - `2024-09-21`	3 months	crt.sh
static-tracking.klaviyo.com R11	`2024-07-19` - `2024-10-17`	3 months	crt.sh
*.impactradius-event.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-08` - `2025-01-06`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-12-30` - `2024-12-04`	a year	crt.sh
*.kustomerapp.com Amazon RSA 2048 M02	`2023-12-15` - `2025-01-11`	a year	crt.sh
cdn.pdst.fm WR3	`2024-09-13` - `2024-12-12`	3 months	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-02` - `2025-08-07`	a year	crt.sh
fast.a.klaviyo.com R10	`2024-09-09` - `2024-12-08`	3 months	crt.sh
static-forms.klaviyo.com R10	`2024-08-18` - `2024-11-16`	3 months	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
a.klaviyo.com WE1	`2024-07-22` - `2024-10-20`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
Frame ID: 66EB655D608E22D3E311B57C82E58320
Requests: 133 HTTP requests in this frame

Frame: https://www.oxo.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/388c99dd0998/main.js
Frame ID: FD49E7271410F407079915267BD7A181
Requests: 2 HTTP requests in this frame

Frame: https://helenoftroy.demdex.net/dest5.html?d_nsid=0
Frame ID: A39978078E5621C52FB9799D6DBB088B
Requests: 1 HTTP requests in this frame

Frame: https://14167590.fls.doubleclick.net/activityi;dc_pre=CJyc8YnnwIgDFVka0AQdwIEG0Q;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA
Frame ID: AC85436C44679661DA85F29B7DD81071
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA
Frame ID: AB98E21348987BD6AB040A2FB0B49DC9
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-QN3HZX14P2&gacid=1745456930.1726260926&gtm=45je4990v898268557z89176638692za200zb9176638692&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=605016192
Frame ID: 347D0B088B2DAE65B63B9496AC524B89
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 79ACA7DC5D8F2E16E4B42F298A440485
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Choose Your Location

Page URL History Show full URLs

http://www.oxo.com//categories//cooking/-and/-baking//utensils.html/?brand\=14 HTTP 307
https://www.oxo.com//categories//cooking/-and/-baking//utensils.html/?brand\=14 HTTP 302
https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA Page URL

Detected technologies

Prototype (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Impact (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

d\.impactradius-event\.com

Klaviyo (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

klaviyo\.com

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Yottaa (Tag managers) Expand

Overall confidence: 100%
Detected patterns

cdn\.yottaa\.\w+/

Page Statistics

145
Requests

95 %
HTTPS

38 %
IPv6

33
Domains

44
Subdomains

40
IPs

2
Countries

3946 kB
Transfer

14068 kB
Size

50
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.oxo.com/en_us/shipping-rkLzqQuEj
Title: See terms

Search URL Search Domain Scan URL

URL: https://faq.oxo.com/en_us/inventor-submissions-Hy6XAQuVi
Title: Inventor Submission

Search URL Search Domain Scan URL

URL: https://careers.helenoftroy.com/
Title: Careers Opens a new window (Opens in a new window)

Search URL Search Domain Scan URL

URL: https://investor.helenoftroy.com/
Title: Investor Relations Opens a new window (Opens in a new window)

Search URL Search Domain Scan URL

URL: https://faq.oxo.com/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://faq.oxo.com/en_us/tot-nest-booster-seat-voluntary-recall-BkKMq7ONo
Title: Voluntary Recall

Search URL Search Domain Scan URL

URL: https://faq.oxo.com/en_us/guarantee-B1bMqmO4j
Title: Better Guarantee

Search URL Search Domain Scan URL

URL: https://faq.oxo.com/en_us/oxo-cookware-warranty-S1gXc7O4o
Title: OXO Cookware Guarantee

Search URL Search Domain Scan URL

URL: https://instagram.com/oxo
Title: Instagram (Opens in a new window)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OXO
Title: Facebook (Opens in a new window)

Search URL Search Domain Scan URL

URL: https://twitter.com/OXO
Title: X(Twitter) (Opens in a new window)

Search URL Search Domain Scan URL

URL: https://tiktok.com/@oxo_us
Title: TikTok (Opens in a new window)

Search URL Search Domain Scan URL

URL: https://www.youtube.com/oxo
Title: YouTube (Opens in a new window)

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/oxo/
Title: Pinterest (Opens in a new window)

Search URL Search Domain Scan URL

URL: https://levelaccess.com/a/oxo

Search URL Search Domain Scan URL

URL: https://www.helenoftroy.com/anti-human-trafficking-and-modern-slavery-statement/
Title: California Supply Chain Act/UK Modern Slavery Act Statement(Opens in a new window)

Search URL Search Domain Scan URL

URL: https://www.oxojapan.com/
Title: Japanese

Search URL Search Domain Scan URL

URL: https://www.oxouk.com/
Title: English (£)

Search URL Search Domain Scan URL

URL: https://www.oxo.de.com/
Title: German (€)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.oxo.com//categories//cooking/-and/-baking//utensils.html/?brand\=14 HTTP 307
https://www.oxo.com//categories//cooking/-and/-baking//utensils.html/?brand\=14 HTTP 302
https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://unpkg.com/@adobe/magento-storefront-events-sdk@%5E1/dist/index.js HTTP 302
https://unpkg.com/@adobe/magento-storefront-events-sdk@1.11.0/dist/index.js

Request Chain 47

https://cm.everesttech.net/cm/dd?d_uuid=79080372818410402722610795415115723096 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuSlqwAAAJwUvQOH

Request Chain 54

https://www.oxo.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.oxo.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/388c99dd0998/main.js

Request Chain 58

https://unpkg.com/@adobe/magento-storefront-event-collector@%5E1/dist/index.js HTTP 302
https://unpkg.com/@adobe/magento-storefront-event-collector@1.11.0/dist/index.js

Request Chain 96

https://14167590.fls.doubleclick.net/activityi;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA HTTP 302
https://14167590.fls.doubleclick.net/activityi;dc_pre=CJyc8YnnwIgDFVka0AQdwIEG0Q;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA

145 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
www.oxo.com/countrySelector/geoip/getaction/
Redirect Chain

http://www.oxo.com//categories//cooking/-and/-baking//utensils.html/?brand\=14
https://www.oxo.com//categories//cooking/-and/-baking//utensils.html/?brand\=14
https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

398 KB
105 KB

73ms
72ms

Document
text/html

104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de7ccfa90cbf84025491b157ec203b447da3d0e36cc1306d4817c577d682bb00

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com .paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com .stripe.network www.recaptcha.net .addressy.com .klaviyo.com .datadome.co .yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io .sdiapi.com dpm.demdex.net .omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com .adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com .algolia.net .algolia.com .algolianet.com .yotpo.com ekr.zdassets.com/ .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .braintree-api.com .paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net .oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk .parcellab.com .rapidspike.com .brilliantcollector.com cloud.vimeo.com vimeo.com .clarity.ms bat.bing.com .kaltura.com .spectrumcustomizer.com .acq.io ssl.geoplugin.net .yimg.com .hotjar.com vc.hotjar.io .pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com .googletagmanager.com .analytics.google.com .g.doubleclick.net .google.com .google-analytics.com .trustarc.com mpsnare.iesnare.com; font-src .sdiapi.com .klaviyo.com .typekit.net .yotpo.com .googleapis.com .gstatic.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com .hydroflask.com .oxo.com cdn.kustomerapp.com .trustarc.com .lightboxcdn.com .spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com .yotpo.com .iterable.com .cardinalcommerce.com .paypal.com .oxo.com .brilliantcollector.com .facebook.com 'self' 'unsafe-inline'; frame-ancestors .stripe.com stripe.com .kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src .akamaized.net .kaltura.com cfvod.kaltura.com .adobe.com .oxo.com .vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net .typekit.net .klaviyo.com .adobe.com .yotpo.com .googleapis.com mageside.com .mageside.com .oxo.com .pcapredict.com services.postcodeanywhere.co.uk .lightboxcdn.com .parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com .googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=p9oigUrIL37.twM7fsC.ZM_qTVc.HxJvUgO4u7fJgck-1726260921-1.0.1.1-bfeVM2QGpVsWBFNHJioV.inlVWvRLmE7dZlswGM2HF6xacX19DILjhPwM6Y3cOWdJgbdpL72z1ncYaruPFUmSzNOak4G1332eOEX7ZRH4GdY4EK.Ulkn50qyTxY6w0Y_joi0pyJL1TPQbiOprW4IM9hivehFhpIRJ0_3I.c05SAZB2T_qH24vAqJkRZo3JVKSqvRgqGwb5m8BmA7dNS96Q; report-to cf-wklzwnphtjgkmaxh frame-src services.sheerid.com .stripe.network www.recaptcha.net .sdiapi.com .kmail-lists.com fast.amc.demdex.net .adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com .youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com .yotpo.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com assets.braintreegateway.com pay.google.com .cardinalcommerce.com .paypal.com doubleclick.net .doubleclick.net vice01.hydroflask.com hydroflask.attn.tv .oxo.com .lightboxcdn.com .hydroflask.com .brilliantcollector.com .demdex.net .kustomer.support .kustomer.help .trustarc.com .locally.com .facebook.com .fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' .googletagmanager.com bid.g.doubleclick.net td.doubleclick.net .fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net .klaviyo.com .cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net .google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com .baidu.com .omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com .typekit.net www.paypalobjects.com .ftcdn.net .behance.net fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com validator.swagger.io .yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com .paypal.com mageside.com .mageside.com .hydroflask.com hydroflask.attn.tv .oxo.com .lightboxcdn.com na-stage.hele.digital .parcellab.com .trustarc.com cfvod.kaltura.com .bing.com .clarity.ms .hele.digital via.placeholder.com .locally.com .spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com .acq.io .yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com .facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com .google.com www.gstatic.com ssl.gstatic.com googletagmanager.com .googletagmanager.com fonts.googleapis.com .google-analytics.com .analytics.google.com .g.doubleclick.net .fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com .dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com .stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com .klaviyo.com .yottaa.net .yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com .sdiapi.com f.vimeocdn.com .adobedtm.com .adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net .magento-ds.com .typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .yotpo.com s7.addthis.com .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com .mageside.com doubleclick.net .hydroflask.com .oxo.com .pcapredict.com .lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net .fbot.me services.postcodeanywhere.co.uk .parcellab.com .trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com .brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com .clarity.ms .spectrumcustomizer.com js.acq.io ssl.geoplugin.net .yimg.com ajax.googleapis.com cdn.pushplanet.com .cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com .impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=pEVdrFVeq2IDyI3goGJ9gIlIGlVjljcAWygQxKafAEI-1726260921-1.0.1.1-gtyMaONXgQ3ALrEUNvWDtbdOkPz6VDeGGymwS4FVj1Z_wvwQnAhmayCeadhfgvl3Xvi4ti2RGyvjgQNv1Tqr9DEkWaPaR9_3pQtvGOr6h7DS1MTv6ApS0i3epeZtMAXV2mzRB2oujlot7f57a2FHW_.bkWyTUw_a.PLa_ukTeR5qJ_F4fMQijExra2bPMnnVx3Gy9OQQYiI2s8FAREhF.w; report-to cf-hhwmbxnnpksazxny
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

age: 27094
alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8c2b09a6adb6ab1e-YYZ
content-encoding: br
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=p9oigUrIL37.twM7fsC.ZM_qTVc.HxJvUgO4u7fJgck-1726260921-1.0.1.1-bfeVM2QGpVsWBFNHJioV.inlVWvRLmE7dZlswGM2HF6xacX19DILjhPwM6Y3cOWdJgbdpL72z1ncYaruPFUmSzNOak4G1332eOEX7ZRH4GdY4EK.Ulkn50qyTxY6w0Y_joi0pyJL1TPQbiOprW4IM9hivehFhpIRJ0_3I.c05SAZB2T_qH24vAqJkRZo3JVKSqvRgqGwb5m8BmA7dNS96Q; report-to cf-wklzwnphtjgkmaxh frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=pEVdrFVeq2IDyI3goGJ9gIlIGlVjljcAWygQxKafAEI-1726260921-1.0.1.1-gtyMaONXgQ3ALrEUNvWDtbdOkPz6VDeGGymwS4FVj1Z_wvwQnAhmayCeadhfgvl3Xvi4ti2RGyvjgQNv1Tqr9DEkWaPaR9_3pQtvGOr6h7DS1MTv6ApS0i3epeZtMAXV2mzRB2oujlot7f57a2FHW_.bkWyTUw_a.PLa_ukTeR5qJ_F4fMQijExra2bPMnnVx3Gy9OQQYiI2s8FAREhF.w; report-to cf-hhwmbxnnpksazxny
content-type: text/html; charset=UTF-8
date: Fri, 13 Sep 2024 20:55:21 GMT
expires: Sat, 14 Sep 2024 13:23:47 GMT
pragma: cache
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=egSuL_.1HHVZHlsGqwBWimDnrRAl1pGcNUDvS1dlWqA-1726260921-1.0.1.1-a0UB8JjxABPycsBTI6UgWtPwp32B3mIcWxNG3u16ZNPXdqO26Q_1_yikYM2gt08vYEH2WyVGHl3TIjkegpMSwibKBG2zXte_5P3yuK_9mPiCHGAG1xGTSzHeitJwNGJieFKCfbRCbEwydewAlKj42RpMh9zywhxz35SyZPhaDqfC.fdvatdLT81rABvV8dvw8sClbf0yzzTlhJ9yCUQG7w"}],"group":"cf-vsreajdebowrgbdd","max_age":86400} {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=F_zoLS3gb9RcXo.t4IyFe.8Vt4YCG4XC.uegcNF0y24-1726260921-1.0.1.1-bwvqRGn7l4qF4bXB2IT9qylm0E.YOXrQ3WC4ZmBaRRapkc_msd16p2xAcoCIFIbbW12inClTlod36KGdzREorQCx7jI8niz7eLPvZLdlImZCBBqwqloHP0.uOl20qGOKnYCY1ZAlMLQwIGnqDzXObPV0m.QuKSsey8b_Ce2xrxntEaU92vYDqNjxDm2MXNYmQTrXuxdBQ89dxLL6mfAwiw"}],"group":"cf-fhzwynrytujxnesl","max_age":86400} {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=p9oigUrIL37.twM7fsC.ZM_qTVc.HxJvUgO4u7fJgck-1726260921-1.0.1.1-bfeVM2QGpVsWBFNHJioV.inlVWvRLmE7dZlswGM2HF6xacX19DILjhPwM6Y3cOWdJgbdpL72z1ncYaruPFUmSzNOak4G1332eOEX7ZRH4GdY4EK.Ulkn50qyTxY6w0Y_joi0pyJL1TPQbiOprW4IM9hivehFhpIRJ0_3I.c05SAZB2T_qH24vAqJkRZo3JVKSqvRgqGwb5m8BmA7dNS96Q"}],"group":"cf-wklzwnphtjgkmaxh","max_age":86400} {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=pEVdrFVeq2IDyI3goGJ9gIlIGlVjljcAWygQxKafAEI-1726260921-1.0.1.1-gtyMaONXgQ3ALrEUNvWDtbdOkPz6VDeGGymwS4FVj1Z_wvwQnAhmayCeadhfgvl3Xvi4ti2RGyvjgQNv1Tqr9DEkWaPaR9_3pQtvGOr6h7DS1MTv6ApS0i3epeZtMAXV2mzRB2oujlot7f57a2FHW_.bkWyTUw_a.PLa_ukTeR5qJ_F4fMQijExra2bPMnnVx3Gy9OQQYiI2s8FAREhF.w"}],"group":"cf-hhwmbxnnpksazxny","max_age":86400}
server: cloudflare
strict-transport-security: max-age=31557600
traceresponse: 00-17f4d084fa1a603798f6d5b7a5f8239d-a13565db3e82c4bc-01
vary: Accept-Encoding,Cookie
x-cache: HIT, HIT
x-cache-hits: 2, 0
x-content-type-options: nosniff
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-esi: 1
x-frame-options: SAMEORIGIN
x-platform-server: i-05fb2acf84a0261d6 i-05fb2acf84a0261d6
x-served-by: cache-iad-kcgs7200039-IAD, cache-yyz4577-YYZ
x-xss-protection: 1; mode=block

Redirect headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8c2b099dce09ab1e-YYZ
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=gdDez_ahQ19IOO8OpMNx1vJ1aWVsabL9PqwvA_f.j.4-1726260921-1.0.1.1-n7UZx0qx8.BSQZtas0NUrY7zKQfjZxTwdyuLVxmXysRwybxTuiM7762odvje74BCRp9_3HYgJsHd5F.mZC4QK5TdoLaFtIuSGzzjwc.9UMiaToBa0XJhjo4HatSouoR_4uwFAF8HustoaZ3cdpwIJdoc6pzr50yIiQWV07df.TYqXWjdXB5qAiNayjTOz8jCIdvtHb8_.819Oy6xwHg0Vw; report-to cf-bshrwmzygrlshdsw frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=jCsBRBdzLRWc0SfeC5D90hW5P2FHFRsdKsLnoOklAJk-1726260921-1.0.1.1-yHxWNxKvlXah9m_pHpMLWrhwXgEMvceNPV.IMEGUR524eyts19gWpq8noDbbfN9qjNmQVE7Xo7sqYmyQyuCOon3o2WQRgPWqF6PFfbjbbsviKliF5dd68Gml4f9l3L4IWjR2UT82VkJ.4MKVZTRrS.aX5WSKOY7QzkMgED3giE5RrIg7vzJN8JnbEYRhePwGxvjzTXO1FKkm8lf3nBAf0Q; report-to cf-wbfnnomxwumfacrx
content-type: text/html; charset=UTF-8
date: Fri, 13 Sep 2024 20:55:21 GMT
expires: Sat, 14 Sep 2024 20:55:20 GMT
location: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
pragma: cache
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=YJU6SbaM1HSQN8TVkYQRnOcBz3p2s14Cu.O.umadVP8-1726260921-1.0.1.1-TK9QB9vugWbzyKBJMaeZwVadoWYRBlOpSI818wAF0IDK4VSLTVUMOi8._yBr9XEYcpKZVk25Ex6nk_gesIFM.UDsH50bwoq3rCOECMPPHF3Aa1Yk5ZpT3tYKN2lgizBjJm9M9iurM0rWtCmq_J8lnWChxy6EGC87MjuZhMaWcpJjbf8.LDNd4L18QN.Qa23Z.JRV_LxIHrVR9FNRmUuCoQ"}],"group":"cf-efwikpjhngmujrjl","max_age":86400} {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=1xK6nuwR_31gD715HDM2iPzyZz1KxYUgAKQ_hau0edg-1726260921-1.0.1.1-ZMC39hl8I0OFQu3C9V7PhoDMd7.M4gDQaMMm1Gl5bMPBn0bzSPXekRUtDcNXtmIhhgqY00MP09kPGlxarPzpPFsuNOAKyWMCJ4ky85Js1ERGDtErw2OB9O9QETkUzxJi8j3AoLswUZVVf_B8bkv1UKak2jIREMCJvm0CMjh8nrGOq8bluL0eEFZ7ctU8MiaoBNnY.4Fw2ClQfvs.WBnYtQ"}],"group":"cf-nqkuetwwrxmbxivl","max_age":86400} {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=gdDez_ahQ19IOO8OpMNx1vJ1aWVsabL9PqwvA_f.j.4-1726260921-1.0.1.1-n7UZx0qx8.BSQZtas0NUrY7zKQfjZxTwdyuLVxmXysRwybxTuiM7762odvje74BCRp9_3HYgJsHd5F.mZC4QK5TdoLaFtIuSGzzjwc.9UMiaToBa0XJhjo4HatSouoR_4uwFAF8HustoaZ3cdpwIJdoc6pzr50yIiQWV07df.TYqXWjdXB5qAiNayjTOz8jCIdvtHb8_.819Oy6xwHg0Vw"}],"group":"cf-bshrwmzygrlshdsw","max_age":86400} {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=jCsBRBdzLRWc0SfeC5D90hW5P2FHFRsdKsLnoOklAJk-1726260921-1.0.1.1-yHxWNxKvlXah9m_pHpMLWrhwXgEMvceNPV.IMEGUR524eyts19gWpq8noDbbfN9qjNmQVE7Xo7sqYmyQyuCOon3o2WQRgPWqF6PFfbjbbsviKliF5dd68Gml4f9l3L4IWjR2UT82VkJ.4MKVZTRrS.aX5WSKOY7QzkMgED3giE5RrIg7vzJN8JnbEYRhePwGxvjzTXO1FKkm8lf3nBAf0Q"}],"group":"cf-wbfnnomxwumfacrx","max_age":86400}
server: cloudflare
strict-transport-security: max-age=31557600
traceresponse: 00-17f4e9291ee6df9c718f3e7e38495a54-259cb1270c47d099-01
vary: Accept-Encoding,Cookie
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-esi: 1
x-frame-options: SAMEORIGIN
x-platform-server: i-08c93229e497ba9db i-08c93229e497ba9db
x-served-by: cache-iad-kjyo7100045-IAD, cache-yyz4523-YYZ
x-xss-protection: 1; mode=block

GET
H2 200 core.min.js Show response
consent.trustarc.com/autoblockasset/ 19 KB
6 KB 204ms
28ms Script
text/javascript 18.238.49.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/autoblockasset/core.min.js?domain=www.oxo.com

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.49.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-49-62.jfk52.r.cloudfront.net

Software

Resource Hash

3818259a072560b8c44820f8753d53344bdc817a9493e4c18ca38531ffb534e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: public
date: Fri, 13 Sep 2024 20:55:21 GMT
content-encoding: gzip
via: 1.1 0b703f88574c6bad454306eb64dd50a2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 16 May 2024 01:19:21 GMT
x-amz-cf-pop: JFK52-P3
age: 149
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=3600
x-amz-cf-id: 16UVqpJqiumOGKMTNwkOGzhyvjYGmIDMRsVeB9c-d0qVQY5wPR-MOg==

GET
H2 200 autoblockoptout Show response
consent.trustarc.com/ 7 KB
3 KB 204ms
28ms Script
text/javascript 18.238.49.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/autoblockoptout?domain=www.oxo.com

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.49.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-49-62.jfk52.r.cloudfront.net

Software

Resource Hash

3240ec543e490912b08d24d01787505abd71fe604daa06957d68434a8cea8e7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:52:52 GMT
content-encoding: gzip
via: 1.1 0b703f88574c6bad454306eb64dd50a2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK52-P3
age: 149
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript; charset=UTF-8
cache-control: max-age=3600
x-amz-cf-id: bGISByo9lhUJF0MHnJoVYD652Dc7peT9BMdaXuu2gVFhDmTVOBauhg==

GET
H2 200 bdWgmLaioz2oPA.js Show response
rapid-cdn.yottaa.com/rapid/lib/ 130 KB
39 KB 633ms
545ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Requested by: Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 212ef5d094ee3282165c25a6988faa80f7be4f169b640562c1917b30f4086f65

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:22 GMT
content-encoding: gzip
via: 1.1 varnish
age: 0
x-timer: S1726260922.628305,VS0,VE534
vary: Accept-Encoding
x-cache: MISS
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=1800, s-maxage=604800
accept-ranges: bytes
timing-allow-origin: *
content-length: 40193
x-served-by: cache-yul1970051-YUL

GET
H3 200 rewards.png
www.oxo.com/media/wysiwyg/oxo/ 2 KB
11 KB 104ms
102ms Image
image/webp 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.oxo.com/media/wysiwyg/oxo/rewards.png

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e47c97214b042582e64071246e8034e525cef66a5316f9af6a615f7bb01fc1b

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4z9DEiTbP_ZMJ9oAMDYsBiMCKwgjmuOrypr.9Qezgzo-1726260921-1.0.1.1-7i8NQebgmkuqk5JWd0ClnUbPlub7o4wkIY07MYrpsONOhXpEAwbsaA0HFcFt58mjWQcyARoAy77Z3nZBynVW6RQxzA_cZjUlgQ7A3QFccUvyDufXBbFuNZqyRX8hV2Z4gSzaxXCdL.fZUtpxpEasJ1QYOEBQ4O9RVucvdaWLTGarBxi3WmXCebwZeUGYX0Syxd2TO5c2gCeyg.Qvz9OWug; report-to cf-pthdkoryjkslmkip, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=T4VymQGm.Q6EJby0hii7v8c2t_Zy_sCQROv4FWciJw4-1726260921-1.0.1.1-6HQHVkcMqmOVBNhZfDatRAuTVz8li2rAbcOlCd16TZleFUfNlsXdPqzcJf7GUj._Ktv4Wzqnn1XjiOpFCQVqGVPmsxgO7dJJAt5lHHI76xhM4C9iLl5hDVk4cRXbsD3WibuIfvQ4bia8bUKdJaVniYAaXccg9eiQWfiYkgHNAGFcihIKRy_SvNeyVwGjQG6ZcEGsOYmW0KhpopgpLgGD9A; report-to cf-ftwmevhoyxahgcji

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:21 GMT
strict-transport-security: max-age=31557600
cf-cache-status: HIT
x-platform-server: i-0e323f5c977a7b537, i-0e323f5c977a7b537
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4z9DEiTbP_ZMJ9oAMDYsBiMCKwgjmuOrypr.9Qezgzo-1726260921-1.0.1.1-7i8NQebgmkuqk5JWd0ClnUbPlub7o4wkIY07MYrpsONOhXpEAwbsaA0HFcFt58mjWQcyARoAy77Z3nZBynVW6RQxzA_cZjUlgQ7A3QFccUvyDufXBbFuNZqyRX8hV2Z4gSzaxXCdL.fZUtpxpEasJ1QYOEBQ4O9RVucvdaWLTGarBxi3WmXCebwZeUGYX0Syxd2TO5c2gCeyg.Qvz9OWug; report-to cf-pthdkoryjkslmkip, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=T4VymQGm.Q6EJby0hii7v8c2t_Zy_sCQROv4FWciJw4-1726260921-1.0.1.1-6HQHVkcMqmOVBNhZfDatRAuTVz8li2rAbcOlCd16TZleFUfNlsXdPqzcJf7GUj._Ktv4Wzqnn1XjiOpFCQVqGVPmsxgO7dJJAt5lHHI76xhM4C9iLl5hDVk4cRXbsD3WibuIfvQ4bia8bUKdJaVniYAaXccg9eiQWfiYkgHNAGFcihIKRy_SvNeyVwGjQG6ZcEGsOYmW0KhpopgpLgGD9A; report-to cf-ftwmevhoyxahgcji
age: 644399
traceresponse: 00-17f29e8abc58d568f1b0fb9267deaf22-06ea1b0c9cb0f3e9-01
cf-polished: origFmt=png, origSize=3941
x-cache: MISS
content-disposition: inline; filename="rewards.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1772
x-served-by: cache-iad-kiad7000028-IAD
last-modified: Wed, 22 May 2024 21:59:49 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
x-timer: S1725615926.938803,VS0,VE11
etag: "664e6ad5-f65"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ENYITkFlxX_IEcApe1wFzpEEk1hQ94zwzU4jngIzthU-1726260921-1.0.1.1-5TTziFFaZugfLjtFTptOYDVlr0Bu57iq20sJproJlPllwivRs1BRA_3i1nFOTNjf2e61QbwnNz0x5Pp7FXkVIUpa.mOP6QWHDODXj_WU0fRD2bfvIGY1CIfyennhWhWoFb8F3MwLDQalIdsI8CKVRNQar6JYUVrRCdS79d.kzAx2_v20s1SC_Uoteav6E6OjGJBh0TxuMDtMv_rQWuJ24g"}],"group":"cf-zgwxwiydewplnudk","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=2qPKPyo4h59e9KbMCH2xXXFKcinoL6AMeR6xc5RQCEM-1726260921-1.0.1.1-KUydTDZLhtjhQFzd0aazOjQcMFwmCpdLj7sPNr2YGnuvc5DmJHdqEH_kiqpt_Jh.we5MRAdufsfOltkeMl6_r8RpZyPTFtrqj3fSlEL_j0bk9lTX6exycFoEYv1ztcQMjgPnEHh_UVKU5K0lgPxM.OIAC1qI433X_on4eBhgYGQ8HP6iLAP_ivWmaOiDi70_Vgb5tRdWXzSJuKcQEomB.Q"}],"group":"cf-kigvqkdzdcvjuwsa","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=4z9DEiTbP_ZMJ9oAMDYsBiMCKwgjmuOrypr.9Qezgzo-1726260921-1.0.1.1-7i8NQebgmkuqk5JWd0ClnUbPlub7o4wkIY07MYrpsONOhXpEAwbsaA0HFcFt58mjWQcyARoAy77Z3nZBynVW6RQxzA_cZjUlgQ7A3QFccUvyDufXBbFuNZqyRX8hV2Z4gSzaxXCdL.fZUtpxpEasJ1QYOEBQ4O9RVucvdaWLTGarBxi3WmXCebwZeUGYX0Syxd2TO5c2gCeyg.Qvz9OWug"}],"group":"cf-pthdkoryjkslmkip","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=T4VymQGm.Q6EJby0hii7v8c2t_Zy_sCQROv4FWciJw4-1726260921-1.0.1.1-6HQHVkcMqmOVBNhZfDatRAuTVz8li2rAbcOlCd16TZleFUfNlsXdPqzcJf7GUj._Ktv4Wzqnn1XjiOpFCQVqGVPmsxgO7dJJAt5lHHI76xhM4C9iLl5hDVk4cRXbsD3WibuIfvQ4bia8bUKdJaVniYAaXccg9eiQWfiYkgHNAGFcihIKRy_SvNeyVwGjQG6ZcEGsOYmW0KhpopgpLgGD9A"}],"group":"cf-ftwmevhoyxahgcji","max_age":86400}
content-type: image/webp
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09a7bf29ab1e-YYZ
expires: Sat, 13 Sep 2025 20:55:21 GMT

GET
H3 200 one-percent.png
www.oxo.com/media/wysiwyg/oxo/ 10 KB
19 KB 77ms
74ms Image
image/webp 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.oxo.com/media/wysiwyg/oxo/one-percent.png

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77a1cd76f7b369b86ca16c770ccc8e6c19afe3f063f496cc617a8e224a725bcd

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZGyqdt7HTTn8.p1_WlGbuV5p1pXFqFy4M1ENWs15jSY-1726260921-1.0.1.1-ckffcjM3PyhbkpRMfdjaxmeb3M0D5Hbu.g6Gii_iTmEmmNGqrScpnwa.3uFjMteWVnttIxeUALgtvZ_WirEsyrrxl7YQ8WC2Fp2BmWu4HLbTgdlgVDT2O3zRPPqi0SEigRsG9AJw49TH4k1Bjr1tLamPybK05YP92WGTIxGlAOWhKhdv9zgmnN3uA1bxbcBXtzo__pdOq68C0UXmN49t_A; report-to cf-oeqhgxybkfzczadm, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZJxoser0Agw7rQaCjavdmHs_xyQeJ6ffZyxUAyRyblw-1726260921-1.0.1.1-RGs1.mLPOXaMyzgIIt2H7NlCmDQyTIkii79KjMw6Os65jbTvvgoI9YThi.mjHyMMltStiKXKZUEkyYDB7qMySRhUj4E3S0bQ9PV.9SQkbYvFnanBsHgKbJKbshjiNWtzqEfmJ.IcKgGTwoC7KbgFLr24OjwiP7M4a3xlY9IKfvA99sf0rRfsANNJl4GmarRZlXtBSfQalw57.lJNMErgzw; report-to cf-xnbhiynortmtqxtr

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:21 GMT
strict-transport-security: max-age=31557600
cf-cache-status: HIT
x-platform-server: i-05fb2acf84a0261d6, i-05fb2acf84a0261d6
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZGyqdt7HTTn8.p1_WlGbuV5p1pXFqFy4M1ENWs15jSY-1726260921-1.0.1.1-ckffcjM3PyhbkpRMfdjaxmeb3M0D5Hbu.g6Gii_iTmEmmNGqrScpnwa.3uFjMteWVnttIxeUALgtvZ_WirEsyrrxl7YQ8WC2Fp2BmWu4HLbTgdlgVDT2O3zRPPqi0SEigRsG9AJw49TH4k1Bjr1tLamPybK05YP92WGTIxGlAOWhKhdv9zgmnN3uA1bxbcBXtzo__pdOq68C0UXmN49t_A; report-to cf-oeqhgxybkfzczadm, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZJxoser0Agw7rQaCjavdmHs_xyQeJ6ffZyxUAyRyblw-1726260921-1.0.1.1-RGs1.mLPOXaMyzgIIt2H7NlCmDQyTIkii79KjMw6Os65jbTvvgoI9YThi.mjHyMMltStiKXKZUEkyYDB7qMySRhUj4E3S0bQ9PV.9SQkbYvFnanBsHgKbJKbshjiNWtzqEfmJ.IcKgGTwoC7KbgFLr24OjwiP7M4a3xlY9IKfvA99sf0rRfsANNJl4GmarRZlXtBSfQalw57.lJNMErgzw; report-to cf-xnbhiynortmtqxtr
age: 644398
traceresponse: 00-17f29e8abf2ab5596775231a4d678f44-d3380df0ad0a098f-01
cf-polished: origFmt=png, origSize=23094
x-cache: MISS
content-disposition: inline; filename="one-percent.webp"
alt-svc: h3=":443"; ma=86400
content-length: 10688
x-served-by: cache-pdk-kfty2130025-PDK
last-modified: Thu, 29 Sep 2022 22:20:55 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
x-timer: S1725615926.976961,VS0,VE22
etag: "63361a47-5a36"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=3NiMvUX9a8dhCVno53JQzCwJidicCUjN4SM3T6wu6GI-1726260921-1.0.1.1-kJBpiJt1e1UZ5d21Orfg2z16bjTBKr4gXzQYnfm.72U3rl19O3C8xNiU20Ry.CYLHoodwEeiu1WE2jafl0Tj3s4dqlaCOm2s9WV4X0AeA6HzX.ZeCZhY9USXIxRsV1rWAcNNw_uXdMjatFjj_hQ9Jo696pXxIJxvT.g1G.0jKCU_PcyKHyxHfogAfzRUcFe7QCj2yA_U1TGv8zuWFKACqQ"}],"group":"cf-hdxanofskzqfzfuc","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=GW6t1B6jHc1YogYybT6GAjSId5ExiIY8BgmEbtJV7qY-1726260921-1.0.1.1-bIMAQD.K0ySDuAp0rolyeq5hC1jiVuPvvUjo8gh7YUvLgT8arLCvqEBwV6iq7opKrgSxmcelJx1p_wq1FD88mf_TXZmdk7wljICcGy3oXoyzZpnPFCRJKrCQPd.8_pCCJpEylD0Tv8a2pUudRnhUOUkLdsMVNClS1AUMWD3L9.o7ZE.LGQafxCFGRxlQcOieTkD7rtIDR2t7f4jKUZOhgQ"}],"group":"cf-pqfyglrlkaxknplp","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ZGyqdt7HTTn8.p1_WlGbuV5p1pXFqFy4M1ENWs15jSY-1726260921-1.0.1.1-ckffcjM3PyhbkpRMfdjaxmeb3M0D5Hbu.g6Gii_iTmEmmNGqrScpnwa.3uFjMteWVnttIxeUALgtvZ_WirEsyrrxl7YQ8WC2Fp2BmWu4HLbTgdlgVDT2O3zRPPqi0SEigRsG9AJw49TH4k1Bjr1tLamPybK05YP92WGTIxGlAOWhKhdv9zgmnN3uA1bxbcBXtzo__pdOq68C0UXmN49t_A"}],"group":"cf-oeqhgxybkfzczadm","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ZJxoser0Agw7rQaCjavdmHs_xyQeJ6ffZyxUAyRyblw-1726260921-1.0.1.1-RGs1.mLPOXaMyzgIIt2H7NlCmDQyTIkii79KjMw6Os65jbTvvgoI9YThi.mjHyMMltStiKXKZUEkyYDB7qMySRhUj4E3S0bQ9PV.9SQkbYvFnanBsHgKbJKbshjiNWtzqEfmJ.IcKgGTwoC7KbgFLr24OjwiP7M4a3xlY9IKfvA99sf0rRfsANNJl4GmarRZlXtBSfQalw57.lJNMErgzw"}],"group":"cf-xnbhiynortmtqxtr","max_age":86400}
content-type: image/webp
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09a7bf2fab1e-YYZ
expires: Sat, 13 Sep 2025 20:55:21 GMT

GET
H3 200 fb51c11abcd4d7b664c98a767849f8cc.min.css
www.oxo.com/static/version1725613590/_cache/merged/ 51 KB
19 KB 66ms
63ms Stylesheet
text/css 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/_cache/merged/fb51c11abcd4d7b664c98a767849f8cc.min.css

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69fe20e0351087ac46d9985ac537b3992abbcb105e0b91dbb712a0152e5e5eb1

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Km5BKxARVPn2Eah.a_skyU5wuOZzLjC9I586elKJa2o-1726260921-1.0.1.1-SYrLBUzyCcym_H4UsZ9TJmVP4FFGVy01lLV15zv3H6V.IF9ydgJUgKFbpUh8vK4A1r4DuFHySbwGeQZImXXi4Fv.BVypcOjQ2mMZcVsluT4cfC7DmMlLTeqGAJGSgmb0L_uV9XAhxPKibsNgpYLqtT7E45eTBcKCsT370M8S4I0lM3mkv_gX5K.FjLjNjvm5zAkciBDfeVTeluaNUKUrtg; report-to cf-fkxmssdtcjknpmoh, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=6gB4x0ZcPQeZzLfHZM3lRxGaSIOTJ7pz9ozCtOVp5vo-1726260921-1.0.1.1-YWRf9fsfGefEoBqRvcWz9S8_T0v8pTGdEK4_c5UkdNWXDTOlen.IHPxLA3G8spGcO6X6K4N30LVJ7txXaT97DI_IOcPh0XCRvyKpQMSlWy1H2YYY7TnfC1p6a9gkTWy.BEGhePQoGo1aTyCZMt4KWeznnQLIhOEByMpHbk5A.hwTBjEQ.JsbSSR90xBj7eoF3hhPrxHi9k5lskfGOvGVvg; report-to cf-aoqkdcnicmslkwuf

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:21 GMT
date: Fri, 13 Sep 2024 20:55:21 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-08c93229e497ba9db, i-08c93229e497ba9db
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Km5BKxARVPn2Eah.a_skyU5wuOZzLjC9I586elKJa2o-1726260921-1.0.1.1-SYrLBUzyCcym_H4UsZ9TJmVP4FFGVy01lLV15zv3H6V.IF9ydgJUgKFbpUh8vK4A1r4DuFHySbwGeQZImXXi4Fv.BVypcOjQ2mMZcVsluT4cfC7DmMlLTeqGAJGSgmb0L_uV9XAhxPKibsNgpYLqtT7E45eTBcKCsT370M8S4I0lM3mkv_gX5K.FjLjNjvm5zAkciBDfeVTeluaNUKUrtg; report-to cf-fkxmssdtcjknpmoh, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=6gB4x0ZcPQeZzLfHZM3lRxGaSIOTJ7pz9ozCtOVp5vo-1726260921-1.0.1.1-YWRf9fsfGefEoBqRvcWz9S8_T0v8pTGdEK4_c5UkdNWXDTOlen.IHPxLA3G8spGcO6X6K4N30LVJ7txXaT97DI_IOcPh0XCRvyKpQMSlWy1H2YYY7TnfC1p6a9gkTWy.BEGhePQoGo1aTyCZMt4KWeznnQLIhOEByMpHbk5A.hwTBjEQ.JsbSSR90xBj7eoF3hhPrxHi9k5lskfGOvGVvg; report-to cf-aoqkdcnicmslkwuf
age: 644398
traceresponse: 00-17f29e9b4b70d479f7c208f0e57620a7-f16d900d87cad9ce-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000150-IAD
last-modified: Fri, 06 Sep 2024 09:21:34 GMT
server: cloudflare
x-timer: S1725615997.055482,VS0,VE11
etag: W/"66dac99e-ccd7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Q7Egp8VdzTTECdb7PkW4K78vwO4G_PkRAGitzkJAiZQ-1726260921-1.0.1.1-PBcjjd1jukWrZbaZcWqDznL1dKiIxulOaNeCSDl.byJsFDoergsxqO1R5ZQzZOcrOGXcgimYf.xIu.oohvR7Hi4Zt1M1zxAfMgllmLWT2WmEj7ColrBkpA4zXyNH7yeBBm8giBnSCr.noRURUuhvlBmwKzmOAajh3JLA1nsrkZHRLuSu9neAjd835aZ2k7xGVWccSTFjaqPWVAZhtdCN9Q"}],"group":"cf-mkvbsjqjwckrgmem","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=HzQ1R6WLKqr1SbmxJiSlpPtCGAu2PTEXX5e2jrzhk2o-1726260921-1.0.1.1-qWG54cYDoINZHu8M21FMSBJ_3fTpJLU_OUvNqTpOCpjFhfYC1yisPV9dtlpGQQ4GTS2RY27ieAPCmY.CUttUttsfGWZ6x4AKBeq4yu4LbgdTpX8rGFOVbFvNcQM.HPovg6_KXTqCrFna61oDmwT7tSn7szcfEvJXZA3PXh.UX5cZ8mQl.bprqooS1VTvoN8W.Cfs6C36PLLzsRgcDyqwoA"}],"group":"cf-brogximjiwvjohru","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Km5BKxARVPn2Eah.a_skyU5wuOZzLjC9I586elKJa2o-1726260921-1.0.1.1-SYrLBUzyCcym_H4UsZ9TJmVP4FFGVy01lLV15zv3H6V.IF9ydgJUgKFbpUh8vK4A1r4DuFHySbwGeQZImXXi4Fv.BVypcOjQ2mMZcVsluT4cfC7DmMlLTeqGAJGSgmb0L_uV9XAhxPKibsNgpYLqtT7E45eTBcKCsT370M8S4I0lM3mkv_gX5K.FjLjNjvm5zAkciBDfeVTeluaNUKUrtg"}],"group":"cf-fkxmssdtcjknpmoh","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=6gB4x0ZcPQeZzLfHZM3lRxGaSIOTJ7pz9ozCtOVp5vo-1726260921-1.0.1.1-YWRf9fsfGefEoBqRvcWz9S8_T0v8pTGdEK4_c5UkdNWXDTOlen.IHPxLA3G8spGcO6X6K4N30LVJ7txXaT97DI_IOcPh0XCRvyKpQMSlWy1H2YYY7TnfC1p6a9gkTWy.BEGhePQoGo1aTyCZMt4KWeznnQLIhOEByMpHbk5A.hwTBjEQ.JsbSSR90xBj7eoF3hhPrxHi9k5lskfGOvGVvg"}],"group":"cf-aoqkdcnicmslkwuf","max_age":86400}
content-type: text/css
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09a7bf32ab1e-YYZ
x-cache-hits: 0

GET
H3 200 styles.min.css
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/css/ 2 MB
202 KB 108ms
103ms Stylesheet
text/css 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/css/styles.min.css

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bda477fd8e24254a42e625d19959c5ebd57a88160636571c1dbde8fb3a88e0b

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=9jJAaZFY4RaYmvbwhSz.FYSsl8s75Jm8ddWlQPaKiC8-1726260921-1.0.1.1-4aYg6PeprB4Uw2Trz1SAm2zC0mq3NHUBcLKOZO1M_QHzPTwi9vqJVyICjXmE70ax9zKrNo.iiwix2_47kj.RTd59BjGcn6ceazAW.TcWLHHWvjJgYehZkLSFhxr6WE7yCkB9nF2yks7XoPzFPZ6djGFLNs8CuRFrK0r2RoKf58nl44BEs3qf0EjSddqBFnXNEFoGO2F9Zcd.V1rI9M8PXA; report-to cf-zegwynidwykxlxwn, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=PtGMv3.Djr4S.rZ5x3o2PuJraxGObsMXb9KJWkibUEI-1726260921-1.0.1.1-w1hIe9otjlATruhhsd5HMrTIlmpdTrU1iLv7MUL.WyHD7nemCAJCEM1VHvoAWGdIIjkA2z3uuCTcHGfHaJ2RY7zCo1E_Ks.MW_U94BMTxLGkFoep.37N1_UOr.oc5fr0d.a9J8UkzxdVZtYgCz33XdCQG7SUREbi1ocuXUbwgN1h1CVQShbMk.jsWUZsOOlDZKgocjmWP02x9bO31I4wLA; report-to cf-gifuzagbeciyqjkl

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:21 GMT
date: Fri, 13 Sep 2024 20:55:21 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-08c93229e497ba9db, i-08c93229e497ba9db
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=9jJAaZFY4RaYmvbwhSz.FYSsl8s75Jm8ddWlQPaKiC8-1726260921-1.0.1.1-4aYg6PeprB4Uw2Trz1SAm2zC0mq3NHUBcLKOZO1M_QHzPTwi9vqJVyICjXmE70ax9zKrNo.iiwix2_47kj.RTd59BjGcn6ceazAW.TcWLHHWvjJgYehZkLSFhxr6WE7yCkB9nF2yks7XoPzFPZ6djGFLNs8CuRFrK0r2RoKf58nl44BEs3qf0EjSddqBFnXNEFoGO2F9Zcd.V1rI9M8PXA; report-to cf-zegwynidwykxlxwn, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=PtGMv3.Djr4S.rZ5x3o2PuJraxGObsMXb9KJWkibUEI-1726260921-1.0.1.1-w1hIe9otjlATruhhsd5HMrTIlmpdTrU1iLv7MUL.WyHD7nemCAJCEM1VHvoAWGdIIjkA2z3uuCTcHGfHaJ2RY7zCo1E_Ks.MW_U94BMTxLGkFoep.37N1_UOr.oc5fr0d.a9J8UkzxdVZtYgCz33XdCQG7SUREbi1ocuXUbwgN1h1CVQShbMk.jsWUZsOOlDZKgocjmWP02x9bO31I4wLA; report-to cf-gifuzagbeciyqjkl
age: 644398
traceresponse: 00-17f29e8ab5a2c1326bdaf2b9460d974f-6049b3ba36d6fdf0-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000039-IAD
last-modified: Fri, 06 Sep 2024 09:08:28 GMT
server: cloudflare
x-timer: S1725615926.823186,VS0,VE7
etag: W/"66dac68c-2c52a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=BYxP3K_1gVw3POQa25i7JCrU.4QwF9UpUbkMw0WvlFc-1726260921-1.0.1.1-WZF0bjDKbW0qdl9nHLWV5gMIFBQjJPgwL5QYj.oQCq1_CT3eQ_vIm6Q_8OwDirA.OO4rQUP3LHqpnQ_AQkkZXoLQCmUP_lTpghgxSO_0fZN3IWoprgzyfjXpVOsoJRkVvsbzZ7ZGZkZhH5FxbG_.DlVRcyFnqF_tn7.v1OpS.X_2odpbzx22KcvskmzKo0V9GTg0OkKFQdKYbNvckOZovQ"}],"group":"cf-kixtnsyywbqerqwp","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=8s7vBSAq4NC.JWfk5SLYaE.jw7Nvfpwv85__Sm2nXt0-1726260921-1.0.1.1-4L9oRjXrpJyILl82IjG6oX9oIraXZ1LVkmUX.bYrFH8MS72MKg8GKLVYI0WbB6KofMSnTTHYGMaqi4WbXpkYSkNZZAKB815lxQWoslxZj73NWxyj5POJXXO9ih4oOE2uD1061qH04rytI5.eoYamLh0rsUxzYcxxLMv6TVf_mMgzkMp7uDBWGe38Jy8OC71dTpvAmX1fM1DwYJntlfiRvg"}],"group":"cf-uboxrhfajjwjmewk","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=9jJAaZFY4RaYmvbwhSz.FYSsl8s75Jm8ddWlQPaKiC8-1726260921-1.0.1.1-4aYg6PeprB4Uw2Trz1SAm2zC0mq3NHUBcLKOZO1M_QHzPTwi9vqJVyICjXmE70ax9zKrNo.iiwix2_47kj.RTd59BjGcn6ceazAW.TcWLHHWvjJgYehZkLSFhxr6WE7yCkB9nF2yks7XoPzFPZ6djGFLNs8CuRFrK0r2RoKf58nl44BEs3qf0EjSddqBFnXNEFoGO2F9Zcd.V1rI9M8PXA"}],"group":"cf-zegwynidwykxlxwn","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=PtGMv3.Djr4S.rZ5x3o2PuJraxGObsMXb9KJWkibUEI-1726260921-1.0.1.1-w1hIe9otjlATruhhsd5HMrTIlmpdTrU1iLv7MUL.WyHD7nemCAJCEM1VHvoAWGdIIjkA2z3uuCTcHGfHaJ2RY7zCo1E_Ks.MW_U94BMTxLGkFoep.37N1_UOr.oc5fr0d.a9J8UkzxdVZtYgCz33XdCQG7SUREbi1ocuXUbwgN1h1CVQShbMk.jsWUZsOOlDZKgocjmWP02x9bO31I4wLA"}],"group":"cf-gifuzagbeciyqjkl","max_age":86400}
content-type: text/css
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09a7bf34ab1e-YYZ
x-cache-hits: 0

GET
H2 200 csd4kkg.css
use.typekit.net/ 6 KB
1 KB 191ms
17ms Stylesheet
text/css 2600:141b:1c00:8::1728:b32c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/csd4kkg.css

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b32c Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

3a55d7bad75dfbc5f71ce1c967dcb60506ee28dd7b790989e075dd6e23a5d0b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Fri, 13 Sep 2024 20:55:21 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 933

GET
H2 200 launch-012b4acf6374.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/ 251 KB
70 KB 159ms
35ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/launch-012b4acf6374.min.js
Requested by: Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a0e1790d7d90c7a831dcb3efdb0211f3b478ede77758538e9ce456154be97165

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:22 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:14 GMT
server: AkamaiNetStorage
etag: "f0755e658f4c705c04704e025667ae5b:1726238954.337453"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 71870
expires: Fri, 13 Sep 2024 21:55:22 GMT

GET
H3 200 logo.svg
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/images/logo/ 2 KB
10 KB 175ms
168ms Image
image/svg+xml 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/images/logo/logo.svg

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3cb4dd6baf42a32c64edba891ed4a4b959c6c540fc3d6a082e11d4da6b3c144d

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8qcozdW092q009KPBcI32PAdGTYkrmjrkCQhnkxu9sI-1726260922-1.0.1.1-brUyLeEZ44YeXHUOvaZe6Yuq4ihvyvNheKoXObRSP5O5tf2t0xVhZyiE43IfG7kUKc8Ng40vkPN4XLtfCuzDKyRalU.g7suyHbvdK3EcI4lYMY9ZvBBkhRc73vJjfk4QzbrUPNoYizDnIWCLx6Xt3_ec3K3mf68r077d9Hdirvit7p5jL1IC6B7zr.kPRnRfVIDLtZLot9QqPQ.FZbkqCg; report-to cf-yfqiljntqozzftda, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=j0EjVrY7s_zvAW2qlx_EDFvZ5zEjWMhcV1_ItDVKzeI-1726260922-1.0.1.1-zFqVUfeJGGJ3hyO.FTWh0TzAoiq6AyXEEgYlnxeeBkWbprSHCHhUHb4LG5scZotZQ9YOnjLKWqhjFxrjkUesDjGOqOpL.JMOMtisqW7zOUd6Kwl9HKXIOzmhN4TRzAOcL99ufR2tA.CpGaQRpt7q22cNffw9ds1ccbulWzYbeiRlifjUl6tcIf2B5OwlCPdN_o2bsxa..p6.OANT1YW9VA; report-to cf-kvokskohdczwywcm

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-08c93229e497ba9db, i-08c93229e497ba9db
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8qcozdW092q009KPBcI32PAdGTYkrmjrkCQhnkxu9sI-1726260922-1.0.1.1-brUyLeEZ44YeXHUOvaZe6Yuq4ihvyvNheKoXObRSP5O5tf2t0xVhZyiE43IfG7kUKc8Ng40vkPN4XLtfCuzDKyRalU.g7suyHbvdK3EcI4lYMY9ZvBBkhRc73vJjfk4QzbrUPNoYizDnIWCLx6Xt3_ec3K3mf68r077d9Hdirvit7p5jL1IC6B7zr.kPRnRfVIDLtZLot9QqPQ.FZbkqCg; report-to cf-yfqiljntqozzftda, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=j0EjVrY7s_zvAW2qlx_EDFvZ5zEjWMhcV1_ItDVKzeI-1726260922-1.0.1.1-zFqVUfeJGGJ3hyO.FTWh0TzAoiq6AyXEEgYlnxeeBkWbprSHCHhUHb4LG5scZotZQ9YOnjLKWqhjFxrjkUesDjGOqOpL.JMOMtisqW7zOUd6Kwl9HKXIOzmhN4TRzAOcL99ufR2tA.CpGaQRpt7q22cNffw9ds1ccbulWzYbeiRlifjUl6tcIf2B5OwlCPdN_o2bsxa..p6.OANT1YW9VA; report-to cf-kvokskohdczwywcm
age: 644391
traceresponse: 00-17f29e8ae9dc8006b1e2a08942881764-f6b9953c628281a7-01
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZsaX7ha9u7uEDT2LV0ZmgKTfOdN21Xx7xDy9Qtacs6c-1726260922-1.0.1.1-ObXR9GpstoUrBGMak674vVmI7Zwgh18DLM_9EAf4uq.1RfysJcNGmfbotcCJEJVqipnxp4Yg8lJ20atmRnNe3GsOGCcelirz04smaxenuu8tqHECcN_OEzavvsaoRNb0fRQqVisJO2ZlK9X31wbV6w; report-to cf-csp-endpoint
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-pdk-kpdk1780072-PDK
last-modified: Fri, 06 Sep 2024 08:59:46 GMT
server: cloudflare
x-timer: S1725615927.651216,VS0,VE63
etag: W/"66dac482-39c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=dkwS2Xr.GXICVEqu0KZmywjVrze9Fi8ZsY8f5KUwA7o-1726260922-1.0.1.1-Hf_4hXBnz72LU5kDlgO8utMy9HpXszJ5rl6OHT.4BJ2vvYPVu3fX6mmoymitYxk_1KeBZK47Fqndce9OsHtX6gcvlgFtHwjJUyAYggVaM9fj1NPxl3XGjxAXePSS9dIaqp7TcdrA7FSysAqUi1LIGeaJggZODkuF6Rq0pJpyN5AsBnxCLmfYnKx__05AZ_DiojShuMsWSRakCqP0dz2xlA"}],"group":"cf-cnsiqkwsgxkqsyrr","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=O3jzYtSa2bG3Mf0bXuSA7HfnLUjbhX1iTbEQ8pzwLt0-1726260922-1.0.1.1-bxG6ZsvVAadVuG4gN8biJirtILhOwvhTcTNPjL7yTSDABDNFLv8l_6B2GDUUozzi6R5AdkWAPmf9hR5TTPezjsC6waHN.S2ikRtpOtWJIt1KWSoa1xqfwB4IrpkQyCezaBGz8tjuSc9lWLp9wtZc21LFGgD86ZOZ4LmGT8IuvvbsrF560WGnaiDG34Upnp_XieYAcJhtqm6SH3z_ZiJfYQ"}],"group":"cf-xuwhkndkthbhyxpv","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ZsaX7ha9u7uEDT2LV0ZmgKTfOdN21Xx7xDy9Qtacs6c-1726260922-1.0.1.1-ObXR9GpstoUrBGMak674vVmI7Zwgh18DLM_9EAf4uq.1RfysJcNGmfbotcCJEJVqipnxp4Yg8lJ20atmRnNe3GsOGCcelirz04smaxenuu8tqHECcN_OEzavvsaoRNb0fRQqVisJO2ZlK9X31wbV6w"}],"group":"cf-csp-endpoint","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=8qcozdW092q009KPBcI32PAdGTYkrmjrkCQhnkxu9sI-1726260922-1.0.1.1-brUyLeEZ44YeXHUOvaZe6Yuq4ihvyvNheKoXObRSP5O5tf2t0xVhZyiE43IfG7kUKc8Ng40vkPN4XLtfCuzDKyRalU.g7suyHbvdK3EcI4lYMY9ZvBBkhRc73vJjfk4QzbrUPNoYizDnIWCLx6Xt3_ec3K3mf68r077d9Hdirvit7p5jL1IC6B7zr.kPRnRfVIDLtZLot9QqPQ.FZbkqCg"}],"group":"cf-yfqiljntqozzftda","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=j0EjVrY7s_zvAW2qlx_EDFvZ5zEjWMhcV1_ItDVKzeI-1726260922-1.0.1.1-zFqVUfeJGGJ3hyO.FTWh0TzAoiq6AyXEEgYlnxeeBkWbprSHCHhUHb4LG5scZotZQ9YOnjLKWqhjFxrjkUesDjGOqOpL.JMOMtisqW7zOUd6Kwl9HKXIOzmhN4TRzAOcL99ufR2tA.CpGaQRpt7q22cNffw9ds1ccbulWzYbeiRlifjUl6tcIf2B5OwlCPdN_o2bsxa..p6.OANT1YW9VA"}],"group":"cf-kvokskohdczwywcm","max_age":86400}
content-type: image/svg+xml
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09af3eb2ab1e-YYZ
x-cache-hits: 0

GET
H3 200 require.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/requirejs/ 26 KB
17 KB 80ms
74ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/requirejs/require.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9685cb71997926787800eb8cc0b13873e0f39eb2a5e00a4005054480000dc27f

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=qw_NB6Ws6ysLLqp4VAoIj_t8Daf0wO5Rd8YujMqH4KU-1726260921-1.0.1.1-xPvFuxJc769cwDlwOcjVzhjEvwnJpb9hD6nmxL9FJbOvEEFHS8tbBKOGOJUayWtm9oFF_JWYdJe3_jz6MOP.NmRm7_e.uCuYEzor0lR7J3Owr1oVG3nwDOJAD2GzGjbnWcwxncLXxmI7g72SfMTASW.EpZXUNZmlthqP4qBoNbqxYVgdAOpvu73XFZGJOFuonB_atttiKFv91saOG0qKrg; report-to cf-tbjpygjrfyaswoeg, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GRpeT7_NLd4CiG1BLEmkz_jnotnkt4Q2vUsQq__XY8w-1726260921-1.0.1.1-f2qaS9IWi4lYtmyehuRJlD_MWs4hx4Tw1Ki7o9F6YmFbkDSbfNSuymDCvw5HT7kxOn9sJshmv_Fk42_qf3I_Cdq.Q4jd2n_5k5YKu_pJypElcYOT_uCY2OwvT6rddukuBLsxeIjHpfG4KEvU7hloqSOJ78LZM9LXDbNLp2DgHsIOX7E0X8TyRnVWVAh0i9KNltWy.ILJO9pjOB5vpzDFOw; report-to cf-zicadnysmamkkzwb

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:21 GMT
date: Fri, 13 Sep 2024 20:55:21 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-0e323f5c977a7b537, i-0e323f5c977a7b537
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=qw_NB6Ws6ysLLqp4VAoIj_t8Daf0wO5Rd8YujMqH4KU-1726260921-1.0.1.1-xPvFuxJc769cwDlwOcjVzhjEvwnJpb9hD6nmxL9FJbOvEEFHS8tbBKOGOJUayWtm9oFF_JWYdJe3_jz6MOP.NmRm7_e.uCuYEzor0lR7J3Owr1oVG3nwDOJAD2GzGjbnWcwxncLXxmI7g72SfMTASW.EpZXUNZmlthqP4qBoNbqxYVgdAOpvu73XFZGJOFuonB_atttiKFv91saOG0qKrg; report-to cf-tbjpygjrfyaswoeg, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GRpeT7_NLd4CiG1BLEmkz_jnotnkt4Q2vUsQq__XY8w-1726260921-1.0.1.1-f2qaS9IWi4lYtmyehuRJlD_MWs4hx4Tw1Ki7o9F6YmFbkDSbfNSuymDCvw5HT7kxOn9sJshmv_Fk42_qf3I_Cdq.Q4jd2n_5k5YKu_pJypElcYOT_uCY2OwvT6rddukuBLsxeIjHpfG4KEvU7hloqSOJ78LZM9LXDbNLp2DgHsIOX7E0X8TyRnVWVAh0i9KNltWy.ILJO9pjOB5vpzDFOw; report-to cf-zicadnysmamkkzwb
age: 644398
traceresponse: 00-17f29e8abe01e7aaa81a3602d260ad42-2d4dd27c910da7ec-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000133-IAD
last-modified: Fri, 06 Sep 2024 08:59:29 GMT
server: cloudflare
x-timer: S1725615926.952079,VS0,VE18
etag: W/"66dac471-1f45"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=OC8VnQRkoOea9SIyuKKygmNKvQzXjWY1l4LUzOupRq0-1726260921-1.0.1.1-0clfkaYWXr06y3r01bUEkEvZW_zGjOGRrHqQQawiBn2aeXMX6qHMMyJw4dHBMyY4iF1DdesZMKWkINcvF1zJpdtlb0JVmO1df8kmDLRUAqOeMtMcNqYI8oC1zhi.z8ywEb3.208pY.51Lh95wn.w_aYPE6b9bOJ5lRlhFu4FZc7Xc9IfdRVaMsG.S6A0aVUx8X9jnw7jk_VgHBY8Suez6w"}],"group":"cf-kgbrjbzvkgvgoqbs","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=z8O2cFTgXNO.Avm8mdBQA56n.7ixH1d5as8iWXFHp0E-1726260921-1.0.1.1-9h9T9xonSjQfUCf1LVPusLnAOPEaajNzAqSUM0HFzJlTyDYIChs6c0o0UKOMcnfaM76qqcRgFjP9bYfMBlGKUw.UVqog_QTMqZQDXW4sKAgxmoBTpGsXPOuu8UIS_lP87XMHOnFmU_EIdH_ophmPafoOdgrdEK4COd2Gc_XOqjknpW5evcPxApu0Txr6kzNFgE4ehUKI.dVRqT1g5ZfZEw"}],"group":"cf-mjjxnfmjvblvaaue","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=qw_NB6Ws6ysLLqp4VAoIj_t8Daf0wO5Rd8YujMqH4KU-1726260921-1.0.1.1-xPvFuxJc769cwDlwOcjVzhjEvwnJpb9hD6nmxL9FJbOvEEFHS8tbBKOGOJUayWtm9oFF_JWYdJe3_jz6MOP.NmRm7_e.uCuYEzor0lR7J3Owr1oVG3nwDOJAD2GzGjbnWcwxncLXxmI7g72SfMTASW.EpZXUNZmlthqP4qBoNbqxYVgdAOpvu73XFZGJOFuonB_atttiKFv91saOG0qKrg"}],"group":"cf-tbjpygjrfyaswoeg","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=GRpeT7_NLd4CiG1BLEmkz_jnotnkt4Q2vUsQq__XY8w-1726260921-1.0.1.1-f2qaS9IWi4lYtmyehuRJlD_MWs4hx4Tw1Ki7o9F6YmFbkDSbfNSuymDCvw5HT7kxOn9sJshmv_Fk42_qf3I_Cdq.Q4jd2n_5k5YKu_pJypElcYOT_uCY2OwvT6rddukuBLsxeIjHpfG4KEvU7hloqSOJ78LZM9LXDbNLp2DgHsIOX7E0X8TyRnVWVAh0i9KNltWy.ILJO9pjOB5vpzDFOw"}],"group":"cf-zicadnysmamkkzwb","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09a7bf3dab1e-YYZ
x-cache-hits: 0

GET
H3 200 requirejs-min-resolver.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/ 519 B
9 KB 93ms
88ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/requirejs-min-resolver.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b5778a825f1aef915a4a445b0153898da52e596dce76c6d67379444c2630137

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=5J9myDVLewqTtvkn_CfADBL3y0vY_GKRSTpdMVJhaiA-1726260921-1.0.1.1-wOA0CPwvUzbVhCcwLBpUX8BbVHy9ud9G3f2zY_2R49yzdJVy8SnUmNTrqDbksfAzJ12NKhAXIJ_MaKd8bjggtBcfr5RT76qZ6UosSCe2dJCvG1fheRqcYgozA6y6Co9qmPKlH7x58AhFeZC7_kmRpfez2cqtpdCO.vkmbvRPwb0VZCE7hMdy_2JpzyO_J.H1kKDTIk9V_l5AauPtFF6Plg; report-to cf-fcnpradxovvwjkrf, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=yztaeUiyeStRO_TbXM52FzsD6I18hj0JcGL0Sdvy6Iw-1726260921-1.0.1.1-IXf_5XCI_RAH3RgEfSGRv7cVflBF9qHee_CbK2b86bbRpCfhxUni_otwzDRvkLGMFOGD4iEIihjBjWQG3awdJM7tQXLKDxzlW3AMWNXR4wGPw4CM8o7_T7B7jlIOo7vNmBGoN49l1ZnW2XBA10K8HnyfE2IY9NAoqLCbvHLHbUEdqPdDhBwiHo975nDI8RiS2zMztFU4w1iDcCnr0eRN.w; report-to cf-nlsfxgyosmqnbywv

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:21 GMT
date: Fri, 13 Sep 2024 20:55:21 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-0e323f5c977a7b537, i-0e323f5c977a7b537
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=5J9myDVLewqTtvkn_CfADBL3y0vY_GKRSTpdMVJhaiA-1726260921-1.0.1.1-wOA0CPwvUzbVhCcwLBpUX8BbVHy9ud9G3f2zY_2R49yzdJVy8SnUmNTrqDbksfAzJ12NKhAXIJ_MaKd8bjggtBcfr5RT76qZ6UosSCe2dJCvG1fheRqcYgozA6y6Co9qmPKlH7x58AhFeZC7_kmRpfez2cqtpdCO.vkmbvRPwb0VZCE7hMdy_2JpzyO_J.H1kKDTIk9V_l5AauPtFF6Plg; report-to cf-fcnpradxovvwjkrf, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=yztaeUiyeStRO_TbXM52FzsD6I18hj0JcGL0Sdvy6Iw-1726260921-1.0.1.1-IXf_5XCI_RAH3RgEfSGRv7cVflBF9qHee_CbK2b86bbRpCfhxUni_otwzDRvkLGMFOGD4iEIihjBjWQG3awdJM7tQXLKDxzlW3AMWNXR4wGPw4CM8o7_T7B7jlIOo7vNmBGoN49l1ZnW2XBA10K8HnyfE2IY9NAoqLCbvHLHbUEdqPdDhBwiHo975nDI8RiS2zMztFU4w1iDcCnr0eRN.w; report-to cf-nlsfxgyosmqnbywv
age: 644396
traceresponse: 00-17f29e8abe01c55b2201442acaf2248f-9046ca4e9fecf8d9-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000140-IAD
last-modified: Fri, 06 Sep 2024 08:59:49 GMT
server: cloudflare
x-timer: S1725615926.953224,VS0,VE18
etag: W/"66dac485-14d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=a7NEQfvQgwzvOZDTu0cU4JWX5jzrAQ8qzprMen5HFPs-1726260921-1.0.1.1-1BC4YSbZxGN3XK8FtcMPTW.53eR4jo99TwLcvdXVKqioOVzpMJHutwGMdu3k2oO4QuQY0tSMqh7ZRr6SZ_n3BR9tlc6vW7ZpgCQB.8c4y_KZ50QXtopCVtaerg2.LF4MlImquW3BtaLuZAg8ocJ3qL7D.gM1aP84qHGw.qIH9nkfXx5tcI3BEZBwfmvw_u4Rk9q_svAQT.4qq34stwEaqA"}],"group":"cf-ntfjtusehscrtudj","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=8aHNKL.DN_hj1LjE2Z2qmt6jNUfhTuSPjxVPJ0C1HQQ-1726260921-1.0.1.1-SFCylGbPEfCwPeagT5p_V4bwHqUp7fDWI1QMLwTv6i5v2gfpLBAD.LkwU05FTubaIui6phSKHrVMGYGR5bZ_YY7t5ZbdZe4qAsr0ZuXC7s9q4TVkjI05vUZSYNfUgK4Ube3BVjFofxPsVcyNLnEjxrGgIRcEsJG3vJ2pCEpR1yMQClCR4oY0WP2qHz4g3SXlI2_SRzu.WMq2PD5rk33.eQ"}],"group":"cf-mxzunxlgshwuyctg","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=5J9myDVLewqTtvkn_CfADBL3y0vY_GKRSTpdMVJhaiA-1726260921-1.0.1.1-wOA0CPwvUzbVhCcwLBpUX8BbVHy9ud9G3f2zY_2R49yzdJVy8SnUmNTrqDbksfAzJ12NKhAXIJ_MaKd8bjggtBcfr5RT76qZ6UosSCe2dJCvG1fheRqcYgozA6y6Co9qmPKlH7x58AhFeZC7_kmRpfez2cqtpdCO.vkmbvRPwb0VZCE7hMdy_2JpzyO_J.H1kKDTIk9V_l5AauPtFF6Plg"}],"group":"cf-fcnpradxovvwjkrf","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=yztaeUiyeStRO_TbXM52FzsD6I18hj0JcGL0Sdvy6Iw-1726260921-1.0.1.1-IXf_5XCI_RAH3RgEfSGRv7cVflBF9qHee_CbK2b86bbRpCfhxUni_otwzDRvkLGMFOGD4iEIihjBjWQG3awdJM7tQXLKDxzlW3AMWNXR4wGPw4CM8o7_T7B7jlIOo7vNmBGoN49l1ZnW2XBA10K8HnyfE2IY9NAoqLCbvHLHbUEdqPdDhBwiHo975nDI8RiS2zMztFU4w1iDcCnr0eRN.w"}],"group":"cf-nlsfxgyosmqnbywv","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09a7bf3fab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle0.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 946 KB
254 KB 115ms
91ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle0.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9c2422604e5d51d58e09ad62046d2c9afb44c7816e6e8bc920ee2125c6fe499

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=nkybf.lDU1cd4KxGPh_q31h5bLNPsnZ30lu.Hw1XCQQ-1726260921-1.0.1.1-GS9EN3.t7pTngNghVeGT0805xlBq94IumO0eF2a1deK0YBWqVBVbM.F6TB9Cym_L1rURi.6efBIaOGL1iL1RJP3v2egbe66iCI93fwuInz5GUZRalSh7mTRtwCTptwQAqdKCDmD5PI_7JzPzQgB0TsP6k_bltBRILZ3Kywjl.Qximr2krwfRT3mj5Z3EqtqCTfS3O2b6Tc59cgXYSEbUBg; report-to cf-dajtbgjjeddolrej, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=StxN13_PjPMs.Rasn8uENyj12Ro181zGzNja8IwaH3w-1726260921-1.0.1.1-1YxKcV0K1H1gEj48FMQcGb4bIpROewN2hI1ol9iJm7myHp2JU1FqmU7jD8R3Z_qP7AQS.rMUg99rleUuJ7NwSP_sIOIaGtFQ_RwZRmDETSJ_n5ti4U7QzTPOc5GiidX3GcC5IwEv71QYH2YhgiplYGSUHgTf4CZ.5CzSR5EH81szKugTiZvI5crK7IRESlkIo4m.cNlnehbGbpimhYSAwg; report-to cf-prtempkmyilstxyq

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:21 GMT
date: Fri, 13 Sep 2024 20:55:21 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-0e323f5c977a7b537, i-0e323f5c977a7b537
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=nkybf.lDU1cd4KxGPh_q31h5bLNPsnZ30lu.Hw1XCQQ-1726260921-1.0.1.1-GS9EN3.t7pTngNghVeGT0805xlBq94IumO0eF2a1deK0YBWqVBVbM.F6TB9Cym_L1rURi.6efBIaOGL1iL1RJP3v2egbe66iCI93fwuInz5GUZRalSh7mTRtwCTptwQAqdKCDmD5PI_7JzPzQgB0TsP6k_bltBRILZ3Kywjl.Qximr2krwfRT3mj5Z3EqtqCTfS3O2b6Tc59cgXYSEbUBg; report-to cf-dajtbgjjeddolrej, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=StxN13_PjPMs.Rasn8uENyj12Ro181zGzNja8IwaH3w-1726260921-1.0.1.1-1YxKcV0K1H1gEj48FMQcGb4bIpROewN2hI1ol9iJm7myHp2JU1FqmU7jD8R3Z_qP7AQS.rMUg99rleUuJ7NwSP_sIOIaGtFQ_RwZRmDETSJ_n5ti4U7QzTPOc5GiidX3GcC5IwEv71QYH2YhgiplYGSUHgTf4CZ.5CzSR5EH81szKugTiZvI5crK7IRESlkIo4m.cNlnehbGbpimhYSAwg; report-to cf-prtempkmyilstxyq
age: 644395
traceresponse: 00-17f29e8abe601a38ac3ceff11b90650c-0d2cb60d71671b47-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000060-IAD
last-modified: Fri, 06 Sep 2024 08:59:58 GMT
server: cloudflare
x-timer: S1725615926.956225,VS0,VE23
etag: W/"66dac48e-3883c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=R5nba2DsgZiBMgTubi8ZtXo.6uYYl4.7M2FJIvVgpNM-1726260921-1.0.1.1-4NRxtZRGjAiN0umRMtXf0vsmFxffFOXYOoaxHCefbfvWl9dQbLujkrzP5le7e7oFj9obqtVJ5pgvknq1gvZRrwvrR_VU_omk9QGD9V52E_b43YMJUA6OK0_CLjjRY.rQw9OKgvi3dFpcwgTlIo6tj7EVvMs8PRq8RXjMd0Qh8Ch.pv7WxlVl7bLO5pQ0UQAEAlQFLlUL7_dG2oZLgCwgcA"}],"group":"cf-ajcwspunsphzfdyc","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=bWH6s3996EqhHHJDIW3JpP0y5Dft_GusqN1..powUAA-1726260921-1.0.1.1-3mgv.3IqlAIAXAndoaIPsEY9nciBULoaJaYjVmR0f.bz5r_WkyXLw_PIR23sKKBWTY_MuPSjHv5MZKfyx5PI6Jz32yLRc7tXvlJOyscUJFxGBiWXFXukZa3CkfHzJoOIHvTkEq6Uk1WlHGeR3IxVgPZOQsvu8_thgSgDi96OQyw7bnrxIXU7gcC89ddGGJfSGXNG53G1UWWbrTxzIVhRrQ"}],"group":"cf-jxoeerwawthsvpuv","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=nkybf.lDU1cd4KxGPh_q31h5bLNPsnZ30lu.Hw1XCQQ-1726260921-1.0.1.1-GS9EN3.t7pTngNghVeGT0805xlBq94IumO0eF2a1deK0YBWqVBVbM.F6TB9Cym_L1rURi.6efBIaOGL1iL1RJP3v2egbe66iCI93fwuInz5GUZRalSh7mTRtwCTptwQAqdKCDmD5PI_7JzPzQgB0TsP6k_bltBRILZ3Kywjl.Qximr2krwfRT3mj5Z3EqtqCTfS3O2b6Tc59cgXYSEbUBg"}],"group":"cf-dajtbgjjeddolrej","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=StxN13_PjPMs.Rasn8uENyj12Ro181zGzNja8IwaH3w-1726260921-1.0.1.1-1YxKcV0K1H1gEj48FMQcGb4bIpROewN2hI1ol9iJm7myHp2JU1FqmU7jD8R3Z_qP7AQS.rMUg99rleUuJ7NwSP_sIOIaGtFQ_RwZRmDETSJ_n5ti4U7QzTPOc5GiidX3GcC5IwEv71QYH2YhgiplYGSUHgTf4CZ.5CzSR5EH81szKugTiZvI5crK7IRESlkIo4m.cNlnehbGbpimhYSAwg"}],"group":"cf-prtempkmyilstxyq","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09a8a860ab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle1.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 1 MB
320 KB 159ms
135ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle1.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d238c3b4d157d9e1d8d0f0d5ccc65e8ae3ea7118ef2df89d04fbd152d862ed16

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GQ3Min5xrObjQWEk7wsTC.mG0uo4lenJ8utiMjXWaFA-1726260921-1.0.1.1-HcpdzHjDuDYrlpttqNqVKWKxqr0ucVoLMR5smHYOf5FFbP39iAwqn.3dBgepVrygkhSoPuwxJhnLEWuy2E_GX41v5Fn2NhxaQm2mPINNBDkCoBISkauKr3Ymo.UJGy5Kw2yg778QVVR6U9tXoGNK945wdx45AiGIQd3SRY5SJ2W8iu1aqGygGwsSVjIWQLl.T2DQ.S06aowbOA6I7rOKcQ; report-to cf-yomfsofuwgsclyjm, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=kzNwKs8RH0ZUZqA3xZpYUOutZnTlBp6KgqbVMV7R4.E-1726260921-1.0.1.1-6w80ewqETtgbOvc8oJ8VbQwZLQZ_Q81kQajISI.eiixHWnNnEU3noDobL80OV2x.MC01Y9tedBjqjRnK8NaIB.g3P2aJfI56f.LRmhL0LjI9sQrpYucc8OaIWmXO00ehFNuwSAs4Ib8R8nuPvGdQQzx4.KjvMb45LYfd2nq28MzLOk9u2EvWVYKUc2Daeq1RVo2yw4cZE1FdKtIciVD0pw; report-to cf-ylpfmrzaljaqbsca

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:21 GMT
date: Fri, 13 Sep 2024 20:55:21 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-08c93229e497ba9db, i-08c93229e497ba9db
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GQ3Min5xrObjQWEk7wsTC.mG0uo4lenJ8utiMjXWaFA-1726260921-1.0.1.1-HcpdzHjDuDYrlpttqNqVKWKxqr0ucVoLMR5smHYOf5FFbP39iAwqn.3dBgepVrygkhSoPuwxJhnLEWuy2E_GX41v5Fn2NhxaQm2mPINNBDkCoBISkauKr3Ymo.UJGy5Kw2yg778QVVR6U9tXoGNK945wdx45AiGIQd3SRY5SJ2W8iu1aqGygGwsSVjIWQLl.T2DQ.S06aowbOA6I7rOKcQ; report-to cf-yomfsofuwgsclyjm, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=kzNwKs8RH0ZUZqA3xZpYUOutZnTlBp6KgqbVMV7R4.E-1726260921-1.0.1.1-6w80ewqETtgbOvc8oJ8VbQwZLQZ_Q81kQajISI.eiixHWnNnEU3noDobL80OV2x.MC01Y9tedBjqjRnK8NaIB.g3P2aJfI56f.LRmhL0LjI9sQrpYucc8OaIWmXO00ehFNuwSAs4Ib8R8nuPvGdQQzx4.KjvMb45LYfd2nq28MzLOk9u2EvWVYKUc2Daeq1RVo2yw4cZE1FdKtIciVD0pw; report-to cf-ylpfmrzaljaqbsca
age: 644393
traceresponse: 00-17f29e8abe73db407711b0a345246e29-d1b41d0beda9c032-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000081-IAD
last-modified: Fri, 06 Sep 2024 08:59:58 GMT
server: cloudflare
x-timer: S1725615926.958881,VS0,VE19
etag: W/"66dac48e-48e00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=eXLrbXlfcOnPt5K8OC63NkoNmTLjjfbOGDeaQ1LV1Cg-1726260921-1.0.1.1-_Ea0UBk9W6_3d.YdgHobLdInNPtJMlso_cQDEh.YJ41qvW9vvcUxBFTv_qQ45gV353XtKgZz3KsDgckaYmAuVtB1fHfMwZtRyN3E72ce5JbN0gesZLw2ntk35Uce2hJN2gRinDzUY26xiU7l8ImhZyeFBfzi1jjwNlE5LkELFe_WfLJ1hf2zG1AUywg.6iqSGkFs4jBWPELFDEFD3FZ1NQ"}],"group":"cf-aazokldepmnfncdm","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=96YHtBWFdZT6mvRhoZwNs9pP.VOug8tuZ1c0kd1hLUg-1726260921-1.0.1.1-oiOr_tdXcWUziPWuvafkEAuakS61bmGgalXiA1Xv8JH_Cq3IRoYWF3K30eCZJcSGeiH2X9nrX1gUb_4zo5MOIW_MvbHvehCuINtS4NDLccJCM7UR_mkvOmpCkeuwH7eUIcF0e0liJzb6rojKgfojs3QmJn4iprSpj4NsBeLL5bcaznps5kjiJD2PElqpoUaP8pPakFk_DcXRUbEme635wg"}],"group":"cf-ojsjmegmausfnyll","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=GQ3Min5xrObjQWEk7wsTC.mG0uo4lenJ8utiMjXWaFA-1726260921-1.0.1.1-HcpdzHjDuDYrlpttqNqVKWKxqr0ucVoLMR5smHYOf5FFbP39iAwqn.3dBgepVrygkhSoPuwxJhnLEWuy2E_GX41v5Fn2NhxaQm2mPINNBDkCoBISkauKr3Ymo.UJGy5Kw2yg778QVVR6U9tXoGNK945wdx45AiGIQd3SRY5SJ2W8iu1aqGygGwsSVjIWQLl.T2DQ.S06aowbOA6I7rOKcQ"}],"group":"cf-yomfsofuwgsclyjm","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=kzNwKs8RH0ZUZqA3xZpYUOutZnTlBp6KgqbVMV7R4.E-1726260921-1.0.1.1-6w80ewqETtgbOvc8oJ8VbQwZLQZ_Q81kQajISI.eiixHWnNnEU3noDobL80OV2x.MC01Y9tedBjqjRnK8NaIB.g3P2aJfI56f.LRmhL0LjI9sQrpYucc8OaIWmXO00ehFNuwSAs4Ib8R8nuPvGdQQzx4.KjvMb45LYfd2nq28MzLOk9u2EvWVYKUc2Daeq1RVo2yw4cZE1FdKtIciVD0pw"}],"group":"cf-ylpfmrzaljaqbsca","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09a928ddab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle2.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 826 KB
224 KB 56ms
55ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle2.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cf7639863dd3a0d70b22b418c8101f15778ebc9eba65eb76dd3f6bd80fa1729

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Ydx2zRFc5yalWrZmpPR0z34NGuAPuXMPR.EaE1u.oO8-1726260922-1.0.1.1-Waob9Kwhsa.TOcTjqsceyk1XGN34ckD8oTuJ_M.82wFSXbiX5..WGzXjW5BtmcxIK821DePJXlpeMs.AVXdEn_3JazHuy8kms0_sLBktKreQlDi0z.CQVN.5IceBPTs7Be5._416ah1AENHqeH0uVwo8NRyofDUQXalpvZ6Md68a54SpLKGRE0LMbLjkZgaojjmJ6k4.BMSJe490m8SmaA; report-to cf-jugmjyflbzvydksn, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ywByMn5shM40OtM.LsytzStQWqLNm.3pq9K0SSbxP_I-1726260922-1.0.1.1-yTmdRHNE8IYVR36.41egSbXFOrV8mjBF.qWjNG3lRzjAPSjgNmkK0WsPpAG0V88r1uikkyk.4sPxQV1s2Rra0bZmWVuvGE5hYZc6YrKSdurvaXAycFTKZRc24f1nwo1GVfpt7pVIOpdxKEhG6PlryU_oZJMw4HNXtum0yazq8FOQgwnbZ82tfIoaIskbXHqE1FU1cFV5cd.0gRBDZZyQPQ; report-to cf-doghzdocbzwxxwtm

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-0e323f5c977a7b537, i-0e323f5c977a7b537
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Ydx2zRFc5yalWrZmpPR0z34NGuAPuXMPR.EaE1u.oO8-1726260922-1.0.1.1-Waob9Kwhsa.TOcTjqsceyk1XGN34ckD8oTuJ_M.82wFSXbiX5..WGzXjW5BtmcxIK821DePJXlpeMs.AVXdEn_3JazHuy8kms0_sLBktKreQlDi0z.CQVN.5IceBPTs7Be5._416ah1AENHqeH0uVwo8NRyofDUQXalpvZ6Md68a54SpLKGRE0LMbLjkZgaojjmJ6k4.BMSJe490m8SmaA; report-to cf-jugmjyflbzvydksn, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ywByMn5shM40OtM.LsytzStQWqLNm.3pq9K0SSbxP_I-1726260922-1.0.1.1-yTmdRHNE8IYVR36.41egSbXFOrV8mjBF.qWjNG3lRzjAPSjgNmkK0WsPpAG0V88r1uikkyk.4sPxQV1s2Rra0bZmWVuvGE5hYZc6YrKSdurvaXAycFTKZRc24f1nwo1GVfpt7pVIOpdxKEhG6PlryU_oZJMw4HNXtum0yazq8FOQgwnbZ82tfIoaIskbXHqE1FU1cFV5cd.0gRBDZZyQPQ; report-to cf-doghzdocbzwxxwtm
age: 641943
traceresponse: 00-17f29e8abe71954afd67f8c05f051efb-dc575df978216e35-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000095-IAD
last-modified: Fri, 06 Sep 2024 08:59:58 GMT
server: cloudflare
x-timer: S1725615926.959317,VS0,VE19
etag: W/"66dac48e-34ad7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=CEuEcLwFIV7SgETtVbIVGt7mmTAcnu9iN92iHMwEwWg-1726260922-1.0.1.1-qzK8XOEL0JWzmkeA3MkvUp_1F2HXptkB4CtErOf2S88v.jAtHRFB_mb6ouPQQwtJQ6e.5BQ2tJmVgRm96.CkpM7W6Iu2sjXSWMJlFr68HDClztNpHh_piPgJCwP3f90MqeUfumtivzdhP06w2rwCtURbmlohZDd2pQSOJPSCxtbQHSJF_xZ1CDd_VcLv.enpoPBhCDkJcxzZGbrq1qbJQA"}],"group":"cf-apmywfqvgzscuypw","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=OaMGSIS9zFfkugRZaEKMvo0skL7I3jLe1wU3dOhu1n8-1726260922-1.0.1.1-vRVj3kIAK9vk_8KJRYXLTBmJ2XZuzxZ5I0luLyPnNKKoDlb9rkaBYuUlF7myNC_SAhwMDbQob34zShbfaYpJmtnuCm5xOqvDDkxa7XUf4FHAu.UbDbjswI1wcwXpaAiBFLmj9bWa1gETMqghgACO9uOawHG8PVyuZkB3k.IlrLRzx3fLMGO8YBA7d8RBtaTRUcqMhTxQNMVtA4rmd62s.A"}],"group":"cf-gkwcjhivuawxqzhy","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Ydx2zRFc5yalWrZmpPR0z34NGuAPuXMPR.EaE1u.oO8-1726260922-1.0.1.1-Waob9Kwhsa.TOcTjqsceyk1XGN34ckD8oTuJ_M.82wFSXbiX5..WGzXjW5BtmcxIK821DePJXlpeMs.AVXdEn_3JazHuy8kms0_sLBktKreQlDi0z.CQVN.5IceBPTs7Be5._416ah1AENHqeH0uVwo8NRyofDUQXalpvZ6Md68a54SpLKGRE0LMbLjkZgaojjmJ6k4.BMSJe490m8SmaA"}],"group":"cf-jugmjyflbzvydksn","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ywByMn5shM40OtM.LsytzStQWqLNm.3pq9K0SSbxP_I-1726260922-1.0.1.1-yTmdRHNE8IYVR36.41egSbXFOrV8mjBF.qWjNG3lRzjAPSjgNmkK0WsPpAG0V88r1uikkyk.4sPxQV1s2Rra0bZmWVuvGE5hYZc6YrKSdurvaXAycFTKZRc24f1nwo1GVfpt7pVIOpdxKEhG6PlryU_oZJMw4HNXtum0yazq8FOQgwnbZ82tfIoaIskbXHqE1FU1cFV5cd.0gRBDZZyQPQ"}],"group":"cf-doghzdocbzwxxwtm","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09aaea5eab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle3.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 1021 KB
326 KB 57ms
57ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle3.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d2d50aa7913e562d4d2c4c302103991f36b7b9ea41fd5d6957bb161c01e6396

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=KiWhfJBtyw2pimWdafQL_atYBdDqz.UABBRaPPaVKB4-1726260922-1.0.1.1-dM9TK0_IxinUf8QLi8RmTN0u11YfgH41i73AHcodRcMW4OweQNvOgJx9VYSbaI1aTqOxoCQx_mIwkwmt8YqTDG_nrgNy0P8CPqbaOcR.KHtLzAAy7npX_0b6ubEEhEmpx9m.2TuIx039.Hox1DSNrRsylF_gag9jRmNckAcTEVes.yT_ow1qBjsG71kTUy.D4btUyBeHfxs5ZJKTs9ofXg; report-to cf-qsfkmywhrvvbhqgf, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=KNYu2SpyPitxwF59wevzacftrmkY7LaQKQTGNjquh3g-1726260922-1.0.1.1-Fiegg.b5mNbJSnE8FdUIqceqHfI1QgWXAatToPYmTTn5fGxVyd20hz20eHNWmp7ombEcXTXf3waI1GthYDQKS71xHfB3wrdTqN0mESPtk3RB6P8LGb.TfCFyMwt_Znou3bFFdvzCJoBmxy2m_awqmkj3JcRpz82Eq6pM8A5QiaLnVKpPg61fWKpxxEl61rbKvSSa1Doi5KHq8L5Oa1sQ0Q; report-to cf-ylcysctkvowwhfry

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-0c294fe8fe2b2ea99, i-0c294fe8fe2b2ea99
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=KiWhfJBtyw2pimWdafQL_atYBdDqz.UABBRaPPaVKB4-1726260922-1.0.1.1-dM9TK0_IxinUf8QLi8RmTN0u11YfgH41i73AHcodRcMW4OweQNvOgJx9VYSbaI1aTqOxoCQx_mIwkwmt8YqTDG_nrgNy0P8CPqbaOcR.KHtLzAAy7npX_0b6ubEEhEmpx9m.2TuIx039.Hox1DSNrRsylF_gag9jRmNckAcTEVes.yT_ow1qBjsG71kTUy.D4btUyBeHfxs5ZJKTs9ofXg; report-to cf-qsfkmywhrvvbhqgf, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=KNYu2SpyPitxwF59wevzacftrmkY7LaQKQTGNjquh3g-1726260922-1.0.1.1-Fiegg.b5mNbJSnE8FdUIqceqHfI1QgWXAatToPYmTTn5fGxVyd20hz20eHNWmp7ombEcXTXf3waI1GthYDQKS71xHfB3wrdTqN0mESPtk3RB6P8LGb.TfCFyMwt_Znou3bFFdvzCJoBmxy2m_awqmkj3JcRpz82Eq6pM8A5QiaLnVKpPg61fWKpxxEl61rbKvSSa1Doi5KHq8L5Oa1sQ0Q; report-to cf-ylcysctkvowwhfry
age: 644392
traceresponse: 00-17f29e8abf6f4fedd05007e11a2bd84a-0d4bc9ea18b643ab-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000155-IAD
last-modified: Fri, 06 Sep 2024 08:59:59 GMT
server: cloudflare
x-timer: S1725615926.966266,VS0,VE28
etag: W/"66dac48f-4dce0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=joGl45XlXgca4Ci31OyeaOR6Mv2qolNFOd.Wzfpqi8I-1726260922-1.0.1.1-eHtUrbXv.DjYT0kDOQmPfsho_cRjUecKOqTkUvSoUhJsF7GrJCDDGU6u7Sw.QjEO9vV29nghNYSzHUJHyWTVO_VbXRVT8vz1tQU.pSQ0xPxv9CJ9ZmiJ15vOufXTWthPZJ37DUZ0bB8g4UDSZ4Xi2YYYuffR7zKq52n.IqiG40nL_8en9vrqi4TupSd7SI7RF1qyxpKGVpYya1Uytlzeqw"}],"group":"cf-xitkjkdcqvbkxtyp","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=HThUULV88WRo3igo.YuWiT1GWk21m0u_QX28ez.eKbQ-1726260922-1.0.1.1-.JzZ1blIF.Zun7ezXIqsT6mSOc0OtBxsoDCNVmdoGX8unrxC.0b0Yb7MWd3zllcMTU6KhKDlOSyHs3I8DavhF.hbERd6m6twJqZLshnRJo1VR9jypU5MUIAAbwK0.U4asrquzoV3VEHNL7uIqJvNXuSwTf5SN0yK.2RBIl0z48ipek350kdAs1.7NON2i3igTDg7KJ.YiUu46lfSmLQmcQ"}],"group":"cf-egypspbnpdvhncdm","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=KiWhfJBtyw2pimWdafQL_atYBdDqz.UABBRaPPaVKB4-1726260922-1.0.1.1-dM9TK0_IxinUf8QLi8RmTN0u11YfgH41i73AHcodRcMW4OweQNvOgJx9VYSbaI1aTqOxoCQx_mIwkwmt8YqTDG_nrgNy0P8CPqbaOcR.KHtLzAAy7npX_0b6ubEEhEmpx9m.2TuIx039.Hox1DSNrRsylF_gag9jRmNckAcTEVes.yT_ow1qBjsG71kTUy.D4btUyBeHfxs5ZJKTs9ofXg"}],"group":"cf-qsfkmywhrvvbhqgf","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=KNYu2SpyPitxwF59wevzacftrmkY7LaQKQTGNjquh3g-1726260922-1.0.1.1-Fiegg.b5mNbJSnE8FdUIqceqHfI1QgWXAatToPYmTTn5fGxVyd20hz20eHNWmp7ombEcXTXf3waI1GthYDQKS71xHfB3wrdTqN0mESPtk3RB6P8LGb.TfCFyMwt_Znou3bFFdvzCJoBmxy2m_awqmkj3JcRpz82Eq6pM8A5QiaLnVKpPg61fWKpxxEl61rbKvSSa1Doi5KHq8L5Oa1sQ0Q"}],"group":"cf-ylcysctkvowwhfry","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09aaea62ab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle4.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 1 MB
276 KB 118ms
116ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle4.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87ffad11c7c626ac32be0bb1682ac038192b5a4beebded6eceaf8c610212bdb8

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=e.a10MvgbkrBSk4sNInE4tNkYgDZabyu1qM1Z3qpBqs-1726260922-1.0.1.1-24HwDGdV4ORmFnv..l.XWCKMVOS.9wGzmNjbzEKPYxzwT3s9gTloCt.12w5OEnSxiiQm1ZMKS6OtHErqus5DQMjC_D2nvGMwDLIFNXTKweDVla.mGXwtv_nQfIMuxARUFyMYnB5M8r4ncyiAmvea.gwB7ELaHZ_nVSVh0CG3laZaRK80JQ3sdYMY028Pfyn1_rfOsz8GeFdwxqnm1hOokw; report-to cf-jyqdpsvxdmdblxfh, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=G.rdLhfs_ywggJhERcoKJg9gJibjcof04XLtk6VQVq4-1726260922-1.0.1.1-BbLKq25yxFBNTBoTme8Lwc0.V02rx2oS1a0EnNS7qPnuThb7TW2tCifkSr375A0JJz_4RAbBgSMsHAtoLkIw_cncgVrPKTrih6fqLKMjHVNXEx2YwrVZc4h1eCfstPhnYKHW3j8nk2kMhNVakxJB4hI4UYTq4zUEQGcO7fRgqdyPR8UNuCmfC1XfJvC0q9RiLulDaPNQxjXw6g898diISQ; report-to cf-rkathevauawytasa

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-0ec55145e3d5f3f7e, i-0ec55145e3d5f3f7e
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=e.a10MvgbkrBSk4sNInE4tNkYgDZabyu1qM1Z3qpBqs-1726260922-1.0.1.1-24HwDGdV4ORmFnv..l.XWCKMVOS.9wGzmNjbzEKPYxzwT3s9gTloCt.12w5OEnSxiiQm1ZMKS6OtHErqus5DQMjC_D2nvGMwDLIFNXTKweDVla.mGXwtv_nQfIMuxARUFyMYnB5M8r4ncyiAmvea.gwB7ELaHZ_nVSVh0CG3laZaRK80JQ3sdYMY028Pfyn1_rfOsz8GeFdwxqnm1hOokw; report-to cf-jyqdpsvxdmdblxfh, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=G.rdLhfs_ywggJhERcoKJg9gJibjcof04XLtk6VQVq4-1726260922-1.0.1.1-BbLKq25yxFBNTBoTme8Lwc0.V02rx2oS1a0EnNS7qPnuThb7TW2tCifkSr375A0JJz_4RAbBgSMsHAtoLkIw_cncgVrPKTrih6fqLKMjHVNXEx2YwrVZc4h1eCfstPhnYKHW3j8nk2kMhNVakxJB4hI4UYTq4zUEQGcO7fRgqdyPR8UNuCmfC1XfJvC0q9RiLulDaPNQxjXw6g898diISQ; report-to cf-rkathevauawytasa
age: 644391
traceresponse: 00-17f29e8ac1cfe7bea7a79b6ee95f1751-4e0fb9c2c31d4023-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-pdk-kfty2130090-PDK
last-modified: Fri, 06 Sep 2024 08:59:59 GMT
server: cloudflare
x-timer: S1725615926.966909,VS0,VE73
etag: W/"66dac48f-3d033"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ukdNED1nRxmAsv8EHkUsqYf7AO_Qfv6W3CkaY8znaiY-1726260922-1.0.1.1-A.Ls5qHbwIKOI1iGxzPpN7_cEUl4Qp4eDEuMaeiwImUJUYr.Fn2LMoSnacldHkwnJfdGnhE43U9aFsIU_Twb.4rnsUWJqQPsV.mTZPoQvxeN53KwN_.QQe9hYljnL0BqMUp3AMurGeA3ASScpie1H.XysMJQcz.jNIePDErGcj_BAvTzEw.xqyVtWbdUeDWdLavEy7ubfP4.QIwfnBYkJA"}],"group":"cf-ptsbvxwejcojwbcp","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=YpAlDcQL9X5knZ67UBJv.zcXn0BaVogpg.9_PLA8HeM-1726260922-1.0.1.1-he1r0XLFb9kH2rWaGHs_Shu1XJ2xIfjJb7lI0aNx0trwZwpGOkUuOqxLBHTS4Yts8FRPwdfC2CAGSTx8.RreQPEMRcbJBhv1L4mrfaEVkw58VkrL71bzvDgcfFJMVeaf00.HItRCew23HeNULdT7H0o6owspeprNcnBrGvcTo4xjvhRok6.Qx8oWAP0kqQi0P1xz8XFctoghsYJv9cL2Ug"}],"group":"cf-vhijblaevxlaxxhs","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=e.a10MvgbkrBSk4sNInE4tNkYgDZabyu1qM1Z3qpBqs-1726260922-1.0.1.1-24HwDGdV4ORmFnv..l.XWCKMVOS.9wGzmNjbzEKPYxzwT3s9gTloCt.12w5OEnSxiiQm1ZMKS6OtHErqus5DQMjC_D2nvGMwDLIFNXTKweDVla.mGXwtv_nQfIMuxARUFyMYnB5M8r4ncyiAmvea.gwB7ELaHZ_nVSVh0CG3laZaRK80JQ3sdYMY028Pfyn1_rfOsz8GeFdwxqnm1hOokw"}],"group":"cf-jyqdpsvxdmdblxfh","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=G.rdLhfs_ywggJhERcoKJg9gJibjcof04XLtk6VQVq4-1726260922-1.0.1.1-BbLKq25yxFBNTBoTme8Lwc0.V02rx2oS1a0EnNS7qPnuThb7TW2tCifkSr375A0JJz_4RAbBgSMsHAtoLkIw_cncgVrPKTrih6fqLKMjHVNXEx2YwrVZc4h1eCfstPhnYKHW3j8nk2kMhNVakxJB4hI4UYTq4zUEQGcO7fRgqdyPR8UNuCmfC1XfJvC0q9RiLulDaPNQxjXw6g898diISQ"}],"group":"cf-rkathevauawytasa","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09abcb1bab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle5.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 1 MB
304 KB 78ms
77ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle5.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6ccb5cfca813ee3a8a6b1311ce8055eac0724006412e010ab00db66e9f943b5

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=tsQ26FBjVuHobDdax0GKf5BColcrgQJDdEO2sZ5NwmY-1726260922-1.0.1.1-httpiS8rNzui1BR3rDZm_Z5gyIfL3Jj.U_C4WDNT42Jiss0f0V4j3ipTtvg3o3ByFmbP46vWfPoo5r9N7Pp_jcNYxWIAFJqfnOid0WuL3clyoS9d5ueKFudQX2iKNRHdyctJdMbUmLlIsWTg59D0.MTSIerP5ie4zvyPq122ArZLv6TphS1uRmbVsTrvGjUb8qeJAqwBu5pmOSTrZ981xg; report-to cf-auyoqbquhdbpigic, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ztIQoVT40rqzaZwVVIpQxQuQYzTVpGk2VxnVtj4EBXk-1726260922-1.0.1.1-oddf_ODNKGqp2DHnoTskzVXDobOkdlYOWeqgntEEX70kYL6yh2XccBto9mW8PlstzUj1K8UPfiqVmOlbBQ7hvfvXGsKOmuxIQcTVVaNbd3WZ9ZsKrkNn_wGWVLidjWnf5dvV.OV_gGYTJtsfDhnf8FHFDcZx6pM9JQC9VNMIMF3yWO4IzeyyAkJOOj7sUGmxe8nwklqtfeeHerc9pE1NDA; report-to cf-ydtvupkqgyzjfhht

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-05fb2acf84a0261d6, i-05fb2acf84a0261d6
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=tsQ26FBjVuHobDdax0GKf5BColcrgQJDdEO2sZ5NwmY-1726260922-1.0.1.1-httpiS8rNzui1BR3rDZm_Z5gyIfL3Jj.U_C4WDNT42Jiss0f0V4j3ipTtvg3o3ByFmbP46vWfPoo5r9N7Pp_jcNYxWIAFJqfnOid0WuL3clyoS9d5ueKFudQX2iKNRHdyctJdMbUmLlIsWTg59D0.MTSIerP5ie4zvyPq122ArZLv6TphS1uRmbVsTrvGjUb8qeJAqwBu5pmOSTrZ981xg; report-to cf-auyoqbquhdbpigic, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ztIQoVT40rqzaZwVVIpQxQuQYzTVpGk2VxnVtj4EBXk-1726260922-1.0.1.1-oddf_ODNKGqp2DHnoTskzVXDobOkdlYOWeqgntEEX70kYL6yh2XccBto9mW8PlstzUj1K8UPfiqVmOlbBQ7hvfvXGsKOmuxIQcTVVaNbd3WZ9ZsKrkNn_wGWVLidjWnf5dvV.OV_gGYTJtsfDhnf8FHFDcZx6pM9JQC9VNMIMF3yWO4IzeyyAkJOOj7sUGmxe8nwklqtfeeHerc9pE1NDA; report-to cf-ydtvupkqgyzjfhht
age: 644391
traceresponse: 00-17f29e8ac22cd17d50180a3690a2d6d1-526323cbad859245-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000088-IAD
last-modified: Fri, 06 Sep 2024 08:59:59 GMT
server: cloudflare
x-timer: S1725615926.020604,VS0,VE21
etag: W/"66dac48f-45930"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=bbD37jThHEU.6gh2MP7zq0bza2DMKFESvf16lQpUXOk-1726260922-1.0.1.1-Fk1IlEe4w8AiaVO0yQvuYOkdSsODC1DL7kO3nkbJ26MsjhTmrGc0t.ARrU7t_J5NzDrzn2wBFHjAe7KGhfYc6uBbIDLF6IfCIFKZb4n_APZUEpC66mURqBj1fewRxZlnXABSRdfBxdQIZ8uBaOqspKo7JWQ4sASR52mQOLz4ksah1sCLjOjKwHbSJ9ZOLdhx9N6bddhGHTXSQbSqojzR_Q"}],"group":"cf-qcfdjtpcombinlhm","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=uNIJRPDGx9vNXpdCStUI__Ya_M7w9IVemdtpCD.kSWM-1726260922-1.0.1.1-nXgDEYBE.IcNNiKOEHc.JwgwnfON5R4mveco0kSdYPMPMmcwEZBgaStOOkjnx.xaiMSw97SJAI3T4mIwEV_dVAD35CtgCffzFp0Pxwv3eOeGHA71SFiwhXwrlhOwrA1eJF1VYYAnfp41JNaU619ji7HYFgLO0HHOGMu4ORVJvPYtXZwxgMtBNMRQNSLmIKXFBr5_RiExA1qrNo.O.TOzRQ"}],"group":"cf-jicijruottiewebd","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=tsQ26FBjVuHobDdax0GKf5BColcrgQJDdEO2sZ5NwmY-1726260922-1.0.1.1-httpiS8rNzui1BR3rDZm_Z5gyIfL3Jj.U_C4WDNT42Jiss0f0V4j3ipTtvg3o3ByFmbP46vWfPoo5r9N7Pp_jcNYxWIAFJqfnOid0WuL3clyoS9d5ueKFudQX2iKNRHdyctJdMbUmLlIsWTg59D0.MTSIerP5ie4zvyPq122ArZLv6TphS1uRmbVsTrvGjUb8qeJAqwBu5pmOSTrZ981xg"}],"group":"cf-auyoqbquhdbpigic","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ztIQoVT40rqzaZwVVIpQxQuQYzTVpGk2VxnVtj4EBXk-1726260922-1.0.1.1-oddf_ODNKGqp2DHnoTskzVXDobOkdlYOWeqgntEEX70kYL6yh2XccBto9mW8PlstzUj1K8UPfiqVmOlbBQ7hvfvXGsKOmuxIQcTVVaNbd3WZ9ZsKrkNn_wGWVLidjWnf5dvV.OV_gGYTJtsfDhnf8FHFDcZx6pM9JQC9VNMIMF3yWO4IzeyyAkJOOj7sUGmxe8nwklqtfeeHerc9pE1NDA"}],"group":"cf-ydtvupkqgyzjfhht","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09adcd0eab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle6.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 1 MB
250 KB 117ms
117ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle6.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83fbfbc1de60b5eca1256243958600164c0d000b40c05ad57ca47106e49c85c3

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=.A9jnoIJszX1mkYM3.wX.Pv9ofQ5CFnFJRWy.6WcTcU-1726260922-1.0.1.1-vD9zCaaeLvbvg76MYemcmeVSpLMWpSeuGtiDRGVLpIBV9l8qvYAcrr6QTUsP80KwZPRVskx1Gn7LW3PdVZamwbMAQzb.LdGHy0H.g6h6twjZnZiAiERiwBi7e.HEWo.dO.aK9AqNBmglF.GxpiOjefycY8.X1ls.HbxwQsl8qx1khpE7OwK3yCPS1xF9izPPxQ3hMcH1LZoL0C_p0beKLQ; report-to cf-bzhctuqbaaifgdqf, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=M7HAAyFgk_z8OzNAMRx5Wag46GIPAtWoWV9W6K2BM9k-1726260922-1.0.1.1-bpPR4Ejv2Iq_U4pAnTrTA3xbBwLeibLsRu26wgi2vfjo0ZVduN..y7pAkD5HDKOfGb2p6wbMgF7K6raqfoyReHaRIIRECLXezor.J9hwqjXNcl7PZLveWx6PUD2Vj0aZ7iPM1TkLyRtFhNiV5Wor3spBKxcxNLNymrLoHLeRL.KomR8WasejeQtKpdqyVP2SlZBXq7BQJ_5pHiWeOucn7w; report-to cf-gqapzzvcukvdgobz

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-08c93229e497ba9db, i-08c93229e497ba9db
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=.A9jnoIJszX1mkYM3.wX.Pv9ofQ5CFnFJRWy.6WcTcU-1726260922-1.0.1.1-vD9zCaaeLvbvg76MYemcmeVSpLMWpSeuGtiDRGVLpIBV9l8qvYAcrr6QTUsP80KwZPRVskx1Gn7LW3PdVZamwbMAQzb.LdGHy0H.g6h6twjZnZiAiERiwBi7e.HEWo.dO.aK9AqNBmglF.GxpiOjefycY8.X1ls.HbxwQsl8qx1khpE7OwK3yCPS1xF9izPPxQ3hMcH1LZoL0C_p0beKLQ; report-to cf-bzhctuqbaaifgdqf, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=M7HAAyFgk_z8OzNAMRx5Wag46GIPAtWoWV9W6K2BM9k-1726260922-1.0.1.1-bpPR4Ejv2Iq_U4pAnTrTA3xbBwLeibLsRu26wgi2vfjo0ZVduN..y7pAkD5HDKOfGb2p6wbMgF7K6raqfoyReHaRIIRECLXezor.J9hwqjXNcl7PZLveWx6PUD2Vj0aZ7iPM1TkLyRtFhNiV5Wor3spBKxcxNLNymrLoHLeRL.KomR8WasejeQtKpdqyVP2SlZBXq7BQJ_5pHiWeOucn7w; report-to cf-gqapzzvcukvdgobz
age: 644391
traceresponse: 00-17f29e8ac551d518eee7c4fa73da187f-c4f4dc2a5a3df87b-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-pdk-kfty2130029-PDK
last-modified: Fri, 06 Sep 2024 08:59:59 GMT
server: cloudflare
x-timer: S1725615926.024477,VS0,VE77
etag: W/"66dac48f-3b3b6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=0QsSNwfWjaRlwhglElDaGrcXDqnW.wAFV7sNA34OBkg-1726260922-1.0.1.1-TOO6HnAqbeWYvzpuPn3B.NcyRwXnM3wECoFCYa0EY4isIeiJWq15rGUlbGQu4.1G4Ve_NQvxg81hqzisUxEr9m85IJ1a9tmJez_95TNPepW_kM6bU9guSK4TjCbYI2p2aCXhzROL9ChlTAt90dHA0YXGLWbZyLPBakT2vPqN13QHOGS5XDiXuxwwOZiE4LB_WWCxpCnJGwFxzGsEt42Gnw"}],"group":"cf-ovwzmefhgsmappii","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=xGegnOBhUdnxjLL_lSq9MkVA4i4dxEPHPfBYh0bZbPQ-1726260922-1.0.1.1-GDTIyS8L3lj.fJNjAfxz3u7i1R5DeRRtrL0hSKXQj2kpK9wRAhTzGIvFnvhYdYSvxEswG2ZyRmQWHYlLEPueMOL3vFKbT0ArQR2HZC0Q8et0FHPzWRLpLUbfhmkQ.mHowOOVMVwDEgzKYe4uVYrxr.faNJ8l09Pse5OX6gM6nQ0T_W0kRAPFhVS._hCe_bvWgxPsC1mmGOj4PhC8MH6PKA"}],"group":"cf-zqbwfroepaqvqxqb","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=.A9jnoIJszX1mkYM3.wX.Pv9ofQ5CFnFJRWy.6WcTcU-1726260922-1.0.1.1-vD9zCaaeLvbvg76MYemcmeVSpLMWpSeuGtiDRGVLpIBV9l8qvYAcrr6QTUsP80KwZPRVskx1Gn7LW3PdVZamwbMAQzb.LdGHy0H.g6h6twjZnZiAiERiwBi7e.HEWo.dO.aK9AqNBmglF.GxpiOjefycY8.X1ls.HbxwQsl8qx1khpE7OwK3yCPS1xF9izPPxQ3hMcH1LZoL0C_p0beKLQ"}],"group":"cf-bzhctuqbaaifgdqf","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=M7HAAyFgk_z8OzNAMRx5Wag46GIPAtWoWV9W6K2BM9k-1726260922-1.0.1.1-bpPR4Ejv2Iq_U4pAnTrTA3xbBwLeibLsRu26wgi2vfjo0ZVduN..y7pAkD5HDKOfGb2p6wbMgF7K6raqfoyReHaRIIRECLXezor.J9hwqjXNcl7PZLveWx6PUD2Vj0aZ7iPM1TkLyRtFhNiV5Wor3spBKxcxNLNymrLoHLeRL.KomR8WasejeQtKpdqyVP2SlZBXq7BQJ_5pHiWeOucn7w"}],"group":"cf-gqapzzvcukvdgobz","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09ae1d97ab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle7.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 646 KB
152 KB 100ms
78ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle7.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c1008cd738a038c47e35e4a70ac961f8f250041436f127ad337f30e8f138610

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=iSMCNbXfhedz9fDmK.RPvHvhURbNv7onhDa88PfMFZo-1726260922-1.0.1.1-cyhI_5FIsNSSJZP7hy4hmnIneBHcRbM9frUQX4DgExXffY6fYRV7XUGh.eCqnx9BT.U3SrfPTzR4CP2czszXILqigo50wDdgr5bjDhNrdsmQjw8g7r4L.wrgKI_Nxity7BI.ZVN1gpohcsvkELGf0UDAoYcIpDcVlfuoIlG71TDXNb0Le5V9nrLhrc..P26ddI6UKTB7LKTn7NAScY.9ew; report-to cf-nepclwpykvfojlcq, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Lph2vEOS4yBjeUoILi48e9JmBsjlTP.L7ufByXELm.8-1726260922-1.0.1.1-DaGhFW.foN0utHlawS_EoriZbnD3OY1VZvCBytS.lDlDCzu2zvID5RpOo32MwF3xcRTt_d3xDTNY7xAzNFUsAonicSUcP9pGU7dw5Db4abRB2WffiOCt2Dfsf23kxhymFKycbZrszyZ6GHmCneMuIROKMae1zRIUaAoQLZHXurRseR_otlZq2FpEz2FIP_EDteFt7.IO_jfWXhbCtukfvg; report-to cf-nvssassmbyoxpqji

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-05fb2acf84a0261d6, i-05fb2acf84a0261d6
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=iSMCNbXfhedz9fDmK.RPvHvhURbNv7onhDa88PfMFZo-1726260922-1.0.1.1-cyhI_5FIsNSSJZP7hy4hmnIneBHcRbM9frUQX4DgExXffY6fYRV7XUGh.eCqnx9BT.U3SrfPTzR4CP2czszXILqigo50wDdgr5bjDhNrdsmQjw8g7r4L.wrgKI_Nxity7BI.ZVN1gpohcsvkELGf0UDAoYcIpDcVlfuoIlG71TDXNb0Le5V9nrLhrc..P26ddI6UKTB7LKTn7NAScY.9ew; report-to cf-nepclwpykvfojlcq, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Lph2vEOS4yBjeUoILi48e9JmBsjlTP.L7ufByXELm.8-1726260922-1.0.1.1-DaGhFW.foN0utHlawS_EoriZbnD3OY1VZvCBytS.lDlDCzu2zvID5RpOo32MwF3xcRTt_d3xDTNY7xAzNFUsAonicSUcP9pGU7dw5Db4abRB2WffiOCt2Dfsf23kxhymFKycbZrszyZ6GHmCneMuIROKMae1zRIUaAoQLZHXurRseR_otlZq2FpEz2FIP_EDteFt7.IO_jfWXhbCtukfvg; report-to cf-nvssassmbyoxpqji
age: 644391
traceresponse: 00-17f29e8ac1ab79096ded9e092cad228d-615bc53778d0f1b7-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000104-IAD
last-modified: Fri, 06 Sep 2024 08:59:59 GMT
server: cloudflare
x-timer: S1725615926.018555,VS0,VE17
etag: W/"66dac48f-21098"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=hyNaiZdGrqQdD4xXMcWkcNdDUH3X34dY1LicLR9JpzQ-1726260922-1.0.1.1-pzwyfV2LiOrqMZHwmwJcM5GXYIWORfE4kRdBBNyJDzmo_461tjnhQiyUFPbdIlbYcG13TyD1khsR68pMYtVv_.OP7XMYGWRfYjHs9mTkXcWDu_TIAFfhOYXEQ9COTAwJuRmKO_8GrYLGpuLa0wUhy1nbe2msAfXU.Kv0_BieMx.qyUkwGK2IjPE3Hx812kj9Uq6vRU89cDZncgI9ukaDPQ"}],"group":"cf-bgsgxbgkwwxnmchb","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=xTNV2KZWjPk1ZpSkEcBuGjacO5i4seb2TNW0BmNsdfs-1726260922-1.0.1.1-85hEcU.XwMxiFsjBzNrf.9_Etb.LHL41evqB7iefBZP5gzuv0TbzVXYNCWN.o.39an4zTYv8P060A1z5xQJ0g_p50_JTDCLoKo5cEhAJfdZZVA2IXXPvSOmVhhc0VItx5vC2UmieW4A64Nk5gQ2JlhTwcZ0eDwPN9d3_LglXyNUEIvM6n03keJEL3yyotI71b9LV5BlZRAH67MlIY5hQfQ"}],"group":"cf-oaducueeefculwgi","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=iSMCNbXfhedz9fDmK.RPvHvhURbNv7onhDa88PfMFZo-1726260922-1.0.1.1-cyhI_5FIsNSSJZP7hy4hmnIneBHcRbM9frUQX4DgExXffY6fYRV7XUGh.eCqnx9BT.U3SrfPTzR4CP2czszXILqigo50wDdgr5bjDhNrdsmQjw8g7r4L.wrgKI_Nxity7BI.ZVN1gpohcsvkELGf0UDAoYcIpDcVlfuoIlG71TDXNb0Le5V9nrLhrc..P26ddI6UKTB7LKTn7NAScY.9ew"}],"group":"cf-nepclwpykvfojlcq","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Lph2vEOS4yBjeUoILi48e9JmBsjlTP.L7ufByXELm.8-1726260922-1.0.1.1-DaGhFW.foN0utHlawS_EoriZbnD3OY1VZvCBytS.lDlDCzu2zvID5RpOo32MwF3xcRTt_d3xDTNY7xAzNFUsAonicSUcP9pGU7dw5Db4abRB2WffiOCt2Dfsf23kxhymFKycbZrszyZ6GHmCneMuIROKMae1zRIUaAoQLZHXurRseR_otlZq2FpEz2FIP_EDteFt7.IO_jfWXhbCtukfvg"}],"group":"cf-nvssassmbyoxpqji","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09af3ea5ab1e-YYZ
x-cache-hits: 0

GET
H3 200 bundle8.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/ 604 KB
98 KB 78ms
67ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js/bundle/bundle8.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7809d3fb875bdae4682226eab4347462f66641e6adb222fff07361ee9d0f5526

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=7eTX57x9kVso.44CAw6SQl._FDn9GItJ_eEf.dXenH8-1726260922-1.0.1.1-L5spY_egEZ0_G5iWp6g1IQOYtZwWjNO5Ak1RfH6k97I2y58WHnopT67FmBTKjjuzcHXgBtU.mDZoBTWJAmBIf5.fP4WcxIU3qWNXItIfnx4UGHnUtszx6BU.tJSDXr1oSaGunP2cjcmi6OCxa3lD7RzFoUmnOLbXDTj5SSoow3wX4fZhQxRgczA04tH_M4hVSARkgYstbF3gunaGTwAOsw; report-to cf-wlextkayxjitwpwo, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=MdylsCG6GCmmZwLHBF_rSlCkM0LFYTls29tB8u3_.Lg-1726260922-1.0.1.1-ohGKLODjz2x6v3BKux5OvMnB4QmSCnsvljpKDOjhOT3OHgAz5XBN9S_r9eSH7_b7fRWikn6DG1vTRAdOA8WKiiPpA0l_1pS3YxxsoBbPpQtVag60FMAa0tlKtf6GT0ucmkLSyLpdRPHa6h.OPVNMNbLVWju2rW2S0aXyHubc4PheWicEdH0uZdtvXm3TASzvm6XkLwrqEgJrhfAmI5EG.g; report-to cf-raubreunmuikjwot

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-05fb2acf84a0261d6, i-05fb2acf84a0261d6
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=7eTX57x9kVso.44CAw6SQl._FDn9GItJ_eEf.dXenH8-1726260922-1.0.1.1-L5spY_egEZ0_G5iWp6g1IQOYtZwWjNO5Ak1RfH6k97I2y58WHnopT67FmBTKjjuzcHXgBtU.mDZoBTWJAmBIf5.fP4WcxIU3qWNXItIfnx4UGHnUtszx6BU.tJSDXr1oSaGunP2cjcmi6OCxa3lD7RzFoUmnOLbXDTj5SSoow3wX4fZhQxRgczA04tH_M4hVSARkgYstbF3gunaGTwAOsw; report-to cf-wlextkayxjitwpwo, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=MdylsCG6GCmmZwLHBF_rSlCkM0LFYTls29tB8u3_.Lg-1726260922-1.0.1.1-ohGKLODjz2x6v3BKux5OvMnB4QmSCnsvljpKDOjhOT3OHgAz5XBN9S_r9eSH7_b7fRWikn6DG1vTRAdOA8WKiiPpA0l_1pS3YxxsoBbPpQtVag60FMAa0tlKtf6GT0ucmkLSyLpdRPHa6h.OPVNMNbLVWju2rW2S0aXyHubc4PheWicEdH0uZdtvXm3TASzvm6XkLwrqEgJrhfAmI5EG.g; report-to cf-raubreunmuikjwot
age: 644391
traceresponse: 00-17f29e8ac23057e2a1ed79d3f208fc25-82802147f8e2b587-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000162-IAD
last-modified: Fri, 06 Sep 2024 08:59:59 GMT
server: cloudflare
x-timer: S1725615926.021891,VS0,VE20
etag: W/"66dac48f-146cd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Nup5w42H_A8CcMSVchWlvV1DaKwlbe49GzWwi134znk-1726260922-1.0.1.1-IN3_yHKQNlFPr4Sj3YEH2AT.j4hJgjq2XPI33J9fstgUmQGyt80u.o5fUbQmSxv7fOMLT06OUiOiBtrRLvDlrhN_3zj3xQmLGdkgM0MPo8EESSCEP_a7hrT4Y1vXPWxl.8VGPHNj9VPyiNegAcccTadmJQMm8jFU5zrJ5AuAcqQEHgFEa7RVwbd0GtMtdSfvFtNq9RyuHH41lVCadHtaDA"}],"group":"cf-garvqlipmupakmzs","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=FMUt4wdTCTMujW4LHPZeu8nBpn0u_GBMqyByjmLgTYw-1726260922-1.0.1.1-x1PrhOJAM6VA4a1JnJTO78x6yXELHQqFEGpiA4kdbeYJCCz0t.bHtr6fD2b2DLk3MtmoG801faocROtKXaElyTb7lRfd1TrHUn6RyLdpT2POH7LNVTLSOJgCWkmeFgNGLyWDgTBK4jFVdbxHO7WzTeaYWhXflk52nmtGrXxAHkKvLSQ1K2Lr94ZqbPNISI4Gi0_Z4H14x4nY14Ma55oB_w"}],"group":"cf-bnvblkgbdijmmfkd","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=7eTX57x9kVso.44CAw6SQl._FDn9GItJ_eEf.dXenH8-1726260922-1.0.1.1-L5spY_egEZ0_G5iWp6g1IQOYtZwWjNO5Ak1RfH6k97I2y58WHnopT67FmBTKjjuzcHXgBtU.mDZoBTWJAmBIf5.fP4WcxIU3qWNXItIfnx4UGHnUtszx6BU.tJSDXr1oSaGunP2cjcmi6OCxa3lD7RzFoUmnOLbXDTj5SSoow3wX4fZhQxRgczA04tH_M4hVSARkgYstbF3gunaGTwAOsw"}],"group":"cf-wlextkayxjitwpwo","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=MdylsCG6GCmmZwLHBF_rSlCkM0LFYTls29tB8u3_.Lg-1726260922-1.0.1.1-ohGKLODjz2x6v3BKux5OvMnB4QmSCnsvljpKDOjhOT3OHgAz5XBN9S_r9eSH7_b7fRWikn6DG1vTRAdOA8WKiiPpA0l_1pS3YxxsoBbPpQtVag60FMAa0tlKtf6GT0ucmkLSyLpdRPHa6h.OPVNMNbLVWju2rW2S0aXyHubc4PheWicEdH0uZdtvXm3TASzvm6XkLwrqEgJrhfAmI5EG.g"}],"group":"cf-raubreunmuikjwot","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09af3ea8ab1e-YYZ
x-cache-hits: 0

GET
H3 200 static.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/mage/requirejs/ 3 KB
10 KB 89ms
77ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/mage/requirejs/static.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5f0cc14ea3f6828ccae339fcb67d02dc6ffc4b40d5682bcd10815a6d9dead0b

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=s1fRtwqt1encoWIgbbjqw6MFn8KGYZakVoIuRLni8FY-1726260922-1.0.1.1-fk.r4dEIwtgzHHk3SCLcOPeLbn_evSOVqz_jmXGSwTrOABA7aDe3327sNLWGeFIPwA2uL7PBpqC.FPhP69tQnCOHZAtINRYuf7wMHf6Ee2mYE9Gg5o4E06_TRcOOj0IiMEYsqR0PVqDHtua.XguEBrwef33m9z.ywn1eyb2s0pwcAgK5mCcWPdbS97ZF_YRrzySy5W3FMWDo2gwTCfIq0Q; report-to cf-snjukuhwfczzptxq, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=k6Cab22ylJR8An_e7wwEcwrnl6ti7oiDVU_Yp0WaHJE-1726260922-1.0.1.1-aiRPwKOxVM5kVdgsqe2V9y_PTqar7YYyR8BMkwainaAWyKIBKmflrB4due6OjujawNf0xPrUPv.TxBpk8BNGA6aGjkqL6IgEhPueLSUvb9I5cgzWGkzzZgwBYOpB_.pv7baZELHGPgIHGtu4DK5ozMMv3cySGMDL4oYBwu8ZTTy7HDEz71ZIn847YZlwTAzM1umP_FwHHnkA2ToSB0Vq_Q; report-to cf-ldlifiduwygefzvj

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-0c294fe8fe2b2ea99, i-0c294fe8fe2b2ea99
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=s1fRtwqt1encoWIgbbjqw6MFn8KGYZakVoIuRLni8FY-1726260922-1.0.1.1-fk.r4dEIwtgzHHk3SCLcOPeLbn_evSOVqz_jmXGSwTrOABA7aDe3327sNLWGeFIPwA2uL7PBpqC.FPhP69tQnCOHZAtINRYuf7wMHf6Ee2mYE9Gg5o4E06_TRcOOj0IiMEYsqR0PVqDHtua.XguEBrwef33m9z.ywn1eyb2s0pwcAgK5mCcWPdbS97ZF_YRrzySy5W3FMWDo2gwTCfIq0Q; report-to cf-snjukuhwfczzptxq, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=k6Cab22ylJR8An_e7wwEcwrnl6ti7oiDVU_Yp0WaHJE-1726260922-1.0.1.1-aiRPwKOxVM5kVdgsqe2V9y_PTqar7YYyR8BMkwainaAWyKIBKmflrB4due6OjujawNf0xPrUPv.TxBpk8BNGA6aGjkqL6IgEhPueLSUvb9I5cgzWGkzzZgwBYOpB_.pv7baZELHGPgIHGtu4DK5ozMMv3cySGMDL4oYBwu8ZTTy7HDEz71ZIn847YZlwTAzM1umP_FwHHnkA2ToSB0Vq_Q; report-to cf-ldlifiduwygefzvj
age: 644391
traceresponse: 00-17f29e8ac5add2c0fd7926bcab31b6af-42cc0b33d8dcb699-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-pdk-kfty2130024-PDK
last-modified: Fri, 06 Sep 2024 08:59:28 GMT
server: cloudflare
x-timer: S1725615926.028862,VS0,VE76
etag: W/"66dac470-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=4G82690.FPvEnXlb6wKRn2gS9zn.HWHgSIXgL2Rm_3c-1726260922-1.0.1.1-OOjqBz3coda60VGjiPNNrNLNdkb8S7t_3WRh_z_4xv5UoIrxXlfDPCDxC50h6OceSVCILBMlfV1Efha7CWhk81AnGM2BVTzd6evfJ2y_XxdsgYwReYsCYp2JfQE_nxoBHLTlq0FDgnBYJLqUoCdMTwOw1V6oNb6K7m3TBeS7ic9xtDvJ.LNdrZuKpcK1yEiOgdut5nIp9Sy6dumATdiRXQ"}],"group":"cf-atieltlbozggwsjl","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=i2cybiUsmSMNrbS8NSdI5MijSzdAPRgsCAHPZZdNuB8-1726260922-1.0.1.1-vpAR.eCWzR2sS7XZW3fY4EFe0EzajWlObB0OOg72Vee8IL8cTybd3.RUkZ7A9Q4UgvxAqse4KAT5UUaFhZl7PB7J.cFDBMbRk56jvtv.C.744ytgODKOjwAE51J4DeZD8S0FPJpvOFV6OZ.vnXSNLEC9lw3kqXWby6gwKGtSkswrysAIHmvSDfrSAm.dg7.PsSkyQNnNR2cQV73iUC8Agg"}],"group":"cf-ukrvyklgzsawnorl","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=s1fRtwqt1encoWIgbbjqw6MFn8KGYZakVoIuRLni8FY-1726260922-1.0.1.1-fk.r4dEIwtgzHHk3SCLcOPeLbn_evSOVqz_jmXGSwTrOABA7aDe3327sNLWGeFIPwA2uL7PBpqC.FPhP69tQnCOHZAtINRYuf7wMHf6Ee2mYE9Gg5o4E06_TRcOOj0IiMEYsqR0PVqDHtua.XguEBrwef33m9z.ywn1eyb2s0pwcAgK5mCcWPdbS97ZF_YRrzySy5W3FMWDo2gwTCfIq0Q"}],"group":"cf-snjukuhwfczzptxq","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=k6Cab22ylJR8An_e7wwEcwrnl6ti7oiDVU_Yp0WaHJE-1726260922-1.0.1.1-aiRPwKOxVM5kVdgsqe2V9y_PTqar7YYyR8BMkwainaAWyKIBKmflrB4due6OjujawNf0xPrUPv.TxBpk8BNGA6aGjkqL6IgEhPueLSUvb9I5cgzWGkzzZgwBYOpB_.pv7baZELHGPgIHGtu4DK5ozMMv3cySGMDL4oYBwu8ZTTy7HDEz71ZIn847YZlwTAzM1umP_FwHHnkA2ToSB0Vq_Q"}],"group":"cf-ldlifiduwygefzvj","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09af3ea9ab1e-YYZ
x-cache-hits: 0

GET
H3 200 mixins.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/mage/requirejs/ 3 KB
10 KB 169ms
157ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/mage/requirejs/mixins.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

889cc2ae424a7a53dcd7aa3e2a72996f6b0d013ac756e9c66222bac3580ab14c

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=nmBmvJdm0g.jhwQZj3FrL9I3Bcb19tMM5Epg5Muibio-1726260922-1.0.1.1-jxBq_se768fRTxcOieLQhbhEuZjyuPCB6s_S8pRRUULCrbEmivz_990QpU3oKmyVviG5i3C5N_SzlqPIpYU0d1W3R9rSW8pENgxyE.hqlCZuVVj_ESFgbGK96pW5gjYN0pOe8pfEcWhdG.4LLXy9gvZFqQxkLR0PrZykkDJS6_orWh5JikRzxg2SsLaOsZEaVAcY6fR8ziXC6TUb6tBnxw; report-to cf-jvknuhegzgcsvvlh, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GEDNM9KrtGh.C89Ay66j_W6DJM0fGO95P1ZTq8YdHqY-1726260922-1.0.1.1-gyhkPJtYbTihiQwcjhGj955xkZ75sq2xd_9fgikpnCFOdvGcrrdt59Up4ynrjTdPt2XVppZFhzJ_bk9CBaMRMWZogkEn6qffsWqbl0kYxG.ZFGTiFcD6a1lzYgKO3K4Wf3fjZvJfNSvFvUyVRu19pJ3hLOcjWVLqtUbB5WCXRK1uBWEpnE46JMDOkifvdEoPevrpxkwwo7odNImrAKxn8A; report-to cf-mzapvsrimdwuhkvl

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-004c2a9b9a8cf70ba, i-004c2a9b9a8cf70ba
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=nmBmvJdm0g.jhwQZj3FrL9I3Bcb19tMM5Epg5Muibio-1726260922-1.0.1.1-jxBq_se768fRTxcOieLQhbhEuZjyuPCB6s_S8pRRUULCrbEmivz_990QpU3oKmyVviG5i3C5N_SzlqPIpYU0d1W3R9rSW8pENgxyE.hqlCZuVVj_ESFgbGK96pW5gjYN0pOe8pfEcWhdG.4LLXy9gvZFqQxkLR0PrZykkDJS6_orWh5JikRzxg2SsLaOsZEaVAcY6fR8ziXC6TUb6tBnxw; report-to cf-jvknuhegzgcsvvlh, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GEDNM9KrtGh.C89Ay66j_W6DJM0fGO95P1ZTq8YdHqY-1726260922-1.0.1.1-gyhkPJtYbTihiQwcjhGj955xkZ75sq2xd_9fgikpnCFOdvGcrrdt59Up4ynrjTdPt2XVppZFhzJ_bk9CBaMRMWZogkEn6qffsWqbl0kYxG.ZFGTiFcD6a1lzYgKO3K4Wf3fjZvJfNSvFvUyVRu19pJ3hLOcjWVLqtUbB5WCXRK1uBWEpnE46JMDOkifvdEoPevrpxkwwo7odNImrAKxn8A; report-to cf-mzapvsrimdwuhkvl
age: 644391
traceresponse: 00-17f29e8ac1de943c2079224cac1731ac-91a6abcb531ca0da-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000030-IAD
last-modified: Fri, 06 Sep 2024 08:59:28 GMT
server: cloudflare
x-timer: S1725615926.018389,VS0,VE17
etag: W/"66dac470-3b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=a8xaQodvqvHfrPs0NnMvqYLq9eUwoY2P3cmz5cki4eM-1726260922-1.0.1.1-yGETf6SxirLHREzANyvI2stwtTtXK9Aki3uQONK9jP7mCc4o32jlaMrvS2hyFAj0WX2AdAo1b.Rmf4d4FJ5OJdVz6QhVL5aVLMiAEshwir.Feah2iOVoAleHliT.9WerYKY4o04jrpGgS6nXzrogfL3SZHcTIwfH1C_9LWnD6m9PsggrtvzyUkVaLdakY_9O.1TPFgvtsfEYgdMnLgvFvw"}],"group":"cf-cuedbypinfedyiux","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=9wllQPBWLP0Rf.r1d.MkUJzLkPtyFF7ak4kTdzFh8kI-1726260922-1.0.1.1-K70UAsPiWiO62M03fSGmc6qxe3IozZOca4nEo1Q1Az.FnDy9ykbr_xQG0M5k4nLPxi4AKshMKbVFaOJPwS1Mj9EK3xhDYKVbXrAjFJPdCbGsgbk60qixqJahxqG2j9EptRsfpOq5psQ3w2yrE3SWCK98XScN4tRCxL6GPgFsXqsCjf1nbX1es8np2iLmKmyBK9nrf3NvCxakLhoQtCZsFA"}],"group":"cf-cnbfpqwtfeupdbjq","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=nmBmvJdm0g.jhwQZj3FrL9I3Bcb19tMM5Epg5Muibio-1726260922-1.0.1.1-jxBq_se768fRTxcOieLQhbhEuZjyuPCB6s_S8pRRUULCrbEmivz_990QpU3oKmyVviG5i3C5N_SzlqPIpYU0d1W3R9rSW8pENgxyE.hqlCZuVVj_ESFgbGK96pW5gjYN0pOe8pfEcWhdG.4LLXy9gvZFqQxkLR0PrZykkDJS6_orWh5JikRzxg2SsLaOsZEaVAcY6fR8ziXC6TUb6tBnxw"}],"group":"cf-jvknuhegzgcsvvlh","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=GEDNM9KrtGh.C89Ay66j_W6DJM0fGO95P1ZTq8YdHqY-1726260922-1.0.1.1-gyhkPJtYbTihiQwcjhGj955xkZ75sq2xd_9fgikpnCFOdvGcrrdt59Up4ynrjTdPt2XVppZFhzJ_bk9CBaMRMWZogkEn6qffsWqbl0kYxG.ZFGTiFcD6a1lzYgKO3K4Wf3fjZvJfNSvFvUyVRu19pJ3hLOcjWVLqtUbB5WCXRK1uBWEpnE46JMDOkifvdEoPevrpxkwwo7odNImrAKxn8A"}],"group":"cf-mzapvsrimdwuhkvl","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09af3eabab1e-YYZ
x-cache-hits: 0

GET
H3 200 requirejs-config.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/ 45 KB
18 KB 175ms
163ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/requirejs-config.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

660b88fbb87791c53d4209b3e6e14c5b4bc680ad45c99a07d6857a5bb7a0b9e5

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Mx_aBbIx_iA_Ol0jkDjwRsi4eE7GHt0oemuSAOZ_4Fs-1726260922-1.0.1.1-LyeJlIMpite3OuHNTrP3p_tsMIyK9gGxsOuVUXx4ekSsjWJZfpNDuctLUFnwSd1R7rcFjI5VjQPsSoGtVZAftkmJuoiu9eYwoHaCrCceTEU0kecZFiG5x2Lir3yTLy7s9PQ244mUC7BmF7t0GqWyJhzCVr0JYa75w17wIfT8BOKzxZbTJ9KliM14Kwp3m4YivbOe6omkTj8D15X1q9xe7Q; report-to cf-xtfxpptybddrvysk, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8L8d.eLdI9arLUC.BGauyKlyB12HdovyKafAd5llfYI-1726260922-1.0.1.1-C9yOaCv0K0KfFBoqHAHRTr52757UpT15xMd4etsATsW6xN17_L3jsw1pLc8920JBlK6peNMV7nnJPm3XbdDWuqlhAzvOTKT3NDofYe4wZHH7e8XNbSH3_9bUniEtv0AJgU_ZEdVS8fuDcOXvQJfIHCShrY42dectfqY8.yIOXx70Yd8sf2LPb39lU6AmjW4SDbXpPD797tDuSEeE7RrUug; report-to cf-nvafffedxblbmytj

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-0c294fe8fe2b2ea99, i-0c294fe8fe2b2ea99
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Mx_aBbIx_iA_Ol0jkDjwRsi4eE7GHt0oemuSAOZ_4Fs-1726260922-1.0.1.1-LyeJlIMpite3OuHNTrP3p_tsMIyK9gGxsOuVUXx4ekSsjWJZfpNDuctLUFnwSd1R7rcFjI5VjQPsSoGtVZAftkmJuoiu9eYwoHaCrCceTEU0kecZFiG5x2Lir3yTLy7s9PQ244mUC7BmF7t0GqWyJhzCVr0JYa75w17wIfT8BOKzxZbTJ9KliM14Kwp3m4YivbOe6omkTj8D15X1q9xe7Q; report-to cf-xtfxpptybddrvysk, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8L8d.eLdI9arLUC.BGauyKlyB12HdovyKafAd5llfYI-1726260922-1.0.1.1-C9yOaCv0K0KfFBoqHAHRTr52757UpT15xMd4etsATsW6xN17_L3jsw1pLc8920JBlK6peNMV7nnJPm3XbdDWuqlhAzvOTKT3NDofYe4wZHH7e8XNbSH3_9bUniEtv0AJgU_ZEdVS8fuDcOXvQJfIHCShrY42dectfqY8.yIOXx70Yd8sf2LPb39lU6AmjW4SDbXpPD797tDuSEeE7RrUug; report-to cf-nvafffedxblbmytj
age: 644391
traceresponse: 00-17f29e8ac18482417aacccf96ab0f945-27ec7faa79a2a021-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000134-IAD
last-modified: Fri, 06 Sep 2024 08:59:49 GMT
server: cloudflare
x-timer: S1725615926.015513,VS0,VE20
etag: W/"66dac485-1fe9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=EYTCAYIxNGUliGCL_lne.iDobJ_zoWPzZeAjr10cAUo-1726260922-1.0.1.1-retgOcAZMigB8j5FzAeTcRDCKMQh2H4Ni3aNPx86Wgzqv.DNmQl27Y3UClzZiUMBQjRm42O2fuTlqYjCPSrd_UNKnSTIpjWGWAoZtfuQP_VysJOdeIaTsfJO.lFeIH7PRfbaGDbSD6GhP37dZtM7SzotnlJdpYK19c1s8YxLOrflGuNGfZGOCx6MJloB0x.TGjD14sV7iMm5w_ut60Op9g"}],"group":"cf-jkchxrbmykpwygft","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=3CtFO2VYV.wr7ryW5zD6FV42ePG1ZwZGLLEA7tm.Da8-1726260922-1.0.1.1-6i1yBet1aYlTtN0UCJlxfr5LcufWvOxlFMLxoyDOhjAeAlWrghuESpTG11MdbB.yut7m77oA3eCM5Qhs7g8LcXd7qNnB51JH5oCaUFX8A6saw_qA8WvfUKofXJN2koNRb1YI4Esd7EJiAismPKzYTgf5cfvaAx2.VKgwGiBu2FtKgagmTyitWURzeFKlyHaqWA7hXTSq.Z3zJWME_emZNg"}],"group":"cf-ewrrhcrbozdmolqc","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Mx_aBbIx_iA_Ol0jkDjwRsi4eE7GHt0oemuSAOZ_4Fs-1726260922-1.0.1.1-LyeJlIMpite3OuHNTrP3p_tsMIyK9gGxsOuVUXx4ekSsjWJZfpNDuctLUFnwSd1R7rcFjI5VjQPsSoGtVZAftkmJuoiu9eYwoHaCrCceTEU0kecZFiG5x2Lir3yTLy7s9PQ244mUC7BmF7t0GqWyJhzCVr0JYa75w17wIfT8BOKzxZbTJ9KliM14Kwp3m4YivbOe6omkTj8D15X1q9xe7Q"}],"group":"cf-xtfxpptybddrvysk","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=8L8d.eLdI9arLUC.BGauyKlyB12HdovyKafAd5llfYI-1726260922-1.0.1.1-C9yOaCv0K0KfFBoqHAHRTr52757UpT15xMd4etsATsW6xN17_L3jsw1pLc8920JBlK6peNMV7nnJPm3XbdDWuqlhAzvOTKT3NDofYe4wZHH7e8XNbSH3_9bUniEtv0AJgU_ZEdVS8fuDcOXvQJfIHCShrY42dectfqY8.yIOXx70Yd8sf2LPb39lU6AmjW4SDbXpPD797tDuSEeE7RrUug"}],"group":"cf-nvafffedxblbmytj","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09af3eacab1e-YYZ
x-cache-hits: 0

GET
H3 200 imageSwitch.min.js Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/RedChamps_ProductGifImages/js/ 1 KB
9 KB 75ms
63ms Script
application/javascript 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/RedChamps_ProductGifImages/js/imageSwitch.min.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05d5ad67a46abbea2c2f9ee2cfb787aa340da2f8e738a6c002d96a4371d14ae7

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=BJQ6HZYktXaAMRNo7EFu4vEa.sw0mHxFKcqfhufJvDE-1726260922-1.0.1.1-mwM1h74RzkaqItBBsq3_n5hd2d5GF.5qdOILMrK8o3wPLKuHt1011bMhjK2OxJsQkL9rIglMkMdVjIkrx9K8tojlih80wILbVGC.Ib4D9IS98aPGxCqwGFmMBjR254VVCaB1dy9mf0YSnZ4HZspbRDjTBHKmd9hMuzyyjgeGYUO9GE3ElfG314a6siVDd66t3oNoPWH_y6EwfrCp9mQQug; report-to cf-kyvzddafqdvjkoet, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=fnidgd.6hXBB3SlR6m3akx.C9fKGG4Ab8DXahDPI_ng-1726260922-1.0.1.1-A2faPnbN1AkI726p6fkMN_Yx4i7Z5uuozVuSPA__uyIqB5iE4cIOQEdvM69o9rlVrTbhTxwxd._GFHfhYaR_p6GWooB_ysAB5r89T0ofhHpodFOwhn_vembZUQ0hucpqEUFIdyYflKBviMf0jTLquHurUDxQRYMjdxNr3Y0Uc9VrmYqD9eZB5DgUVgBm5jHf8GQLJPT0xjleXEuG4fbncQ; report-to cf-kjhjzldsnxihlsxd

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:22 GMT
date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-004c2a9b9a8cf70ba, i-004c2a9b9a8cf70ba
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=BJQ6HZYktXaAMRNo7EFu4vEa.sw0mHxFKcqfhufJvDE-1726260922-1.0.1.1-mwM1h74RzkaqItBBsq3_n5hd2d5GF.5qdOILMrK8o3wPLKuHt1011bMhjK2OxJsQkL9rIglMkMdVjIkrx9K8tojlih80wILbVGC.Ib4D9IS98aPGxCqwGFmMBjR254VVCaB1dy9mf0YSnZ4HZspbRDjTBHKmd9hMuzyyjgeGYUO9GE3ElfG314a6siVDd66t3oNoPWH_y6EwfrCp9mQQug; report-to cf-kyvzddafqdvjkoet, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=fnidgd.6hXBB3SlR6m3akx.C9fKGG4Ab8DXahDPI_ng-1726260922-1.0.1.1-A2faPnbN1AkI726p6fkMN_Yx4i7Z5uuozVuSPA__uyIqB5iE4cIOQEdvM69o9rlVrTbhTxwxd._GFHfhYaR_p6GWooB_ysAB5r89T0ofhHpodFOwhn_vembZUQ0hucpqEUFIdyYflKBviMf0jTLquHurUDxQRYMjdxNr3Y0Uc9VrmYqD9eZB5DgUVgBm5jHf8GQLJPT0xjleXEuG4fbncQ; report-to cf-kjhjzldsnxihlsxd
age: 644391
traceresponse: 00-17f29e8ac6b7d4764e26b250fa7f6b40-8f36dd22765e3f1a-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-pdk-kpdk1780144-PDK
last-modified: Fri, 06 Sep 2024 08:59:43 GMT
server: cloudflare
x-timer: S1725615926.054572,VS0,VE74
etag: W/"66dac47f-1b7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=fcPRBwg.tJEeuUku.p.eNmT21LNB6AOHVitwLxuqBUc-1726260922-1.0.1.1-GvnNyAFs58UIW1V44V.73H5AfNFYG96FTR9sOoSznDdI8aLrKbbO7loHUeZnBH_GE1hRoVm2ZuMfTfpjswRona2rimmmXe528rDI4.3EM9_gDEs5uryhx972t9a.UVtaejFYHFux0dqqdppiuttZQx3yeI.NFpWd7p1n34h9voU.yybC9inKA5zNGxczGh1GnGHdNStxQvuuleeAn61PyQ"}],"group":"cf-csjivgsmviavclpu","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=pf8oS1C72pcV8t39B3K6KQxke4IqBv8iy1nA0W2ico0-1726260922-1.0.1.1-HueHxHsoRt9mj30MkzE7JgwLvBpur.TYu9Tlz_cK2Jw8KsiDHIn3ZVVor08FM4dbRPAOhoOI5em.vpKTSmSwzXmDtmXg2Yf5FGE_cb1dqkX.y2CB44DoazFdfNaxTYirOX2eaFdCNKUrLYHV3d6s3MI55BccodUzvYaXmmQqLhLErmr7R2Cvvrsd4g4xVN8Yqy2iZKHOJGemO8BZQ0wz_g"}],"group":"cf-nzsicubrfatdqerc","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=BJQ6HZYktXaAMRNo7EFu4vEa.sw0mHxFKcqfhufJvDE-1726260922-1.0.1.1-mwM1h74RzkaqItBBsq3_n5hd2d5GF.5qdOILMrK8o3wPLKuHt1011bMhjK2OxJsQkL9rIglMkMdVjIkrx9K8tojlih80wILbVGC.Ib4D9IS98aPGxCqwGFmMBjR254VVCaB1dy9mf0YSnZ4HZspbRDjTBHKmd9hMuzyyjgeGYUO9GE3ElfG314a6siVDd66t3oNoPWH_y6EwfrCp9mQQug"}],"group":"cf-kyvzddafqdvjkoet","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=fnidgd.6hXBB3SlR6m3akx.C9fKGG4Ab8DXahDPI_ng-1726260922-1.0.1.1-A2faPnbN1AkI726p6fkMN_Yx4i7Z5uuozVuSPA__uyIqB5iE4cIOQEdvM69o9rlVrTbhTxwxd._GFHfhYaR_p6GWooB_ysAB5r89T0ofhHpodFOwhn_vembZUQ0hucpqEUFIdyYflKBviMf0jTLquHurUDxQRYMjdxNr3Y0Uc9VrmYqD9eZB5DgUVgBm5jHf8GQLJPT0xjleXEuG4fbncQ"}],"group":"cf-kjhjzldsnxihlsxd","max_age":86400}
content-type: application/javascript
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09af3eb0ab1e-YYZ
x-cache-hits: 0

GET
H2 200 polyfill.min.js Show response
cdnjs.cloudflare.com/polyfill/v3/ 104 B
767 B 148ms
25ms Script
text/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js?version=3.111.0&features=default%2CArray.prototype.includes%2CPromise

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:22 GMT
strict-transport-security: max-age=15780000
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1849173
alt-svc: h3=":443"; ma=86400
x-compress-hint: on
last-modified: Fri, 23 Aug 2024 11:15:49 GMT
server: cloudflare
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DvDrgJTzAaTK6Ftr6NAUcLycvNIhW6WRMFS9kxQnFx5jO50UWB1hKTr9V6wpJd%2Bf9FgZvSk0KiDiZ54TNxm2t2PV9JvK4z1v6ukut7SX0bqj0bU4ifpMdW18XtArEuuFQOTfGid4%2F26yqpgE18H6Rp4p"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-polyfill-version: 3.111.0
cf-ray: 8c2b09afea27a2db-YUL
expires: Fri, 20 Sep 2024 20:55:22 GMT

GET
H2 200 klaviyo.js Show response
static.klaviyo.com/onsite/js/ 8 KB
3 KB 139ms
20ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WZkk5e

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5cbcb51e74bb74a0b0cefac08607d82ad5902ee9a6169d96eb0e43b7d9ba88b6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:22 GMT
age: 588
x-cache: HIT, HIT
content-length: 2355
x-served-by: cache-lga21949-LGA, cache-yul1970027-YUL
server: nginx
x-timer: S1726260923.867576,VS0,VE1
etag: "c6a0cdd8be54e48fbf3784e72136a9f4"
allow: GET, OPTIONS
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
content-language: en-us
cache-control: max-age=1, stale-while-revalidate=10800, stale-if-error=86400
access-control-allow-credentials: true
content-type: application/javascript
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers
x-cache-hits: 11, 1

GET
H2 200 notice Show response
consent.trustarc.com/ 34 KB
11 KB 181ms
101ms Script
text/javascript 18.238.49.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=www.oxo.com&c=teconsent&js=nj&noticeType=bb&text=true&gtm=true&privacypolicylink=https%3A%2F%2Fwww.oxo.com%2Fprivacy

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.49.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-49-62.jfk52.r.cloudfront.net

Software

Resource Hash

216e59a83bf1438780c20e779bd737fecbce5304ee153ca7602ce1af152b462b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:22 GMT
content-encoding: gzip
via: 1.1 e3d2c542026df7b9357e3b591c889f64.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK52-P3
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=3600
x-amz-cf-id: EReZsaDCqwUvrQ9uEV5DY8Uf9xf7R59p50QOzxKXvMdN29mLzJeZfg==

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 161ms
43ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:22 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
server: cloudflare
etag: W/"2024.6.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8c2b09afe98fa26d-YUL

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 194 KB
69 KB 182ms
64ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W6MC5J58

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d6fe7fa366572680402e0efb5cffe25ef8e67497e71e1e2539c552507dc27c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70687
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 19:15:34 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 13 Sep 2024 20:55:22 GMT

GET
H2 200 configure.rapid.js Show response
qoe-1.yottaa.net/api/v1/ 8 KB
2 KB 255ms
81ms XHR
text/javascript 204.2.133.136
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/api/v1/configure.rapid.js?key=bdWgmLaioz2oPA&ul=en-CA&dl=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA&dt=&sd=24&sr=1600,1200&vp=1600,1200&ct=4g&rtt=100
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.2.133.136 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 2429d86f3024682282e29e56d0a25f44a7bf1d77426954f25dacc6e706b0fbc1

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:22 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
x-yottaa-optstate: active
timing-allow-origin: *

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 136ms
25ms Stylesheet
text/css 2600:141b:1c00:8::1728:b323
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=csd4kkg&ht=tk&f=10879.10881.10882.10884.10885.15586.32874.32875&a=163302954&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/csd4kkg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b323 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:22 GMT
last-modified: Sun, 10 Mar 2024 12:44:13 GMT
server: nginx
etag: "65edab1d-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 l
use.typekit.net/af/9b05f3/000000000000000000013365/27/ 50 KB
51 KB 106ms
33ms Font
application/font-woff2 2600:141b:1c00:8::1728:b32c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9b05f3/000000000000000000013365/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/csd4kkg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b32c Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 96b67419d2538b42413797739000601d5884a81872b8346559c04770100a29fb

Request headers

Referer: https://use.typekit.net/csd4kkg.css
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
server: nginx
etag: "22520917f01d8d34c0dcc1417c749962b8a47011"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 51524

GET
H2 200 l
use.typekit.net/af/309dfe/000000000000000000010091/27/ 42 KB
42 KB 106ms
33ms Font
application/font-woff2 2600:141b:1c00:8::1728:b32c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/309dfe/000000000000000000010091/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/csd4kkg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b32c Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 04dd88ec3632bfd618a21c8657d6faf685a33fde9d3bf3c7e0e43ce9f517c55d

Request headers

Referer: https://use.typekit.net/csd4kkg.css
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
server: nginx
etag: "e7811049bfa1845589c42f0b31c9740a16cee93a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 43076

GET
H2 200 l
use.typekit.net/af/c4c302/000000000000000000012192/27/ 37 KB
37 KB 130ms
57ms Font
application/font-woff2 2600:141b:1c00:8::1728:b32c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/c4c302/000000000000000000012192/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/csd4kkg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b32c Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: ede1e92420014b36965595bc4e534bd9539d3a479049757c948656e0693ca713

Request headers

Referer: https://use.typekit.net/csd4kkg.css
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
server: nginx
etag: "4ebc5ff8cdca4d1fd1cc372a566245315efad524"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 37492

GET
H3 200 icomoon.ttf
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/fonts/icomoon/ 25 KB
34 KB 59ms
58ms Font
application/octet-stream 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/fonts/icomoon/icomoon.ttf?uou7s9

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/css/styles.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

741bb7b767cbba5176971859d93cc980b80732b1385e1420a888872821878f2c

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZxPhAeHjrh3rJMOrNluTDAf0zPKpQK2lY3UV6XO1mt0-1726260923-1.0.1.1-sZ36aXf4IXWG9BPcRIz5DRFcADmKfpopGrTgPeebXHzx8m1654gJ3mWLXZ3c1k7JQjRqynwIbd7qacYhamwVKhXHpwPlpWpwsMdO.rMdnW_k21qKubi3eDsSJMbloNtv0ZQ7VxQeLlGcK4k3HacVPubKlj7oSc.Cp9zPdL._UsllQqhF3JQa86RcMWxl2WWA1CfgLizePZ0JD9VmNU.J7w; report-to cf-zvlqipesvhputoio, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4a0oEfEuWPVbkJ8jPh.LFvNjjtc1QpL8KH9WrHY3_F4-1726260923-1.0.1.1-jxZHbbAPRXF9BbzM52JroXl0w1jE3Y.zeuboZA5dsEUCj5TE6dAaPi_Jf3uG5g_9xAhvfyOnwPL.xSD8pW6McRY6T5z1shHAcGEh53KGbcLpdryBo2Qt_iE7vmwL4D9HV4heMr07KdERA_a5fh4EmA2FsUXZDQIVhPfeW9Vd4ip0X7hOwbtUre_u7la6v_cTDgts3te47galoKIXlUz9Ow; report-to cf-nrylpwhfdjixcqyv

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/css/styles.min.css
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:23 GMT
strict-transport-security: max-age=31557600
cf-cache-status: HIT
x-platform-server: i-0ec55145e3d5f3f7e, i-0ec55145e3d5f3f7e
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZxPhAeHjrh3rJMOrNluTDAf0zPKpQK2lY3UV6XO1mt0-1726260923-1.0.1.1-sZ36aXf4IXWG9BPcRIz5DRFcADmKfpopGrTgPeebXHzx8m1654gJ3mWLXZ3c1k7JQjRqynwIbd7qacYhamwVKhXHpwPlpWpwsMdO.rMdnW_k21qKubi3eDsSJMbloNtv0ZQ7VxQeLlGcK4k3HacVPubKlj7oSc.Cp9zPdL._UsllQqhF3JQa86RcMWxl2WWA1CfgLizePZ0JD9VmNU.J7w; report-to cf-zvlqipesvhputoio, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4a0oEfEuWPVbkJ8jPh.LFvNjjtc1QpL8KH9WrHY3_F4-1726260923-1.0.1.1-jxZHbbAPRXF9BbzM52JroXl0w1jE3Y.zeuboZA5dsEUCj5TE6dAaPi_Jf3uG5g_9xAhvfyOnwPL.xSD8pW6McRY6T5z1shHAcGEh53KGbcLpdryBo2Qt_iE7vmwL4D9HV4heMr07KdERA_a5fh4EmA2FsUXZDQIVhPfeW9Vd4ip0X7hOwbtUre_u7la6v_cTDgts3te47galoKIXlUz9Ow; report-to cf-nrylpwhfdjixcqyv
age: 644392
traceresponse: 00-17f29e8aefeaec8e221ca7a2eee49be6-92e4719d433e5074-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 25452
x-served-by: cache-iad-kiad7000061-IAD
last-modified: Fri, 06 Sep 2024 08:59:46 GMT
server: cloudflare
x-timer: S1725615927.801094,VS0,VE6
etag: "66dac482-636c"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET,HEAD,POST,OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=9uGq0SXpnYJSdZAOjxoAqoUgiEpN0JGIabyhZ4ybuMY-1726260923-1.0.1.1-hrcHxi7wDQcin0xWw_6nixSjJ5b5UBDM_QwZZdEqZSuqKEtbxnnVwBZ_YkDYTtLpF1JLGimJzMVuVRQ1hbMwnTN1OQZY97BSQqjhjTP55Ii5R6i5qDx_z3D1Mt.ngz974lIEVa0Tqy7YQEB78.vZfOOvoluGAOTnPZWeBa2vJ3ZPfAVZtyOWySH_m5j2m7HjTx2EmrfZAO3xN50GghAw0g"}],"group":"cf-npmavupslldlmrjv","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=8C8G625C5njvadwT3UpFJPtZg_5j5nYV25sBJ3Unt64-1726260923-1.0.1.1-STc2QSF5ovUGY_r4BXBcSnBJ8goUNJp0IiCtcXECaRcNG2qUQR4OCR2UB8gWlZ5onl0WsKWBXWihS0KPsOLeKcHXK2.u4jZFPkD1OWygAg5mpHhFwlY7A2E92DymlsQgpSGs4dN7SsJqYlKCE6NX0y.SX2wqbll8gSCL6sYN70niW_UluQPKuz1NE847JPfrR2sEaYDhJdfdJAk3GtVKyg"}],"group":"cf-tsfucoqkmdjzyfji","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ZxPhAeHjrh3rJMOrNluTDAf0zPKpQK2lY3UV6XO1mt0-1726260923-1.0.1.1-sZ36aXf4IXWG9BPcRIz5DRFcADmKfpopGrTgPeebXHzx8m1654gJ3mWLXZ3c1k7JQjRqynwIbd7qacYhamwVKhXHpwPlpWpwsMdO.rMdnW_k21qKubi3eDsSJMbloNtv0ZQ7VxQeLlGcK4k3HacVPubKlj7oSc.Cp9zPdL._UsllQqhF3JQa86RcMWxl2WWA1CfgLizePZ0JD9VmNU.J7w"}],"group":"cf-zvlqipesvhputoio","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=4a0oEfEuWPVbkJ8jPh.LFvNjjtc1QpL8KH9WrHY3_F4-1726260923-1.0.1.1-jxZHbbAPRXF9BbzM52JroXl0w1jE3Y.zeuboZA5dsEUCj5TE6dAaPi_Jf3uG5g_9xAhvfyOnwPL.xSD8pW6McRY6T5z1shHAcGEh53KGbcLpdryBo2Qt_iE7vmwL4D9HV4heMr07KdERA_a5fh4EmA2FsUXZDQIVhPfeW9Vd4ip0X7hOwbtUre_u7la6v_cTDgts3te47galoKIXlUz9Ow"}],"group":"cf-nrylpwhfdjixcqyv","max_age":86400}
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09b0aff7ab1e-YYZ
expires: Sat, 13 Sep 2025 20:55:23 GMT

GET
H3 200 icomoon.ttf
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/fonts/oxo-icons/ 1 KB
10 KB 63ms
62ms Font
application/octet-stream 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/fonts/oxo-icons/icomoon.ttf?fvl3pm

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/css/styles.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb075186f60d57a2eb6a67b214fe5a9f46443693e312ef701b0edf308a2abd6e

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=tmp_0xpga.LQeQ4k_uGHcZb_VzDLlXZPXvYOTtIod5g-1726260923-1.0.1.1-jKPR6aESzsu5e7oWZGTuRWpitqwtYRt.J5KaWkmK54RZMUX2dr8Ic8MR8gXbGqyIzBv2FVrCUnTbkielMhsUO2EqmccSlq1No5QClcDdRnUi27fYK7Yw5jVK25rz4Hw4O4W5jvhRvZUcjnrKZNlvY91VpHGHxqn4WWtRcUy8V0ZBCe7kTezXn4PZCrdNHa6xXAzZ9HVxWvu_laKO7_SvjA; report-to cf-gevhhqaiexzkmubi, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=U8asgCzNPK5SDRVPVQK6zcmNMXDntxyqgUrWDeFqL1Y-1726260923-1.0.1.1-1pSWZUMO8EFQ9mbtF3hbABoSZvsPeVlfloKNoP87bzhqQmYIcx4SFKypcnd9cBoRnd87Zgs_0F.dN5sCH3kU9ljWAz3QSZn0U_m68..vstAA6Wt37gjm1xovzSHsIa1dw3lUmK0KWkfN.QEkbuT5IfCozv4rlRSVOxkU4ZeoaLUpwShJ0FqSK2gjw8OhV2iX9lRhtM8GOQrnDqYjxSm9Ow; report-to cf-zjlvlmsudhlfhssv

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/css/styles.min.css
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:23 GMT
strict-transport-security: max-age=31557600
cf-cache-status: HIT
x-platform-server: i-0c294fe8fe2b2ea99, i-0c294fe8fe2b2ea99
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=tmp_0xpga.LQeQ4k_uGHcZb_VzDLlXZPXvYOTtIod5g-1726260923-1.0.1.1-jKPR6aESzsu5e7oWZGTuRWpitqwtYRt.J5KaWkmK54RZMUX2dr8Ic8MR8gXbGqyIzBv2FVrCUnTbkielMhsUO2EqmccSlq1No5QClcDdRnUi27fYK7Yw5jVK25rz4Hw4O4W5jvhRvZUcjnrKZNlvY91VpHGHxqn4WWtRcUy8V0ZBCe7kTezXn4PZCrdNHa6xXAzZ9HVxWvu_laKO7_SvjA; report-to cf-gevhhqaiexzkmubi, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=U8asgCzNPK5SDRVPVQK6zcmNMXDntxyqgUrWDeFqL1Y-1726260923-1.0.1.1-1pSWZUMO8EFQ9mbtF3hbABoSZvsPeVlfloKNoP87bzhqQmYIcx4SFKypcnd9cBoRnd87Zgs_0F.dN5sCH3kU9ljWAz3QSZn0U_m68..vstAA6Wt37gjm1xovzSHsIa1dw3lUmK0KWkfN.QEkbuT5IfCozv4rlRSVOxkU4ZeoaLUpwShJ0FqSK2gjw8OhV2iX9lRhtM8GOQrnDqYjxSm9Ow; report-to cf-zjlvlmsudhlfhssv
age: 644392
traceresponse: 00-17f29e8cabfdf454766d29b29bcd54af-7251d939110715f6-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 1348
x-served-by: cache-iad-kiad7000139-IAD
last-modified: Fri, 06 Sep 2024 08:59:46 GMT
server: cloudflare
x-timer: S1725615934.250924,VS0,VE7
etag: "66dac482-544"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET,HEAD,POST,OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=inzBFJmai36XeOVEp7.CKXrSqfwaxogW7uzaEsTTrKs-1726260923-1.0.1.1-LuURuIxbOnXtCUM8R2IylSwqlqoBCIlUsLMVZCzLjHlMbehBF3BTtQ5m253zZPM_NaRAdzfWaJZ9lEuP9Qn.S2hsIfbF40yWTkkdqqC0MKkgu1enN14AzXpgO0UNWpsz2QQRa9wtUBVEEElNmq1WOBnxrzoFjnK64lZxSRzUF6AbY7lg9fugLFgAjR_bS3befE96bQpzGZ0rqfimXVBVBw"}],"group":"cf-nycfpbghnztcfkrs","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Y91839kWapNqFxAA03y8s6I66WLQbfwzraKdZG2k3B0-1726260923-1.0.1.1-C8uFQdm9S9m8bGpPKnvRq78nGksMXbBrak1jnjdKwHwSVuxFhZ.J.M.qzop.YhASQSLJcVreqXd83xmfNTueNyZP.W90xHLgHEf0RRZalP2SU2IKhkw5s.ZaUlUhDJmqPCGMEOgH4WfU28jImf3oV.uH6OeOAm9REoAglIc.fnrsXEFEiaZlB_ysRYWrWyBCZojYREe8lg8BeAjV4AfNLw"}],"group":"cf-ciduimtwyuxseslt","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=tmp_0xpga.LQeQ4k_uGHcZb_VzDLlXZPXvYOTtIod5g-1726260923-1.0.1.1-jKPR6aESzsu5e7oWZGTuRWpitqwtYRt.J5KaWkmK54RZMUX2dr8Ic8MR8gXbGqyIzBv2FVrCUnTbkielMhsUO2EqmccSlq1No5QClcDdRnUi27fYK7Yw5jVK25rz4Hw4O4W5jvhRvZUcjnrKZNlvY91VpHGHxqn4WWtRcUy8V0ZBCe7kTezXn4PZCrdNHa6xXAzZ9HVxWvu_laKO7_SvjA"}],"group":"cf-gevhhqaiexzkmubi","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=U8asgCzNPK5SDRVPVQK6zcmNMXDntxyqgUrWDeFqL1Y-1726260923-1.0.1.1-1pSWZUMO8EFQ9mbtF3hbABoSZvsPeVlfloKNoP87bzhqQmYIcx4SFKypcnd9cBoRnd87Zgs_0F.dN5sCH3kU9ljWAz3QSZn0U_m68..vstAA6Wt37gjm1xovzSHsIa1dw3lUmK0KWkfN.QEkbuT5IfCozv4rlRSVOxkU4ZeoaLUpwShJ0FqSK2gjw8OhV2iX9lRhtM8GOQrnDqYjxSm9Ow"}],"group":"cf-zjlvlmsudhlfhssv","max_age":86400}
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09b0aff9ab1e-YYZ
expires: Sat, 13 Sep 2025 20:55:23 GMT

GET
H3 200 logo-white.svg
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/images/logo/ 2 KB
10 KB 57ms
55ms Image
image/svg+xml 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/images/logo/logo-white.svg

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af37a4f29c1102161e4aacadfb271176e6ed0e4f9aa8f20f6221cfe5785fcd3c

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=pzwJzLEQVH3iAZ5fgR5vCxVO02qWc_pJ9EPVZ3IVcHU-1726260923-1.0.1.1-VFuKqAnTkQ9TpW0etitxtVc7r6rh6UTyhV_vPrrW68aybyzjK.kMxKVPLxtZNOJafHy2idsMnZc182jufLqik1v5l0aeza4lGrpTnOQZypSRoTexhgv_z43kJTlQSj0MF_yCURqkmR1CRJMhv_XIkhQkLtK.j_tt9dqFBN36JxPpoXJ5LhJ0keuRuHfcGk86X9XkXuNaqyMweCpubK8bxg; report-to cf-msfqunpdjvvnvunz, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=oFE5AfkX5_XTv0IH7jWXE2NnrTs83cyhsPcuYqtOHEQ-1726260923-1.0.1.1-dubku0oRn411OKDnHcDALC7pFIxtmUt.fwpRmfgmLVH4rsh3Na359oR1zsfyaOkAM8haggQ4_WtbayAoligUA3FA9omsmz3pEZFi3L57RtEHoNgT9K.srOvvPGPEjP2X8Ox3BxHd9oDp868N0DXvnx3dkvwVyOmZb4E2y3RWieRCayc8dCdNuCZndIor.40aPaIo7vo08dvIuBNAnMHiGw; report-to cf-zwhoclpxiftniobu

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:23 GMT
date: Fri, 13 Sep 2024 20:55:23 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-05fb2acf84a0261d6, i-05fb2acf84a0261d6
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=pzwJzLEQVH3iAZ5fgR5vCxVO02qWc_pJ9EPVZ3IVcHU-1726260923-1.0.1.1-VFuKqAnTkQ9TpW0etitxtVc7r6rh6UTyhV_vPrrW68aybyzjK.kMxKVPLxtZNOJafHy2idsMnZc182jufLqik1v5l0aeza4lGrpTnOQZypSRoTexhgv_z43kJTlQSj0MF_yCURqkmR1CRJMhv_XIkhQkLtK.j_tt9dqFBN36JxPpoXJ5LhJ0keuRuHfcGk86X9XkXuNaqyMweCpubK8bxg; report-to cf-msfqunpdjvvnvunz, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=oFE5AfkX5_XTv0IH7jWXE2NnrTs83cyhsPcuYqtOHEQ-1726260923-1.0.1.1-dubku0oRn411OKDnHcDALC7pFIxtmUt.fwpRmfgmLVH4rsh3Na359oR1zsfyaOkAM8haggQ4_WtbayAoligUA3FA9omsmz3pEZFi3L57RtEHoNgT9K.srOvvPGPEjP2X8Ox3BxHd9oDp868N0DXvnx3dkvwVyOmZb4E2y3RWieRCayc8dCdNuCZndIor.40aPaIo7vo08dvIuBNAnMHiGw; report-to cf-zwhoclpxiftniobu
age: 643398
traceresponse: 00-17f29e8b0158ec69524a8dd351fa854d-555ec0c9f12930ae-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-iad-kiad7000080-IAD
last-modified: Fri, 06 Sep 2024 08:59:46 GMT
server: cloudflare
x-timer: S1725615927.091463,VS0,VE10
etag: W/"66dac482-3e3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=yWDTOLBZvcnAAvbc40UPwKslSkrE281xObq0caTklkw-1726260923-1.0.1.1-cGdvOSl6DQMrIt2evrp9uSx2IYyYMJEU44lloeTzTJpbe49QoZMiDF3Nqo45jmznXXOR9iVQIuHTZa1tCs3qisKaXe3LeVNabihjZkwlsO5984SOBiJ9ghMfPt6JxBCm3hSNOPGMYcwimCwqHZnci53TGZps8GaiJrE3.HktZxA2En.SgecgFnhm752mHuJrI5C7LRunhMKukWs7dobyHw"}],"group":"cf-rknideqzleqhlbly","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=redagoFWVrNOBsJMdDcwc7kdd_UsOD4n4cWtNPLN7VI-1726260923-1.0.1.1-xnnj0z2.7As7w_uMRUgqmtwK5OHA_ZlXzz0YuKG9_3hC9V1gmKr9ZaNaxe23kLKDGRR9LSvpPTcbaMJ4TxY_Eb.rZ.imojMs5gCvuIf_HNWh2hluujWEPKFm2L03W1D5gqvJElC0Hn7a2BbGyvT7dc6.XvAVqW3A.dV3HUlQPW3ZZKTdg6y1Gjgz30ObA4jyXhTjyXdJM.dUSmqHDjxmSQ"}],"group":"cf-lwkvqazovohhtppd","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=pzwJzLEQVH3iAZ5fgR5vCxVO02qWc_pJ9EPVZ3IVcHU-1726260923-1.0.1.1-VFuKqAnTkQ9TpW0etitxtVc7r6rh6UTyhV_vPrrW68aybyzjK.kMxKVPLxtZNOJafHy2idsMnZc182jufLqik1v5l0aeza4lGrpTnOQZypSRoTexhgv_z43kJTlQSj0MF_yCURqkmR1CRJMhv_XIkhQkLtK.j_tt9dqFBN36JxPpoXJ5LhJ0keuRuHfcGk86X9XkXuNaqyMweCpubK8bxg"}],"group":"cf-msfqunpdjvvnvunz","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=oFE5AfkX5_XTv0IH7jWXE2NnrTs83cyhsPcuYqtOHEQ-1726260923-1.0.1.1-dubku0oRn411OKDnHcDALC7pFIxtmUt.fwpRmfgmLVH4rsh3Na359oR1zsfyaOkAM8haggQ4_WtbayAoligUA3FA9omsmz3pEZFi3L57RtEHoNgT9K.srOvvPGPEjP2X8Ox3BxHd9oDp868N0DXvnx3dkvwVyOmZb4E2y3RWieRCayc8dCdNuCZndIor.40aPaIo7vo08dvIuBNAnMHiGw"}],"group":"cf-zwhoclpxiftniobu","max_age":86400}
content-type: image/svg+xml
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09b09ff0ab1e-YYZ
x-cache-hits: 0

GET
H3 200 accessibility_icon.svg
www.oxo.com/media/wysiwyg/footer/ 3 KB
10 KB 64ms
60ms Image
image/svg+xml 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.oxo.com/media/wysiwyg/footer/accessibility_icon.svg

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edebce51607e8abee169a5973d544fd6a0ec126e40c11832f89e4e369fb6ad93

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=G3yjtE5i9A48NdOlaDLE4wJiM5cg8hAc7XymSBF7w0o-1726260923-1.0.1.1-lLuWvUQmIYqBFERyVTiXE1a9bIJZJbC1InwtKAqFSNYDJzALOKsVFp3x_rRpIpj29mxnbXCisAXynfx58qGHi3bjNcfhgnxFIJ7t8pMF1229cxuxgwsfKz.wca2TPBr805hrX4EUqtkjx7rI1E1IxE762YR7sJqQkHFj7zWTA2oyvK6RKOIhP6EKV71XP19rQMdWM9T4Lbgb3O0R61ZePQ; report-to cf-fbwlceckxwlounkg, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=P413i6BrHyusyHIFT1Dao1324SPSUcjKeaMTOgdn1kc-1726260923-1.0.1.1-5NpT.NFA4y_ZMCWwKUnYt8KsUw22x6VemWrkNk59HBIDBeIcFSAYFbAUFn0IGOsv07bKTNO9.hQTYmYSXn0P_FRzh5PvSlSZwoaUB.ES_0QXyJO9nSdeWIC8aA99gVE6zLA.C844lk0macZXCUoK6HyLsQl9SN2uICROIiD5sqwwO0QNPBDRv6JxnEF7R_TPQ3zU7z8c6dkta3rNvMDPOw; report-to cf-ozohxlbrgkjiqaxw

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sat, 13 Sep 2025 20:55:23 GMT
date: Fri, 13 Sep 2024 20:55:23 GMT
strict-transport-security: max-age=31557600
content-encoding: br
cf-cache-status: HIT
x-platform-server: i-08c93229e497ba9db, i-08c93229e497ba9db
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=G3yjtE5i9A48NdOlaDLE4wJiM5cg8hAc7XymSBF7w0o-1726260923-1.0.1.1-lLuWvUQmIYqBFERyVTiXE1a9bIJZJbC1InwtKAqFSNYDJzALOKsVFp3x_rRpIpj29mxnbXCisAXynfx58qGHi3bjNcfhgnxFIJ7t8pMF1229cxuxgwsfKz.wca2TPBr805hrX4EUqtkjx7rI1E1IxE762YR7sJqQkHFj7zWTA2oyvK6RKOIhP6EKV71XP19rQMdWM9T4Lbgb3O0R61ZePQ; report-to cf-fbwlceckxwlounkg, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=P413i6BrHyusyHIFT1Dao1324SPSUcjKeaMTOgdn1kc-1726260923-1.0.1.1-5NpT.NFA4y_ZMCWwKUnYt8KsUw22x6VemWrkNk59HBIDBeIcFSAYFbAUFn0IGOsv07bKTNO9.hQTYmYSXn0P_FRzh5PvSlSZwoaUB.ES_0QXyJO9nSdeWIC8aA99gVE6zLA.C844lk0macZXCUoK6HyLsQl9SN2uICROIiD5sqwwO0QNPBDRv6JxnEF7R_TPQ3zU7z8c6dkta3rNvMDPOw; report-to cf-ozohxlbrgkjiqaxw
age: 643398
traceresponse: 00-17f29e8b03c1760b4552e4771d5798be-ffb7faa7ce1cd1c0-01
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-served-by: cache-lga21941-LGA
last-modified: Wed, 16 Nov 2022 17:09:58 GMT
server: cloudflare
x-timer: S1725615927.103044,VS0,VE44
etag: W/"63751966-b12"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=R012b5saXbtDCrLmCB5HydJbkW_6tnCuzHCoC6npRK0-1726260923-1.0.1.1-QCkw_27haQsN9B.RKUw17m5E3S.y05va2Bev4eeHX9HjhtlYJ6Df034oxzfUEUxjUVD7kTVzt2kIUD7iUQB5WDdZVgqM6n2lnmljAi4y0n__9e5zKD4ePmu5TljrR7Ww7VMgmweMYmq1_EOH0If0OGFQnUfO.dbad5K_8a.zKyc7wVdmutys_7_U6eGK_e1MtAzcaVdyaEo5VBlM3AXyVQ"}],"group":"cf-kddwpunhevhiesbi","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=LQuyB5zW.WE9qHUcdQvOACBushjwlVtiP4VmQ0S0jdg-1726260923-1.0.1.1-0A10uQM74TDsECn3h38q_EYKmwPS5ThLvMr4StsLd_RdII9J8F0YbLjNlE0SysHw3m2iwR2fdQGRKjwvGnAfw35OuusslS38AqiLVDHWilngFmJwHZ5UOXubeIGbyS0_V53e14z1_TQTX8P3fisscq.Vg5N4kpyTh2jyEGoXo3fcCbiVKM1SLNZIsQbZX_MhO5ellg7gA2BK2CJJxSn20w"}],"group":"cf-ttzrgxmhfyunqses","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=G3yjtE5i9A48NdOlaDLE4wJiM5cg8hAc7XymSBF7w0o-1726260923-1.0.1.1-lLuWvUQmIYqBFERyVTiXE1a9bIJZJbC1InwtKAqFSNYDJzALOKsVFp3x_rRpIpj29mxnbXCisAXynfx58qGHi3bjNcfhgnxFIJ7t8pMF1229cxuxgwsfKz.wca2TPBr805hrX4EUqtkjx7rI1E1IxE762YR7sJqQkHFj7zWTA2oyvK6RKOIhP6EKV71XP19rQMdWM9T4Lbgb3O0R61ZePQ"}],"group":"cf-fbwlceckxwlounkg","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=P413i6BrHyusyHIFT1Dao1324SPSUcjKeaMTOgdn1kc-1726260923-1.0.1.1-5NpT.NFA4y_ZMCWwKUnYt8KsUw22x6VemWrkNk59HBIDBeIcFSAYFbAUFn0IGOsv07bKTNO9.hQTYmYSXn0P_FRzh5PvSlSZwoaUB.ES_0QXyJO9nSdeWIC8aA99gVE6zLA.C844lk0macZXCUoK6HyLsQl9SN2uICROIiD5sqwwO0QNPBDRv6JxnEF7R_TPQ3zU7z8c6dkta3rNvMDPOw"}],"group":"cf-ozohxlbrgkjiqaxw","max_age":86400}
content-type: image/svg+xml
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
cf-ray: 8c2b09b0aff3ab1e-YYZ
x-cache-hits: 0

GET
H3 200 usa-flag-icon-round.png
www.oxo.com/media/wysiwyg/country-selector/ 1 KB
10 KB 68ms
65ms Image
image/webp 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.oxo.com/media/wysiwyg/country-selector/usa-flag-icon-round.png

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f029fa69f0e3d3776ce2881d5c0983412943c8dc236bbe30ad7c03f4783c4a60

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=N.pn42nCMb05qo_kjcLQTWb87a0XDw0uh2Gr1mGf524-1726260923-1.0.1.1-gdDYRAwgyatN5SCeTKklk6dx4ZuN4B.7LQ5FERd_A7jr1.A565cO9iUYZl5007ePd_Ws88SkwPdTRYDUlF6RAr8O3KMILAB.Oa_FFxCB4u7Np11CqacjdBLXmhB0w0NNzLEXa31yBVZJsKk.k.E4sAKR4ABx8pRtidvBWx2cZXTjPKkKdKeVcT.hf5DEQrnAMKo6D4FwWuV0DZHsziWAGA; report-to cf-gaedkxllhhxtetku, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZvhUdLp1zAc5TmFgQzI77i8AsoPdLKPrsYZxcTHz64Y-1726260923-1.0.1.1-Nr6jsriMfPFPQqiWl1IoJgcyQMgnTC25F2YhFpmoiVy.PMgT3wPreBVojUJF5OCt7HS3FOyWxu9GYzbKgOAEYygwAf4ikfeGl3HKTtf6yW9C8rK_0rlcvcIFEbIY2.mA2ruRV9jqqiyszNeNANZXhD10d81kLOkooIhJGvQlahocvSEe02Z.HDJXvz9CVUasodzzJBTyVYh21vPTUnjQ1w; report-to cf-mbglulfqecnqiadc

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:23 GMT
strict-transport-security: max-age=31557600
cf-cache-status: HIT
x-platform-server: i-08c93229e497ba9db, i-08c93229e497ba9db
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=N.pn42nCMb05qo_kjcLQTWb87a0XDw0uh2Gr1mGf524-1726260923-1.0.1.1-gdDYRAwgyatN5SCeTKklk6dx4ZuN4B.7LQ5FERd_A7jr1.A565cO9iUYZl5007ePd_Ws88SkwPdTRYDUlF6RAr8O3KMILAB.Oa_FFxCB4u7Np11CqacjdBLXmhB0w0NNzLEXa31yBVZJsKk.k.E4sAKR4ABx8pRtidvBWx2cZXTjPKkKdKeVcT.hf5DEQrnAMKo6D4FwWuV0DZHsziWAGA; report-to cf-gaedkxllhhxtetku, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ZvhUdLp1zAc5TmFgQzI77i8AsoPdLKPrsYZxcTHz64Y-1726260923-1.0.1.1-Nr6jsriMfPFPQqiWl1IoJgcyQMgnTC25F2YhFpmoiVy.PMgT3wPreBVojUJF5OCt7HS3FOyWxu9GYzbKgOAEYygwAf4ikfeGl3HKTtf6yW9C8rK_0rlcvcIFEbIY2.mA2ruRV9jqqiyszNeNANZXhD10d81kLOkooIhJGvQlahocvSEe02Z.HDJXvz9CVUasodzzJBTyVYh21vPTUnjQ1w; report-to cf-mbglulfqecnqiadc
age: 643397
traceresponse: 00-17f29e8b03b934d730dcd622529467c3-1c76debd41620f91-01
cf-polished: origFmt=png, origSize=1795
x-cache: MISS
content-disposition: inline; filename="usa-flag-icon-round.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1138
x-served-by: cache-iad-kiad7000114-IAD
last-modified: Tue, 28 Jun 2022 12:33:37 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
x-timer: S1725615927.131737,VS0,VE11
etag: "62baf521-703"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=0ZlsnPGlN63SheTIbIBjbRd2U1opitPH.sdJWNoDRXw-1726260923-1.0.1.1-qCPqkzGBdmuloUA7OustmxABFZitQOVvyE2P1hC57N_kBfFXalYyS7RCr2mbQ.jTkrjakD2_Jzm4wdXwhNbgk8hSpXsiRDiYwMYrZ58_rT89Z_bZPKWkw3OxHwmtAJjdjohYtyJcptFV2mf62wiX6b5paa_TSdZ_BGpi0QlFg9.I0fiac.ud0.mpgvlIOQTlGbkGDOFjQ9pkQLgsSLpRzw"}],"group":"cf-adtjlpykvufwsowi","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=aW2mCRJk8DEtqFNo7robqM3vsn1wCp7LX3Z6tk6x6nI-1726260923-1.0.1.1-9l3lZQatGg1Iny_p9ZQniWQF4RfNiatpZX2crVsoG1i2Pu0VXpvWPBZQCAWvdcHSv0mhNoAqXnK87IAnb4PYIexpSPBd.E1yoNlC76rrVp_3BFs2l95LJwKON5zgIdrWf.DIcYG3NVoKJp29eapc50oLyipnVQn_9M6u0KWyNrybR8n8bjhcYStt2x6d5zzbY1cPXwG0EcGy49wFv0.8.A"}],"group":"cf-bsxbyikebutxaytj","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=N.pn42nCMb05qo_kjcLQTWb87a0XDw0uh2Gr1mGf524-1726260923-1.0.1.1-gdDYRAwgyatN5SCeTKklk6dx4ZuN4B.7LQ5FERd_A7jr1.A565cO9iUYZl5007ePd_Ws88SkwPdTRYDUlF6RAr8O3KMILAB.Oa_FFxCB4u7Np11CqacjdBLXmhB0w0NNzLEXa31yBVZJsKk.k.E4sAKR4ABx8pRtidvBWx2cZXTjPKkKdKeVcT.hf5DEQrnAMKo6D4FwWuV0DZHsziWAGA"}],"group":"cf-gaedkxllhhxtetku","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ZvhUdLp1zAc5TmFgQzI77i8AsoPdLKPrsYZxcTHz64Y-1726260923-1.0.1.1-Nr6jsriMfPFPQqiWl1IoJgcyQMgnTC25F2YhFpmoiVy.PMgT3wPreBVojUJF5OCt7HS3FOyWxu9GYzbKgOAEYygwAf4ikfeGl3HKTtf6yW9C8rK_0rlcvcIFEbIY2.mA2ruRV9jqqiyszNeNANZXhD10d81kLOkooIhJGvQlahocvSEe02Z.HDJXvz9CVUasodzzJBTyVYh21vPTUnjQ1w"}],"group":"cf-mbglulfqecnqiadc","max_age":86400}
content-type: image/webp
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09b0aff5ab1e-YYZ
expires: Sat, 13 Sep 2025 20:55:23 GMT

GET
H3 200 timingpcg.min.js Show response
cdn-assets.rapidspike.com/static/js/ 4 KB
2 KB 118ms
58ms Script
application/javascript 172.67.68.249
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-assets.rapidspike.com/static/js/timingpcg.min.js

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.68.249 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ee83969c5ed3f38072076b0611914153d86dc42ce38b1ed98a04fcefef56e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: gzip
via: 1.1 66048474d92f7513c54f0d11dd060004.cloudfront.net (CloudFront)
x-amz-version-id: qzlXwDGQj9dBbrhOP5ZXI11Iu.k.wWLy
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: ORD51-C3
age: 1886561
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 1171
last-modified: Mon, 08 Feb 2021 09:08:32 GMT
server: cloudflare
etag: "3427a75adc6fa4b6a5b35bd12c763696"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mH6T%2F0UmTQ6IeeZ%2B26%2BpfflcqPZbnYwYwGGpgPOKIwJuM9x9M79uLhNpmoCQsj7fPILA72hdnvrwvGo5JXefH93yusXEB4H3pphO8oVzt%2B0hPR%2FlPU23%2BwAlj72SRUh3XXiPQhPVkGe1Hvk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2628000
accept-ranges: bytes
cf-ray: 8c2b09b22b35a1ec-YYZ
x-amz-cf-id: EnEBUSL5ofzrTa2kfTQvp1E5jWs4BmgghgNaRHVDqpAkhghhVybumg==

GET
H2 200 id Show response
dpm.demdex.net/ 370 B
913 B 121ms
29ms XHR
application/json 3.208.75.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1FFF6FB66047579B0A495FA7%40AdobeOrg&d_nsid=0&ts=1726260923188

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.208.75.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-208-75-12.compute-1.amazonaws.com

Software

Resource Hash

7b7438148621590f832534c952063346875c0d0abc79b38c32a09c00538d1cf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-va6-2-v064-0d4f5c5a1.edge-va6.demdex.com 3 ms
pragma: no-cache
date: Fri, 13 Sep 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: CohlfUd4RfI=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://www.oxo.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 313
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 34 KB
12 KB 34ms
31ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12384
expires: Fri, 13 Sep 2024 21:55:23 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 3 KB
2 KB 36ms
33ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "b89fcb8870ac40eecb6d3cc844d35389:1663863409.92483"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1598
expires: Fri, 13 Sep 2024 21:55:23 GMT

GET
H3 200 js-translation.json Show response
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/ 597 B
9 KB 58ms
56ms XHR
application/json 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/js-translation.json

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ad234746ca644a0ddd098f075ab122467fde2ec1ac44b9607b9dfc3f9a87ece

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Pww4GrS94xlv_bTGVZP33Syv1JwZCiwp3_M5IZTwxQU-1726260923-1.0.1.1-I02PM1W9tZqc6Ja4aC.Qc_7j_gbXkUcG98ABYmq.Fv74Pdke7SumZAjH3Je_O8H04FEJQX0nCvi8FOCGtk3KADj_yk5MXHU7Fu5c7l72Xb7cTlbHxgo6wdlsCqFoUNAIQ_mUqKkzHVBODDf57WZTg6rON6QuKj2nKa2mnr44oMosBeRz5Uv.A8jkeuMgXal7jhbewyqkCTDZgqKgT.VKXQ; report-to cf-uuynbilbjbsqilmv, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_WUwQBdKMozU1UGGbRz4n7leeiUwkBwmuMqJMIUBAek-1726260923-1.0.1.1-IEIyPHcfB8LIf1vnfHHGWd4hIaHwhHzkc01caNXU2VpzTta8Slf.QUl0Q5rowBpPvYJslN291fC_eE8yp9QSYEsro.qo6L3rYRPH5Dy2zTogVuITb8jZDW5b75kRzEsCV3yGm2H6XYJRiFsMVwh3eznsJE3toCIpDyTzFnX5eB9gTyhrH4mtR5iq6g7YVEI.bKsxy9XNKpKI8hfgLO0Ohg; report-to cf-ldmekcjvnvcppvif

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-platform-server: i-05fb2acf84a0261d6, i-05fb2acf84a0261d6
strict-transport-security: max-age=31557600
age: 28209
traceresponse: 00-17f29d3c46208e00fc5e0af34f6f7de5-e860601586bc9683-01
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Pww4GrS94xlv_bTGVZP33Syv1JwZCiwp3_M5IZTwxQU-1726260923-1.0.1.1-I02PM1W9tZqc6Ja4aC.Qc_7j_gbXkUcG98ABYmq.Fv74Pdke7SumZAjH3Je_O8H04FEJQX0nCvi8FOCGtk3KADj_yk5MXHU7Fu5c7l72Xb7cTlbHxgo6wdlsCqFoUNAIQ_mUqKkzHVBODDf57WZTg6rON6QuKj2nKa2mnr44oMosBeRz5Uv.A8jkeuMgXal7jhbewyqkCTDZgqKgT.VKXQ; report-to cf-uuynbilbjbsqilmv, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=_WUwQBdKMozU1UGGbRz4n7leeiUwkBwmuMqJMIUBAek-1726260923-1.0.1.1-IEIyPHcfB8LIf1vnfHHGWd4hIaHwhHzkc01caNXU2VpzTta8Slf.QUl0Q5rowBpPvYJslN291fC_eE8yp9QSYEsro.qo6L3rYRPH5Dy2zTogVuITb8jZDW5b75kRzEsCV3yGm2H6XYJRiFsMVwh3eznsJE3toCIpDyTzFnX5eB9gTyhrH4mtR5iq6g7YVEI.bKsxy9XNKpKI8hfgLO0Ohg; report-to cf-ldmekcjvnvcppvif
x-cache: HIT, HIT
alt-svc: h3=":443"; ma=86400
content-length: 295
x-served-by: cache-iad-kjyo7100051-IAD, cache-yyz4523-YYZ
last-modified: Fri, 06 Sep 2024 08:59:58 GMT
server: cloudflare
etag: W/"66dac48e-255"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=kXPYdLjj78pV3b_aus03hGudcPR9oANE8_A9V1DSw.U-1726260923-1.0.1.1-YBPscGcI88JH8d82yNGNwPob9DASOTKkser09hH4_GHsWI9enGgfkzV0TTBmw7YPONzxzhE04F0hsS7FP.sHfJecTvcXYgUUPwBdGNHZA3nnXRXvJmUdcNd3R2LEM7FsBx9g_Sss5cz.goZsSImTuoG3PR342yHFqYW3CRHA0Mud27VTpe_IakOL31LQDqHVQ2JTDRGn7b07U169i7gI8A"}],"group":"cf-fwgeymtbwszfqkje","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=9tBZSN9nhECrxQ8kqN5Qh.eXsqEyhBeKwu1cNKllV6M-1726260923-1.0.1.1-NMUPHIR5mdhX8Z6rq8pLk4xGKczTNf6_xsOu6bssGFtZpiwlgINIFOhMaqD_PmBGvq1l6voE4aYZ2IhfJyk8Dfvjf9WcwJEMJlylPWkS7wl.h0Hj7ZveCfg9XdWU9yCHXlGKi8QhpMsUE2RWnxUKI_S5p8eSfbl0AZMT2jCVNYuNhYlWBDYxSemDWNPM8VfjQQZwtPhwmLrva3DXubsHew"}],"group":"cf-qfngncnxekefxbin","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Pww4GrS94xlv_bTGVZP33Syv1JwZCiwp3_M5IZTwxQU-1726260923-1.0.1.1-I02PM1W9tZqc6Ja4aC.Qc_7j_gbXkUcG98ABYmq.Fv74Pdke7SumZAjH3Je_O8H04FEJQX0nCvi8FOCGtk3KADj_yk5MXHU7Fu5c7l72Xb7cTlbHxgo6wdlsCqFoUNAIQ_mUqKkzHVBODDf57WZTg6rON6QuKj2nKa2mnr44oMosBeRz5Uv.A8jkeuMgXal7jhbewyqkCTDZgqKgT.VKXQ"}],"group":"cf-uuynbilbjbsqilmv","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=_WUwQBdKMozU1UGGbRz4n7leeiUwkBwmuMqJMIUBAek-1726260923-1.0.1.1-IEIyPHcfB8LIf1vnfHHGWd4hIaHwhHzkc01caNXU2VpzTta8Slf.QUl0Q5rowBpPvYJslN291fC_eE8yp9QSYEsro.qo6L3rYRPH5Dy2zTogVuITb8jZDW5b75kRzEsCV3yGm2H6XYJRiFsMVwh3eznsJE3toCIpDyTzFnX5eB9gTyhrH4mtR5iq6g7YVEI.bKsxy9XNKpKI8hfgLO0Ohg"}],"group":"cf-ldmekcjvnvcppvif","max_age":86400}
content-type: application/json
cache-control: max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09b2a9b5ab1e-YYZ
x-cache-hits: 8, 0

GET
H2

200

index.js Show response
unpkg.com/@adobe/magento-storefront-events-sdk@1.11.0/dist/
Redirect Chain

https://unpkg.com/@adobe/magento-storefront-events-sdk@%5E1/dist/index.js
https://unpkg.com/@adobe/magento-storefront-events-sdk@1.11.0/dist/index.js

42 KB
17 KB

33ms
32ms

Script
application/javascript

2606:4700::6811:f7cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@adobe/magento-storefront-events-sdk@1.11.0/dist/index.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Server

2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b80e2ebf2ced4ff0df3fbfb3731c3493824b50fb70c56969ae9a56488d3c714c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 793049
last-modified: Wed, 04 Sep 2024 16:32:01 GMT
fly-request-id: 01J6YYCNB60GHWM9RRE0A0K9DT-yul
server: cloudflare
etag: "a8c3-DLd6Py+EjWQWHaFx5xAAp2Fghzo"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8c2b09b40a1ea320-YUL

Redirect headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01J7PJNHG0WY2DGE5PAGNWH7MZ-yul
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 34
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@adobe/magento-storefront-events-sdk@1.11.0/dist/index.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 8c2b09b37983a320-YUL

GET
H2 200 klaviyo.js
static.klaviyo.com/onsite/js/ 8 KB
108 B 20ms
18ms Other
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WZkk5e

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5cbcb51e74bb74a0b0cefac08607d82ad5902ee9a6169d96eb0e43b7d9ba88b6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
via: 1.1 varnish
content-encoding: br
content-security-policy: script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/
age: 589
x-cache: HIT
content-length: 2355
x-served-by: cache-yul1970027-YUL
server: nginx
x-timer: S1726260923.379565,VS0,VE0
etag: "c6a0cdd8be54e48fbf3784e72136a9f4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-language: en-us
access-control-allow-origin: *
content-type: application/javascript
cache-control: max-age=1, stale-while-revalidate=10800, stale-if-error=86400
access-control-allow-credentials: true
access-control-max-age: 86400
accept-ranges: bytes
access-control-allow-headers
allow: GET, OPTIONS
x-cache-hits: 2

GET
H2

200

ibs:dpid=411&dpuuid=ZuSlqwAAAJwUvQOH
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=79080372818410402722610795415115723096
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuSlqwAAAJwUvQOH

42 B
714 B

39ms
35ms

Image
image/gif

3.208.75.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuSlqwAAAJwUvQOH

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Server

3.208.75.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-208-75-12.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v064-005b12f64.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Fri, 13 Sep 2024 20:55:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: ysPRSfeGRXg=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuSlqwAAAJwUvQOH
Date: Fri, 13 Sep 2024 20:55:23 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 v1.7-230 Show response
consent.trustarc.com/asset/notice.js/v/ 93 KB
28 KB 30ms
28ms Script
text/javascript 18.238.49.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-230

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=www.oxo.com&c=teconsent&js=nj&noticeType=bb&text=true&gtm=true&privacypolicylink=https%3A%2F%2Fwww.oxo.com%2Fprivacy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.49.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-49-62.jfk52.r.cloudfront.net

Software

Resource Hash

f2769341fbf31a14e512d5b4138e93597e2eaf57dc58a09748a0515f4d4fd267

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: public
date: Fri, 13 Sep 2024 20:01:01 GMT
content-encoding: gzip
via: 1.1 e3d2c542026df7b9357e3b591c889f64.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 5 Aug 2024 02:19:53 GMT
x-amz-cf-pop: JFK52-P3
age: 3262
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
x-amz-cf-id: kwOvYF86BVi8hkx-5K4leoa8dFZpQLfS6oVRGmVcx7av0ZVN8EEH3w==

GET
H2 200 log
consent.trustarc.com/ 43 B
429 B 105ms
104ms Image
image/gif 18.238.49.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/log?domain=www.oxo.com&country=ca&state=&behavior=implied&session=a49cbb0b-50cd-482d-9df3-aab8b0558b68&userType=NEW&c=a010&referer=https://www.oxo.com&language=en

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.49.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-49-62.jfk52.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 20:55:23 GMT
via: 1.1 0b703f88574c6bad454306eb64dd50a2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK52-P3
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: kCfo38i3ryCKFEEF7oVREs00thKqV6bR1DuUMXTxalhqfF_R_X3v4A==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET 0tyxwj.js
cdn.crobox.io/js/ 0
0

OPTIONS
H2 200 23ead396ddbf4423bbafec36c3221744
lib-us-1.brilliantcollector.com/collector/switch/ Frame 0
0 112ms
33ms Preflight 54.224.113.8
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lib-us-1.brilliantcollector.com/collector/switch/23ead396ddbf4423bbafec36c3221744
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.113.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-113-8.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: GET
Origin: https://www.oxo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-requested-with
access-control-allow-methods: GET
access-control-allow-origin: https://www.oxo.com
access-control-max-age: 3600
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length: 0
date: Fri, 13 Sep 2024 20:55:23 GMT
server: istio-envoy
vary: Accept-Encoding,Origin
x-envoy-upstream-service-time: 0

GET
H2 200 23ead396ddbf4423bbafec36c3221744 Show response
lib-us-1.brilliantcollector.com/collector/switch/ 1 B
240 B 36ms
32ms XHR
application/json 54.224.113.8
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lib-us-1.brilliantcollector.com/collector/switch/23ead396ddbf4423bbafec36c3221744
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.113.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-113-8.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
dcname: prod-dal
server: istio-envoy
vary: Accept-Encoding,Origin
content-type: application/json
access-control-allow-origin: https://www.oxo.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
nodeid: wscollector-5df4f448c7-cl8xd
content-length: 1

GET
H3 200 get Show response
www.oxo.com//hotconfigurable/mediaurl/ 46 B
9 KB 61ms
60ms XHR
application/json 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com//hotconfigurable/mediaurl/get

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc2e8b81f7f213a51bbb4e5f9f2611d5c34e4dadc1f747fddf9b2463b6663f57

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com .paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com .stripe.network www.recaptcha.net .addressy.com .klaviyo.com .datadome.co .yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io .sdiapi.com dpm.demdex.net .omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com .adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com .algolia.net .algolia.com .algolianet.com .yotpo.com ekr.zdassets.com/ .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .braintree-api.com .paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net .oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk .parcellab.com .rapidspike.com .brilliantcollector.com cloud.vimeo.com vimeo.com .clarity.ms bat.bing.com .kaltura.com .spectrumcustomizer.com .acq.io ssl.geoplugin.net .yimg.com .hotjar.com vc.hotjar.io .pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com .googletagmanager.com .analytics.google.com .g.doubleclick.net .google.com .google-analytics.com .trustarc.com mpsnare.iesnare.com; font-src .sdiapi.com .klaviyo.com .typekit.net .yotpo.com .googleapis.com .gstatic.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com .hydroflask.com .oxo.com cdn.kustomerapp.com .trustarc.com .lightboxcdn.com .spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com .yotpo.com .iterable.com .cardinalcommerce.com .paypal.com .oxo.com .brilliantcollector.com .facebook.com 'self' 'unsafe-inline'; frame-ancestors .stripe.com stripe.com .kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src .akamaized.net .kaltura.com cfvod.kaltura.com .adobe.com .oxo.com .vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net .typekit.net .klaviyo.com .adobe.com .yotpo.com .googleapis.com mageside.com .mageside.com .oxo.com .pcapredict.com services.postcodeanywhere.co.uk .lightboxcdn.com .parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com .googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=heb5zPWhhgh0nTHJ81jCMhLFC9xPtOtOO3BDPoC2LOE-1726260923-1.0.1.1-hNu9kSdXP.zZDX2ZZ_QzDf1by.kwHAWes83wLJ5lRTTonwAW5_0SlKD6RfiYVObU_CsSvKjXJXFjJqa_FgSwxAbQ3.Z6PgJBgCAKkezlH85FoXM3bCjxzdMNDDT8kn53fUGvoC6wKscYOmj94aZY0qY4e0XEJSnK6OLirmRxwintVWyi9yPi6n0R9qIWDHZ5t4aKyAr3_qNzpeSdhi0KOw; report-to cf-xdoxspxebabljoeh, frame-src services.sheerid.com .stripe.network www.recaptcha.net .sdiapi.com .kmail-lists.com fast.amc.demdex.net .adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com .youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com .yotpo.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com assets.braintreegateway.com pay.google.com .cardinalcommerce.com .paypal.com doubleclick.net .doubleclick.net vice01.hydroflask.com hydroflask.attn.tv .oxo.com .lightboxcdn.com .hydroflask.com .brilliantcollector.com .demdex.net .kustomer.support .kustomer.help .trustarc.com .locally.com .facebook.com .fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' .googletagmanager.com bid.g.doubleclick.net td.doubleclick.net .fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net .klaviyo.com .cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net .google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com .baidu.com .omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com .typekit.net www.paypalobjects.com .ftcdn.net .behance.net fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com validator.swagger.io .yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com .paypal.com mageside.com .mageside.com .hydroflask.com hydroflask.attn.tv .oxo.com .lightboxcdn.com na-stage.hele.digital .parcellab.com .trustarc.com cfvod.kaltura.com .bing.com .clarity.ms .hele.digital via.placeholder.com .locally.com .spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com .acq.io .yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com .facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com .google.com www.gstatic.com ssl.gstatic.com googletagmanager.com .googletagmanager.com fonts.googleapis.com .google-analytics.com .analytics.google.com .g.doubleclick.net .fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com .dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com .stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com .klaviyo.com .yottaa.net .yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com .sdiapi.com f.vimeocdn.com .adobedtm.com .adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net .magento-ds.com .typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .yotpo.com s7.addthis.com .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com .mageside.com doubleclick.net .hydroflask.com .oxo.com .pcapredict.com .lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net .fbot.me services.postcodeanywhere.co.uk .parcellab.com .trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com .brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com .clarity.ms .spectrumcustomizer.com js.acq.io ssl.geoplugin.net .yimg.com ajax.googleapis.com cdn.pushplanet.com .cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com .impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ypMS9K71_CJlU0voW4ma9UzSSsvY8Sm8SKq2slkfngo-1726260923-1.0.1.1-k.l0lwxU8uypHnxfTt4jrDqc6sYkblIQQwbfIOf6b0oydEYsXMVICBZSmt5mw_66a4jHjFNuygKnGXz1EUrTH9vhW3k9Wy3JNks45n1ARaLwFjvJVXkDQLcEl2dEzf49hQPyCiOdw5VA.qYMWMkm1r6Y5N0OZI7MTHM_QgANteb6VxhXDzuVV5XFGF8PRIejvGZw_TAAJbDVOyDD1vwCpw; report-to cf-qssgvasikhpgatow
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 13, 6
date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-platform-server: i-0a4df6a0c54e86ef1, i-0a4df6a0c54e86ef1
strict-transport-security: max-age=31557600
age: 28206
traceresponse: 00-17f4cf82562bfee8292fe02a4ee3a423-65e079fc2535d0ec-01
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=heb5zPWhhgh0nTHJ81jCMhLFC9xPtOtOO3BDPoC2LOE-1726260923-1.0.1.1-hNu9kSdXP.zZDX2ZZ_QzDf1by.kwHAWes83wLJ5lRTTonwAW5_0SlKD6RfiYVObU_CsSvKjXJXFjJqa_FgSwxAbQ3.Z6PgJBgCAKkezlH85FoXM3bCjxzdMNDDT8kn53fUGvoC6wKscYOmj94aZY0qY4e0XEJSnK6OLirmRxwintVWyi9yPi6n0R9qIWDHZ5t4aKyAr3_qNzpeSdhi0KOw; report-to cf-xdoxspxebabljoeh, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ypMS9K71_CJlU0voW4ma9UzSSsvY8Sm8SKq2slkfngo-1726260923-1.0.1.1-k.l0lwxU8uypHnxfTt4jrDqc6sYkblIQQwbfIOf6b0oydEYsXMVICBZSmt5mw_66a4jHjFNuygKnGXz1EUrTH9vhW3k9Wy3JNks45n1ARaLwFjvJVXkDQLcEl2dEzf49hQPyCiOdw5VA.qYMWMkm1r6Y5N0OZI7MTHM_QgANteb6VxhXDzuVV5XFGF8PRIejvGZw_TAAJbDVOyDD1vwCpw; report-to cf-qssgvasikhpgatow
x-cache: HIT, HIT
alt-svc: h3=":443"; ma=86400
content-length: 63
x-xss-protection: 1; mode=block
x-served-by: cache-iad-kcgs7200075-IAD, cache-yyz4583-YYZ
pragma: cache
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=gG6JjsjfD3mwUniRMMFEzAfY_._xKQQfILg8ufrZcZM-1726260923-1.0.1.1-8GCgh2ECIf3dILze0ZreL5bPkCaJ7Q3GsUOx2.D93P_yhBn1LRXGOvw9iV2m_EUxskoj0CbuGBffst2P0avMix8emHVbw817hNMuNTER15tBb3w8AEvXosfOrBlMewReF2NIZ3JfBhAqXvNt.YrP8viHfYJTW.2s8PMXCo.pQ9j90swLlEIhlyWmBUEQFZTMlhZUFT6nrrlagw2_BD0q3Q"}],"group":"cf-yyyqcwrntnbklmms","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=nWr0Yw2sxEp83iL1gbEPRD7oLrdSMcrpGNhUjXDe5FU-1726260923-1.0.1.1-C7yyS7PmZCHBE8VVYOhxa1HAe0WhY8E8iQ_SsCjWjIXQ44vJoCOUebNSlAslkOQ_pOTgmrSIYko2cUwkfGItB5bLRlyMCNCmOqRhAY3SJz8LuSwJFTtQWj1pCJUP5StstcTk01bI3ZirLkx4tKMchQ41Y2lRSVvNgsp2zjrtT.oCJpDiyY9ltb._dDM_uV8e6DepwSYPlM0ABeKrlUPlyw"}],"group":"cf-yiqddyefgktnmczo","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=heb5zPWhhgh0nTHJ81jCMhLFC9xPtOtOO3BDPoC2LOE-1726260923-1.0.1.1-hNu9kSdXP.zZDX2ZZ_QzDf1by.kwHAWes83wLJ5lRTTonwAW5_0SlKD6RfiYVObU_CsSvKjXJXFjJqa_FgSwxAbQ3.Z6PgJBgCAKkezlH85FoXM3bCjxzdMNDDT8kn53fUGvoC6wKscYOmj94aZY0qY4e0XEJSnK6OLirmRxwintVWyi9yPi6n0R9qIWDHZ5t4aKyAr3_qNzpeSdhi0KOw"}],"group":"cf-xdoxspxebabljoeh","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ypMS9K71_CJlU0voW4ma9UzSSsvY8Sm8SKq2slkfngo-1726260923-1.0.1.1-k.l0lwxU8uypHnxfTt4jrDqc6sYkblIQQwbfIOf6b0oydEYsXMVICBZSmt5mw_66a4jHjFNuygKnGXz1EUrTH9vhW3k9Wy3JNks45n1ARaLwFjvJVXkDQLcEl2dEzf49hQPyCiOdw5VA.qYMWMkm1r6Y5N0OZI7MTHM_QgANteb6VxhXDzuVV5XFGF8PRIejvGZw_TAAJbDVOyDD1vwCpw"}],"group":"cf-qssgvasikhpgatow","max_age":86400}
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: max-age=86400, public, s-maxage=86400
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09b48babab1e-YYZ
expires: Sat, 14 Sep 2024 13:05:17 GMT

GET
H3

200

main.js Show response
www.oxo.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/388c99dd0998/ Frame FD49
Redirect Chain

https://www.oxo.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.oxo.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/388c99dd0998/main.js?

8 KB
11 KB

42ms
38ms

Script
application/javascript

104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/388c99dd0998/main.js?

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c96f39f1da71879be531cc928f08dfd8cfa8862206c3ba5c34a42c1e145a2c3

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4DrvHkXAbvuMkO4wxRcov_i6GKVduYWSWW.ILkMqS_E-1726260923-1.0.1.1-FLQIvw8JiGgeOZxpy2YOqAwxLo7RK7Sy_wkgy9dZ8ZyETTEoAFWJNVwfU8U8hQbBUOacWgEUna3v66o2S33KY2Mh.E6vZ0jAsit8HUmlyBqIY8Kx3BBNMYrhzEzm268bYoG4ZtBQcQpQJs1J0.BJqIiMvu9BFDUSO.DkeVTNeknDyGq0UBrmwdtENPFvVXQjyE6tLkw2Nq7_4xKviWGkrg; report-to cf-rvbvhjaljcmvldlr, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=XRH_aHUijI201Boc.qE_iPZnzFYsMQqWRwWhUYBqABE-1726260923-1.0.1.1-lGqed_kDeGcEQXZgCSkz6jHgPNDz.18GYw7u2jyKKsv5Gpc7UBggvySg_j6w6WHZr5zceHLDP2lKnbix_07ckZP5QAxYiGGAVp.RLpFg98tW11uSU6ccuuG94on.qrpO0m2vARoqSq6POIGQW8mX2wBYZusmbPg5_bNzJEyVfmNKZxMyWk7jlZqtpUmQClTvR.A2yJjtur8sC4yw4fAUKA; report-to cf-fulibrtegtmfhrpc

X-Content-Type-Options

nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4DrvHkXAbvuMkO4wxRcov_i6GKVduYWSWW.ILkMqS_E-1726260923-1.0.1.1-FLQIvw8JiGgeOZxpy2YOqAwxLo7RK7Sy_wkgy9dZ8ZyETTEoAFWJNVwfU8U8hQbBUOacWgEUna3v66o2S33KY2Mh.E6vZ0jAsit8HUmlyBqIY8Kx3BBNMYrhzEzm268bYoG4ZtBQcQpQJs1J0.BJqIiMvu9BFDUSO.DkeVTNeknDyGq0UBrmwdtENPFvVXQjyE6tLkw2Nq7_4xKviWGkrg; report-to cf-rvbvhjaljcmvldlr, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=XRH_aHUijI201Boc.qE_iPZnzFYsMQqWRwWhUYBqABE-1726260923-1.0.1.1-lGqed_kDeGcEQXZgCSkz6jHgPNDz.18GYw7u2jyKKsv5Gpc7UBggvySg_j6w6WHZr5zceHLDP2lKnbix_07ckZP5QAxYiGGAVp.RLpFg98tW11uSU6ccuuG94on.qrpO0m2vARoqSq6POIGQW8mX2wBYZusmbPg5_bNzJEyVfmNKZxMyWk7jlZqtpUmQClTvR.A2yJjtur8sC4yw4fAUKA; report-to cf-fulibrtegtmfhrpc
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=4DrvHkXAbvuMkO4wxRcov_i6GKVduYWSWW.ILkMqS_E-1726260923-1.0.1.1-FLQIvw8JiGgeOZxpy2YOqAwxLo7RK7Sy_wkgy9dZ8ZyETTEoAFWJNVwfU8U8hQbBUOacWgEUna3v66o2S33KY2Mh.E6vZ0jAsit8HUmlyBqIY8Kx3BBNMYrhzEzm268bYoG4ZtBQcQpQJs1J0.BJqIiMvu9BFDUSO.DkeVTNeknDyGq0UBrmwdtENPFvVXQjyE6tLkw2Nq7_4xKviWGkrg"}],"group":"cf-rvbvhjaljcmvldlr","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=XRH_aHUijI201Boc.qE_iPZnzFYsMQqWRwWhUYBqABE-1726260923-1.0.1.1-lGqed_kDeGcEQXZgCSkz6jHgPNDz.18GYw7u2jyKKsv5Gpc7UBggvySg_j6w6WHZr5zceHLDP2lKnbix_07ckZP5QAxYiGGAVp.RLpFg98tW11uSU6ccuuG94on.qrpO0m2vARoqSq6POIGQW8mX2wBYZusmbPg5_bNzJEyVfmNKZxMyWk7jlZqtpUmQClTvR.A2yJjtur8sC4yw4fAUKA"}],"group":"cf-fulibrtegtmfhrpc","max_age":86400}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8c2b09b53c4aab1e-YYZ
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=9vSQnhA5q09LAzIpBTkUqlVm7um07Fa.9P97thT7s7g-1726260923-1.0.1.1-zpRMB70aomkCHqcz.QqJH8dE_HTNduEwxbb8.iPaP3khxYQn2Zxdyq3vi8RJVtBtf2JbQo7oQ4B.yzzND.O71ju0hqSYLUF3OOzxLIEFmGA9p23ulNH1Ld9c44bkMONniXXrGZmt1iy9VWE560d.R3rZReIm0HuUQXXobOWj.0oSO6jN6s_iVAgG2tjqI85FYwrera9gsf.tQqcllwf.HA; report-to cf-wbhogpncfznqrxjn, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=nJMG8_YuJHyvKZ8XmB.LLYf0NNQ77Zne7iGTOk468vo-1726260923-1.0.1.1-AQsxXJOayup119c4.SWupVr1XBuLa7tJkjxMXZ2CTDXM8UygS61IAJ6pabY_EHGU7XQybFmngX3dWdZRnZvcQwF1JTZfYjBG6q613MeEELH8.syFjQ.hqa3f3W8COru.aoHMLs3qa5PjpEEHepyRyD4EZyd8NqPtIWIRYxZ88C4TICJk21JuB_TBkIVYfzxtBz735.tB4lRpt2b.VnT0Jw; report-to cf-ezccvxnrzwhzwuzo
server: cloudflare
vary: Accept-Encoding
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=fLYi_T.5ZDJJgLTnNWi2lMKJcH7VRu6ZagUdjah2gR8-1726260923-1.0.1.1-bm2gmv0c7uJ74Cqi1yNh57l52ACRyVSKw62QbRfGkaNjJ.kDi59I9Lh_vPnBe8PXCJr99huCiCaBo0.pcLwJRcVJDi6syXWplTnItdYV86cjUyv2Vk2Uxwt_0AORDnYml5A3XIUWe8IahaBrkdlnEw; report-to cf-csp-endpoint
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=fLYi_T.5ZDJJgLTnNWi2lMKJcH7VRu6ZagUdjah2gR8-1726260923-1.0.1.1-bm2gmv0c7uJ74Cqi1yNh57l52ACRyVSKw62QbRfGkaNjJ.kDi59I9Lh_vPnBe8PXCJr99huCiCaBo0.pcLwJRcVJDi6syXWplTnItdYV86cjUyv2Vk2Uxwt_0AORDnYml5A3XIUWe8IahaBrkdlnEw"}],"group":"cf-csp-endpoint","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=9vSQnhA5q09LAzIpBTkUqlVm7um07Fa.9P97thT7s7g-1726260923-1.0.1.1-zpRMB70aomkCHqcz.QqJH8dE_HTNduEwxbb8.iPaP3khxYQn2Zxdyq3vi8RJVtBtf2JbQo7oQ4B.yzzND.O71ju0hqSYLUF3OOzxLIEFmGA9p23ulNH1Ld9c44bkMONniXXrGZmt1iy9VWE560d.R3rZReIm0HuUQXXobOWj.0oSO6jN6s_iVAgG2tjqI85FYwrera9gsf.tQqcllwf.HA"}],"group":"cf-wbhogpncfznqrxjn","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=nJMG8_YuJHyvKZ8XmB.LLYf0NNQ77Zne7iGTOk468vo-1726260923-1.0.1.1-AQsxXJOayup119c4.SWupVr1XBuLa7tJkjxMXZ2CTDXM8UygS61IAJ6pabY_EHGU7XQybFmngX3dWdZRnZvcQwF1JTZfYjBG6q613MeEELH8.syFjQ.hqa3f3W8COru.aoHMLs3qa5PjpEEHepyRyD4EZyd8NqPtIWIRYxZ88C4TICJk21JuB_TBkIVYfzxtBz735.tB4lRpt2b.VnT0Jw"}],"group":"cf-ezccvxnrzwhzwuzo","max_age":86400}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/388c99dd0998/main.js?
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8c2b09b4abceab1e-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 RC4415aaf1dd884704b6a9437a3b1b0c57-source.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/ 515 B
553 B 32ms
32ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/RC4415aaf1dd884704b6a9437a3b1b0c57-source.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c77d33e522d7d70bed1641a0cb498f02f9c360305be8aafd83e727b1e5776628

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:15 GMT
server: AkamaiNetStorage
etag: "c0ef945e89e249015fdf6b59de6a6fbe:1726238955.601956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 299
expires: Fri, 13 Sep 2024 21:55:23 GMT

GET
H2 200 bannermsg
consent.trustarc.com/ 43 B
429 B 104ms
103ms Image
image/gif 18.238.49.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/bannermsg?action=views&domain=www.oxo.com&behavior=implied&country=ca&language=en&rand=0.3171800183514739&session=a49cbb0b-50cd-482d-9df3-aab8b0558b68&userType=NEW&referer=https://www.oxo.com

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.49.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-49-62.jfk52.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 20:55:23 GMT
via: 1.1 0b703f88574c6bad454306eb64dd50a2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK52-P3
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: nxOzf69rLXd3solReFi6QdqyJbeAZWXIF1iJsh8tHrT8UuvQvfwSiw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ds.min.js Show response
commerce.adobedtm.com/v6/ 25 KB
8 KB 50ms
28ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://commerce.adobedtm.com/v6/ds.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e400cd30777e17efe3066485259980648528389e7305b028f35976b8c865d8b1

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2024 19:59:44 GMT
server: AkamaiNetStorage
etag: "c715f1e3afed260c262d63dfcb2fc684:1710791984.452452"
vary: Accept-Encoding
content-type: application/x-javascript
accept-ranges: bytes
content-length: 7832

GET
H2

200

index.js Show response
unpkg.com/@adobe/magento-storefront-event-collector@1.11.0/dist/
Redirect Chain

https://unpkg.com/@adobe/magento-storefront-event-collector@%5E1/dist/index.js
https://unpkg.com/@adobe/magento-storefront-event-collector@1.11.0/dist/index.js

146 KB
56 KB

29ms
28ms

Script
application/javascript

2606:4700::6811:f7cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@adobe/magento-storefront-event-collector@1.11.0/dist/index.js

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Server

2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cc8f3c0ad31b8fa76b04b5e5f338ac2abf28477037189bc279b1ee5720b81a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:24 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 793050
last-modified: Wed, 04 Sep 2024 16:32:09 GMT
fly-request-id: 01J6YYCN4CEBB8RE6J2TRQ4N09-yul
server: cloudflare
etag: "2462d-/0WSMqyRse96iemhL7phHZNKb6s"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8c2b09b77d56a320-YUL

Redirect headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01J7PJ8A4NEM3GMKPS2NY08Q07-yul
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 468
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@adobe/magento-storefront-event-collector@1.11.0/dist/index.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 8c2b09b61be8a320-YUL

GET
H2 200 s87354350176025
oxo.sc.omtrdc.net/b/ss/helenoftroyoxo/1/JS-2.23.0-LEWM/ 43 B
344 B 126ms
35ms Image
image/gif 63.140.39.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://oxo.sc.omtrdc.net/b/ss/helenoftroyoxo/1/JS-2.23.0-LEWM/s87354350176025?AQB=1&ndh=1&pf=1&t=13%2F8%2F2024%2013%3A55%3A23%205%20420&mid=74418948608589896483369674835470886552&aamlh=7&ce=UTF-8&pageName=choose%20your%20location&g=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA&c.&getPageLoadTime=2.0.1&getPreviousValue=3.0&.c&cc=USD&ch=oxo&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=choose%20your%20location&v1=choose%20your%20location&c3=oxo&v3=oxo&v5=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=1FFF6FB66047579B0A495FA7%40AdobeOrg&AQE=1

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.224 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-224.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 20:55:24 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Sep 2024 20:55:24 GMT
server: jag
etag: 3707117108318076928-4618568774243458860
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 12 Sep 2024 20:55:24 GMT

GET
H3 200 loader-1.gif
www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/images/ 17 KB
26 KB 56ms
55ms Image
image/gif 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.oxo.com/static/version1725613590/frontend/HoT/oxo/en_US/images/loader-1.gif

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caefc900beabcb8b438e7e4861b34f560d256675a09c417fd201574cd257741c

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Wle88DpAoX1GFWWaKKdEp_.7F7U9r9ePrdUIgRoD9tc-1726260923-1.0.1.1-uFOG.xrg3mpA.1RTB1wFpw7gl1fkDl64BIklPG3XiBNcT9qC9_02aEZquiDufWtwCoaZT9pm9E2.jN4TLKx1enSFpSUpLpCzLtRCd4kvFQWN3lmpjcGo4.7ejS8PxrWbK22FGFk7i4eNClm4i_RqoREGkC83NUWIyAOICYJqhApEII9YwvQkoS1y3_Qhxqcr0jg9SYj4m8TFv5F1Rmsd5g; report-to cf-llxlskxorpmfqfqb, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=HlUI5bln0jF7Vj5xfc78fpVnUVo6otiST73187DJBFc-1726260923-1.0.1.1-jkYCLW5WWhAg2YsFLIEHQXkTQbGYuIrE4iz3.H9U9evjUixbpxu7omDrEBJiyLUedo0WpnpIbtho3bZC63axmopGRNko9mOYHNGeSxVaGt332srRhA.BQ7.RLQEhQArLZcLS9aHRbIA4tpGX7roXtxZ2PtpRSwzrs2jMOgTqxL1sNDbZCKNcKsgBMQRYhZuu_ZKvYImebzqa8Ycrcn502g; report-to cf-xmouvxxgpudununw

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:23 GMT
strict-transport-security: max-age=31557600
cf-cache-status: HIT
x-platform-server: i-05fb2acf84a0261d6, i-05fb2acf84a0261d6
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Wle88DpAoX1GFWWaKKdEp_.7F7U9r9ePrdUIgRoD9tc-1726260923-1.0.1.1-uFOG.xrg3mpA.1RTB1wFpw7gl1fkDl64BIklPG3XiBNcT9qC9_02aEZquiDufWtwCoaZT9pm9E2.jN4TLKx1enSFpSUpLpCzLtRCd4kvFQWN3lmpjcGo4.7ejS8PxrWbK22FGFk7i4eNClm4i_RqoREGkC83NUWIyAOICYJqhApEII9YwvQkoS1y3_Qhxqcr0jg9SYj4m8TFv5F1Rmsd5g; report-to cf-llxlskxorpmfqfqb, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=HlUI5bln0jF7Vj5xfc78fpVnUVo6otiST73187DJBFc-1726260923-1.0.1.1-jkYCLW5WWhAg2YsFLIEHQXkTQbGYuIrE4iz3.H9U9evjUixbpxu7omDrEBJiyLUedo0WpnpIbtho3bZC63axmopGRNko9mOYHNGeSxVaGt332srRhA.BQ7.RLQEhQArLZcLS9aHRbIA4tpGX7roXtxZ2PtpRSwzrs2jMOgTqxL1sNDbZCKNcKsgBMQRYhZuu_ZKvYImebzqa8Ycrcn502g; report-to cf-xmouvxxgpudununw
age: 644383
traceresponse: 00-17f29e8acf18b2e9e237e0005a684c90-99db8e7af388eec7-01
cf-polished: status=not_needed
x-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 17255
x-served-by: cache-mia-kmia1760030-MIA
last-modified: Fri, 06 Sep 2024 08:59:25 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
x-timer: S1725615926.156648,VS0,VE114
etag: "66dac46d-4367"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ORHaPVsaQ7lhoE16QyadM.qDd2mtGCI2EFV61LeTjZI-1726260923-1.0.1.1-X08c21Rd_kSAV1UsfghmHGvn36PSCvDLTWST9u2IhiX4Hv7sNLkpBHlF5moPCS_W.Fx8fVpnPc9dVDanhiyQehGiePcXuw9ipRcYb9xH6hr14W_0JEsgbF0Ydgb0GDniaDaQ7e8LI3pUxtJ8xpc9PKXWvRRJMXI3LYEfa5D0DQ30F1BAbCYq2phMmUjn0vfIlOZtXkZhMcSl2_9mCyvKrw"}],"group":"cf-frypdhfzztbvzyvq","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=UUTk3c_FQWuESwZIKnb0CLdzlfi3vdBVFqz8CqELxlI-1726260923-1.0.1.1-KquElRbCQ8zXKceH9T4cO7XCAXC0B1c7WVId1DMyx4Qaz03lhAIJvMxQ5EAub07B3aQ9UFSudfXJxXzvwAnIi9qtvRNUT5CMJIYzqRCxIl9bCboJG8cydJutivFYMNqRiXyDLBXqvBddm_cajE44FG8bzRw9jooF38M5ZhlOQaQdHq82QN2z9UhsJO8_j34S92vfi6HWe0mn0MvWI8fN.Q"}],"group":"cf-mheednohkniuexec","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Wle88DpAoX1GFWWaKKdEp_.7F7U9r9ePrdUIgRoD9tc-1726260923-1.0.1.1-uFOG.xrg3mpA.1RTB1wFpw7gl1fkDl64BIklPG3XiBNcT9qC9_02aEZquiDufWtwCoaZT9pm9E2.jN4TLKx1enSFpSUpLpCzLtRCd4kvFQWN3lmpjcGo4.7ejS8PxrWbK22FGFk7i4eNClm4i_RqoREGkC83NUWIyAOICYJqhApEII9YwvQkoS1y3_Qhxqcr0jg9SYj4m8TFv5F1Rmsd5g"}],"group":"cf-llxlskxorpmfqfqb","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=HlUI5bln0jF7Vj5xfc78fpVnUVo6otiST73187DJBFc-1726260923-1.0.1.1-jkYCLW5WWhAg2YsFLIEHQXkTQbGYuIrE4iz3.H9U9evjUixbpxu7omDrEBJiyLUedo0WpnpIbtho3bZC63axmopGRNko9mOYHNGeSxVaGt332srRhA.BQ7.RLQEhQArLZcLS9aHRbIA4tpGX7roXtxZ2PtpRSwzrs2jMOgTqxL1sNDbZCKNcKsgBMQRYhZuu_ZKvYImebzqa8Ycrcn502g"}],"group":"cf-xmouvxxgpudununw","max_age":86400}
content-type: image/gif
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09b69d70ab1e-YYZ
expires: Sat, 13 Sep 2025 20:55:23 GMT

GET teads-fellow.js
p.teads.tv/ 0
0

GET
H2 200 RC9a9456831a7c4fb69b41d56a5baadf20-source.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/ 877 B
735 B 29ms
28ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/RC9a9456831a7c4fb69b41d56a5baadf20-source.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 83a411a8f02a06fc217862488767751c306222d6b11843b42cfa7ce849b08a87

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:15 GMT
server: AkamaiNetStorage
etag: "c0ef945e89e249015fdf6b59de6a6fbe:1726238955.601956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 481
expires: Fri, 13 Sep 2024 21:55:23 GMT

POST
H3 200 8c2b09a6adb6ab1e Show response
www.oxo.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame FD49 0
9 KB 40ms
32ms XHR
text/plain 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/cdn-cgi/challenge-platform/h/b/jsd/r/8c2b09a6adb6ab1e

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Dmot8I1lzjS.uqMvsbHkWvVy5UDJmWP9wDFKkc17xgE-1726260924-1.0.1.1-txRsIPZz9pmlCVMDkLLLOhKPscmvwZgnueyPJ.lIBNKnlGn9LVP56b0gdm3.E2pN6x3rwvkfBnhupfckJF2ZuH64QIbDp9Dw8W9u1joqaHUuuvmX7vDOsdQ6yoOD10E.Pizvgw7FC0d5kh3HIooVqWJikEmlMPyMYqAfIJRtY3n7oMak3SySgy_52IwMVdLJi2Cfi5mRDzRPKQTnhhPx9Q; report-to cf-qjxdyhjsfwxmrwyi, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=DjfN2Deqn8qibXw5F5QzBBZaT1tUUvmwr1L7TbiRr0I-1726260924-1.0.1.1-d1MxtfzLWlZ4tWNcRup.Jq5MxsH5RT2zT7QD0Ik4AUowu2PpiMTpTm_ipYS9niyPBea9ClJIz00jlrqqZSI9hX3J.7cqSugZ1nBQNgai0hVF3acJphMdlypersc2erOD.R_QcIYY3vbcHb03kBJs8OhqldvCCOLk0SBMl8qSSn1jXrGrIOE4_e70ysmQneQJlarHc6ycMNonaCt76hBbKA; report-to cf-unhraefryxyeoexs

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 13 Sep 2024 20:55:24 GMT
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Dmot8I1lzjS.uqMvsbHkWvVy5UDJmWP9wDFKkc17xgE-1726260924-1.0.1.1-txRsIPZz9pmlCVMDkLLLOhKPscmvwZgnueyPJ.lIBNKnlGn9LVP56b0gdm3.E2pN6x3rwvkfBnhupfckJF2ZuH64QIbDp9Dw8W9u1joqaHUuuvmX7vDOsdQ6yoOD10E.Pizvgw7FC0d5kh3HIooVqWJikEmlMPyMYqAfIJRtY3n7oMak3SySgy_52IwMVdLJi2Cfi5mRDzRPKQTnhhPx9Q; report-to cf-qjxdyhjsfwxmrwyi, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=DjfN2Deqn8qibXw5F5QzBBZaT1tUUvmwr1L7TbiRr0I-1726260924-1.0.1.1-d1MxtfzLWlZ4tWNcRup.Jq5MxsH5RT2zT7QD0Ik4AUowu2PpiMTpTm_ipYS9niyPBea9ClJIz00jlrqqZSI9hX3J.7cqSugZ1nBQNgai0hVF3acJphMdlypersc2erOD.R_QcIYY3vbcHb03kBJs8OhqldvCCOLk0SBMl8qSSn1jXrGrIOE4_e70ysmQneQJlarHc6ycMNonaCt76hBbKA; report-to cf-unhraefryxyeoexs
server: cloudflare
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=fa8kTGlUS5KWtBuDpUtBQILAmCPABQTFkOmXpXVugIA-1726260924-1.0.1.1-QXHy8JkSwzb3mvG6u_ZIdtVR87eWWt5Z7mymgCaqRbVRAnSQlY8ClHTz48X8PmsRYdJKnDeYBvpgyKHDLXnfvJV9sGYaF6NlMcFlxUlLXpT_PqwNq6T5k.8z1sYa76MTP6geNaGk9SjjqIwRBcSuTA; report-to cf-csp-endpoint
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=fa8kTGlUS5KWtBuDpUtBQILAmCPABQTFkOmXpXVugIA-1726260924-1.0.1.1-QXHy8JkSwzb3mvG6u_ZIdtVR87eWWt5Z7mymgCaqRbVRAnSQlY8ClHTz48X8PmsRYdJKnDeYBvpgyKHDLXnfvJV9sGYaF6NlMcFlxUlLXpT_PqwNq6T5k.8z1sYa76MTP6geNaGk9SjjqIwRBcSuTA"}],"group":"cf-csp-endpoint","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Dmot8I1lzjS.uqMvsbHkWvVy5UDJmWP9wDFKkc17xgE-1726260924-1.0.1.1-txRsIPZz9pmlCVMDkLLLOhKPscmvwZgnueyPJ.lIBNKnlGn9LVP56b0gdm3.E2pN6x3rwvkfBnhupfckJF2ZuH64QIbDp9Dw8W9u1joqaHUuuvmX7vDOsdQ6yoOD10E.Pizvgw7FC0d5kh3HIooVqWJikEmlMPyMYqAfIJRtY3n7oMak3SySgy_52IwMVdLJi2Cfi5mRDzRPKQTnhhPx9Q"}],"group":"cf-qjxdyhjsfwxmrwyi","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=DjfN2Deqn8qibXw5F5QzBBZaT1tUUvmwr1L7TbiRr0I-1726260924-1.0.1.1-d1MxtfzLWlZ4tWNcRup.Jq5MxsH5RT2zT7QD0Ik4AUowu2PpiMTpTm_ipYS9niyPBea9ClJIz00jlrqqZSI9hX3J.7cqSugZ1nBQNgai0hVF3acJphMdlypersc2erOD.R_QcIYY3vbcHb03kBJs8OhqldvCCOLk0SBMl8qSSn1jXrGrIOE4_e70ysmQneQJlarHc6ycMNonaCt76hBbKA"}],"group":"cf-unhraefryxyeoexs","max_age":86400}
content-type: text/plain; charset=UTF-8
cf-ray: 8c2b09b85edcab1e-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

OPTIONS
H2 200 collectorPost
lib-us-1.brilliantcollector.com/collector/ Frame 0
0 34ms
33ms Preflight 54.224.113.8
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lib-us-1.brilliantcollector.com/collector/collectorPost
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.113.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-113-8.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,x-pageid,x-requested-with,x-tealeaf,x-tealeaf-messagetypes,x-tealeaf-page-url,x-tealeaf-saas-appkey,x-tealeaf-saas-tltdid,x-tealeaf-saas-tltsid,x-tealeaf-syncxhr,x-tealeaftype
Access-Control-Request-Method: POST
Origin: https://www.oxo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-encoding, content-type, x-pageid, x-requested-with, x-tealeaf, x-tealeaf-messagetypes, x-tealeaf-page-url, x-tealeaf-saas-appkey, x-tealeaf-saas-tltdid, x-tealeaf-saas-tltsid, x-tealeaf-syncxhr, x-tealeaftype
access-control-allow-methods: POST
access-control-allow-origin: https://www.oxo.com
access-control-max-age: 3600
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length: 0
date: Fri, 13 Sep 2024 20:55:24 GMT
server: istio-envoy
vary: Accept-Encoding,Origin
x-envoy-upstream-service-time: 0

POST
H2 200 collectorPost Show response
lib-us-1.brilliantcollector.com/collector/ 38 B
357 B 70ms
65ms Fetch
application/json 54.224.113.8
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lib-us-1.brilliantcollector.com/collector/collectorPost
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.113.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-113-8.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 1d4fdec9bbde03db70d2add577e12d713e8cceb38fb75ba13df9c89252475f60

Request headers

Content-Encoding: gzip
X-Tealeaf-SaaS-TLTDID: 93191206283751053387345413134151
X-Tealeaf: device (UIC) Lib/6.4.65
X-Tealeaf-SyncXHR: false
X-Tealeaf-MessageTypes: 1,2,12,14
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json
X-Tealeaf-SaaS-AppKey: 23ead396ddbf4423bbafec36c3221744
X-Tealeaf-SaaS-TLTSID: 35846387440681796156367158717086
X-Requested-With: fetch
X-TealeafType: GUI
X-PageId: P.72FDNFNLU98K84XM3GN9MP9JMVGX
X-TeaLeaf-Page-Url: /countrySelector/geoip/getaction/
Referer: https://www.oxo.com/

Response headers

date: Fri, 13 Sep 2024 20:55:24 GMT
dcname: prod-dal
server: istio-envoy
vary: Accept-Encoding,Origin
content-type: application/json
access-control-allow-origin: https://www.oxo.com
cache-control: no-cache
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
tltsid: 35846387440681796156367158717086
nodeid: wscollector-5df4f448c7-cl8xd
content-length: 38
expires: Fri, 31 Dec 1998 12:00:00 GMT

GET
H2 200 RC5759338d2ece454b9329704d51b4f19b-source.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/ 459 B
543 B 38ms
37ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/RC5759338d2ece454b9329704d51b4f19b-source.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f1962d7f9774218ab88d8c21eaced7e7f2c7965b23d98e2e5fcc166e2f4a342e

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:24 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:15 GMT
server: AkamaiNetStorage
etag: "c0ef945e89e249015fdf6b59de6a6fbe:1726238955.601956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 289
expires: Fri, 13 Sep 2024 21:55:24 GMT

OPTIONS
H2 200 tp2
commerce.adobedc.net/collector/ Frame 0
0 129ms
30ms Preflight 34.230.160.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://commerce.adobedc.net/collector/tp2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.230.160.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-230-160-65.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.oxo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.oxo.com
access-control-max-age: 600
content-length: 0
date: Fri, 13 Sep 2024 20:55:24 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 tp2
commerce.adobedc.net/collector/ 2 B
285 B 96ms
31ms Ping
text/plain 34.230.160.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://commerce.adobedc.net/collector/tp2

Requested by

Host: unpkg.com
URL: https://unpkg.com/@adobe/magento-storefront-event-collector@%5E1/dist/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.230.160.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-230-160-65.compute-1.amazonaws.com

Software

nginx /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.oxo.com
date: Fri, 13 Sep 2024 20:55:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-credentials: true
server: nginx
content-length: 2

GET
H2 200 RC1c159f05357d4224b64121cbfaac1234-source.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/ 1 KB
944 B 27ms
25ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/RC1c159f05357d4224b64121cbfaac1234-source.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 1108c5d6a46cc684fffa4348a4ad097066d536f52b3a85c550bae2a7f50b68e9

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:24 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:15 GMT
server: AkamaiNetStorage
etag: "c0ef945e89e249015fdf6b59de6a6fbe:1726238955.601956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 690
expires: Fri, 13 Sep 2024 21:55:24 GMT

GET
H2 200 RC0f91f74c255842079fd9bbdc36c85e14-source.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/ 790 B
710 B 25ms
24ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/RC0f91f74c255842079fd9bbdc36c85e14-source.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: cc0634f0db338f061a0b0179b5c5bf558fc0a32521503e4d9c1f343cab280f7c

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:24 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:15 GMT
server: AkamaiNetStorage
etag: "c0ef945e89e249015fdf6b59de6a6fbe:1726238955.601956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 456
expires: Fri, 13 Sep 2024 21:55:24 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 220 KB
79 KB 71ms
67ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-14167590

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/launch-012b4acf6374.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f841a021c983785e847e06ae688b3ea4700246e6ed06aa379f11705f3895fa30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80263
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 19:15:34 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 13 Sep 2024 20:55:24 GMT

GET
H2 200 RC7753bd1b26a74fe0b6448d87fcc03bec-source.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/ 952 B
849 B 34ms
32ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/RC7753bd1b26a74fe0b6448d87fcc03bec-source.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 75390cc07befc573e53fb02146475bbd790bf207edeb76080aca6c77cf74caf9

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:24 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:15 GMT
server: AkamaiNetStorage
etag: "c0ef945e89e249015fdf6b59de6a6fbe:1726238955.601956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 595
expires: Fri, 13 Sep 2024 21:55:24 GMT

GET
H3 200 activity;register_conversion=1;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l...
ad.doubleclick.net/ 0
23 B 162ms
102ms Image
image/png 142.250.65.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA?

Requested by

Host: www.oxo.com
URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.198 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 20:55:24 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"212821987306998508"}],"aggregatable_trigger_data":[{"filters":[{"14":["66754235"]}],"key_piece":"0x13420883b1477b67","source_keys":["12","13","14","15","16","17","18","19","20","21","22101180","22101181","22101182","22101183","638633540","638633541","638633542","638633543","638633780","638633781","638633782","638633783"]},{"key_piece":"0x9048441660cb404f","not_filters":{"14":["66754235"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","22101180","22101181","22101182","22101183","638633540","638633541","638633542","638633543","638633780","638633781","638633782","638633783"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"22101180":46,"22101181":46,"22101182":46,"22101183":4540,"638633540":38,"638633541":38,"638633542":38,"638633543":3739,"638633780":32,"638633781":32,"638633782":32,"638633783":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"11806402041349590062","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"212821987306998508","filters":[{"14":["66754235"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"212821987306998508","filters":[{"14":["66754235"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"212821987306998508","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"212821987306998508","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["14167590"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC03bdd7bc4dd9449ea3b00aa0c0f8b444-source.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/ 1 KB
824 B 124ms
54ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/RC03bdd7bc4dd9449ea3b00aa0c0f8b444-source.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 059ae9281a7cece0d38dc22b536bafad0c303b0d8e13df0dd1b4e0f5af440a6b

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:15 GMT
server: AkamaiNetStorage
etag: "c0ef945e89e249015fdf6b59de6a6fbe:1726238955.601956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 570
expires: Fri, 13 Sep 2024 21:55:25 GMT

POST
H3 204 rum Show response
www.oxo.com/cdn-cgi/ 0
138 B 116ms
54ms XHR
text/plain 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/cdn-cgi/rum?

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.oxo.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8c2b09bd4b1dab1e-YYZ

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 171ms
104ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 13 Sep 2024 20:55:25 GMT
document-policy: force-load-at-top
x-fb-server-load: 31
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58953
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=28, rtx=0, c=23, mss=1232, tbw=4456, tp=9, tpl=0, uplat=2, ullat=-1
pragma: public
x-fb-debug: HaPr6UbFo9bYxIFk7acjliM0RHiwd2pXfKblWwABTk548Dje0zuBn9ZEBXjbS78bun7978ovRg5hrmK9LDr5hw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 317 KB
105 KB 164ms
118ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QN3HZX14P2&l=dataLayer&cx=c

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

10a477066005d47f804c4a57ac101d51d0e3808bf7188125ed23d4f42e5cd484

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107575
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 13 Sep 2024 20:55:25 GMT

GET
H2 200 fender_analytics.8d21d049ace5ab4dbeef.js Show response
static-tracking.klaviyo.com/onsite/js/ 32 KB
12 KB 221ms
13ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/fender_analytics.8d21d049ace5ab4dbeef.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: da90484142079a67f8609c50324de041125ee49ca7eff1dff04527f393b082c9

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: nBhF5b72CCHSTD22re6nc.gWaBsK_b7t
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: 2MWJNP74RTTF50AJ
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 11823
x-amz-id-2: W8eXvsBBQzMZ8GpPgLMTVLEUOwWSS6seyVfKj33lLZyOEttzH0rH4UxoS9/0dXNczrOPQyywUyc=
x-served-by: cache-lga21952-LGA, cache-yul1970040-YUL
last-modified: Wed, 04 Sep 2024 19:04:52 GMT
server: AmazonS3
etag: "d80bb8baa3ca6cf2a6045d35a5769751"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: a45f8024c0890c50311d19cc2cd58cb4dfd1f41e
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 44, 315

GET
H2 200 static.8d136cd44b74e8189276.js Show response
static-tracking.klaviyo.com/onsite/js/ 495 B
853 B 220ms
14ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/static.8d136cd44b74e8189276.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6eaa7d84867f4a3f58d1cff2d44b4d4adfcc58072a48d761fe092b7e6172b253

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: uH6cu82Duq995N1qMWqZf6YsR2usxQeT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: WDTF80E976R5R4A6
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 280
x-amz-id-2: x3A3nCtK50M7+Le+F7ypZjiHS1oa1/lJWJ/lHcgzRUqMrASEQQEZJfRHmct4WIz7x+5idGhZNUM=
x-served-by: cache-lga21941-LGA, cache-yul1970040-YUL
last-modified: Mon, 26 Aug 2024 22:54:37 GMT
server: AmazonS3
etag: "264b8a3f80d7760ba761881fd76641fb"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: d4c18fcc13fa184f6bbaac7525d6a7e0d3236ae8
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 722094, 316

GET
H2 200 runtime.c9c01c41b74c1b142fbc.js Show response
static.klaviyo.com/onsite/js/ 20 KB
8 KB 106ms
43ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/runtime.c9c01c41b74c1b142fbc.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a19db97d8d5eb5c80855b8bbbf38e783b1d380d5b1ec7f47dafe3364bfe2fdf3

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: VuF14UQLunB2HWVkaAnxzATG5Bsa1rsp
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: Z7C04FYA0W6S33GB
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 7802
x-amz-id-2: sKDcGprUcm7Iikoq//k5HkALzSUJ+b25i88e4aUsfCxMUTd5VMdCA/teMkd8B7F0+qAMJCcXwNo=
x-served-by: cache-lga21964-LGA, cache-yul1970024-YUL
last-modified: Fri, 13 Sep 2024 15:35:48 GMT
server: AmazonS3
etag: "569a537339bb7e22141d1f9b690d6d39"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 670381b4ecd44d0b8cad78125357795d53c2ad28
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 7, 391

GET
H2 200 sharedUtils.71e3cd98c51ae510679f.js Show response
static.klaviyo.com/onsite/js/ 48 KB
18 KB 112ms
52ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/sharedUtils.71e3cd98c51ae510679f.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a6d90b55a4309d0187331c8d18508768f3f4e0efff92c1645e8f3ef248ed3f5

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: L5n.RSIf6WBEVxN7gg7BsXY1NZXgAZYS
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: DC8QAVZ6YJVEJS59
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 17945
x-amz-id-2: 6rsgwKt8TPV5v7vwfc8HrKFbgywJC5E2oHIUyxLweDj3mq4gULOzDrGHFWUfw82wLDdwBbZmpOA=
x-served-by: cache-lga21953-LGA, cache-yul1970024-YUL
last-modified: Thu, 12 Sep 2024 14:39:50 GMT
server: AmazonS3
etag: "c8b26f368fdbac8a3ad6f2fe6e7ee8c5"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 21571c98d63ae835bf6215dba2bdfcdd087cc914
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 86, 360

GET
H2 200 vendors~signup_forms~post_identification_sync~onsite-triggering~customerHubRoot.8c45a4643eee76f6e5c9.js Show response
static.klaviyo.com/onsite/js/ 12 KB
5 KB 105ms
50ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/vendors~signup_forms~post_identification_sync~onsite-triggering~customerHubRoot.8c45a4643eee76f6e5c9.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d2586e045767a0379e2072dc2fd04a86e9b2514620ffab62af46318aa20e2f01

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: FrVyqlbukpM8uuM2GGJ2UOf0ylCe7aCf
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: F712HBSDHF0379GE
age: 591
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 4100
x-amz-id-2: +Dl1SFSl7aBcHCvm1Gt1ie/RaNbdI9ktXbZ27zF1omEhwEWcv+dljCP5lx8CUfUgYrlyj6v/ttyCHhdOwi07VxUEafatN4dWqgFkyiyiW9Y=
x-served-by: cache-lga21968-LGA, cache-yul1970024-YUL
last-modified: Mon, 19 Aug 2024 21:56:48 GMT
server: AmazonS3
etag: "bcbe97b98d6018eab1657c41ede222ec"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 8f6e382a6dad25f970b754652bb2863c9cbe611b
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 456, 256

GET
H2 200 vendors~signup_forms~onsite-triggering.f88945af9a706719d64b.js Show response
static.klaviyo.com/onsite/js/ 9 KB
3 KB 96ms
41ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/vendors~signup_forms~onsite-triggering.f88945af9a706719d64b.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f73c578afd4839c471623755979976453bc91f26c0cf24a9f302e0024bf30a7f

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: TRe.Ma.RA.f_Hrh_dLuFmFXUoAUkn5ie
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: ZJATDMCAAV0AHMKP
age: 591
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 3282
x-amz-id-2: syehCADDPmX5FFolUcmmm4XdLJOd1Q314sOp32VWq/wN+Ei2aFy/HX817eN2UXhYBbdRH47O2ffzxHAjJ1HatOjX79LrtcGm
x-served-by: cache-lga21967-LGA, cache-yul1970024-YUL
last-modified: Tue, 13 Aug 2024 10:51:58 GMT
server: AmazonS3
etag: "b9d594ec8a92f26146977ada9530f2b0"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: d682cf6b66add4bca41f2fb7cb88b63f39926c55
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 1328911, 252

GET
H2 200 vendors~signup_forms.0a55af0707af13bd6205.js Show response
static.klaviyo.com/onsite/js/ 12 KB
4 KB 98ms
43ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/vendors~signup_forms.0a55af0707af13bd6205.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54a95e5381069af1c1ffe30d039643382c05ebd59d587161b142d5f29290c909

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: VDgFFCD6u1sOnG6rtBhTuPemsQGVWEQi
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: 20CGBP04R09JNA01
age: 591
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 3986
x-amz-id-2: HfHjNlKaAdE3tWsPLQfl5QE+jLeKLjubCOhxPJtOd1DB0ve5Rn1n8qTx1PzwQWslK8aWcaNi4n5vaHzCMYPG3l1k7zUZ8yDq
x-served-by: cache-lga21961-LGA, cache-yul1970024-YUL
last-modified: Fri, 06 Sep 2024 03:27:58 GMT
server: AmazonS3
etag: "dc2fa375024745e4a07f0ad3e81ba109"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 972ed9de370d10637a124252860b9638c1df7ef3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 156503, 255

GET
H2 200 default~signup_forms~onsite-triggering.c8f9e1cf499bdab782a9.js Show response
static.klaviyo.com/onsite/js/ 32 KB
10 KB 96ms
42ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/default~signup_forms~onsite-triggering.c8f9e1cf499bdab782a9.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c853e00afaed8f5bc00f96b24ea685eeb960433abf7dd98a79df91e591301231

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: j5JFaCZIuGrzfgh0VhcZJkrGzYvy_Ar.
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: J3KVXJZ162GJDJ6Z
age: 591
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 9350
x-amz-id-2: c1FGDgGnakXJPeSrWk2KTdqxE6F4wYSaj/MLDaVl0FFeaCTyOO+DajzFAoEs7YgAuXyhlSfQSYE=
x-served-by: cache-lga21937-LGA, cache-yul1970024-YUL
last-modified: Tue, 03 Sep 2024 14:44:50 GMT
server: AmazonS3
etag: "8374708fe1a13fb0eb1fffbe8a55a579"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 5138fb2ed66c438d18b1193d40ae53a8ddcad717
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 269287, 262

GET
H2 200 signup_forms.8cf69d2022c91c9a1df8.js Show response
static.klaviyo.com/onsite/js/ 16 KB
6 KB 104ms
51ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.klaviyo.com/onsite/js/signup_forms.8cf69d2022c91c9a1df8.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d7d2922afbb7aeb4815edfb4393e0fea0132bfbcce9246ce278c43f8067f2d6

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: pd9Ozt7Z87YWlvIBdLl7.H4CbPJZA5Kr
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: DC8VF17YGZXZP4FA
age: 591
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 5848
x-amz-id-2: hlGOKXtYDc6tNxRwOC1gh2Iv7il55n+vuN6qKeBuOxwxzlDtNSbRprtKahwL67+9c0plqYjXVRA=
x-served-by: cache-lga21940-LGA, cache-yul1970024-YUL
last-modified: Thu, 12 Sep 2024 14:39:50 GMT
server: AmazonS3
etag: "fd5edc6144a323a590c29da8a280555d"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 21571c98d63ae835bf6215dba2bdfcdd087cc914
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 94, 283

GET
H2 200 vendors~signup_forms~post_identification_sync~onsite-triggering~customerHubRoot.8c45a4643eee76f6e5c9.js Show response
static-tracking.klaviyo.com/onsite/js/ 12 KB
4 KB 232ms
38ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/vendors~signup_forms~post_identification_sync~onsite-triggering~customerHubRoot.8c45a4643eee76f6e5c9.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d2586e045767a0379e2072dc2fd04a86e9b2514620ffab62af46318aa20e2f01

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: cHoM9xljXdqi6EmlHdKdf7UMlvt9PeV2
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: AHPSX97YPS7TY6YF
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 4100
x-amz-id-2: i460nXi1u69RwesPZtND55wJtNDPKX5jGcurarZHoTIydpPFF66js+WJf7IEEVlxAYjS8cjyRko=
x-served-by: cache-lga21975-LGA, cache-yul1970040-YUL
last-modified: Fri, 16 Aug 2024 16:04:38 GMT
server: AmazonS3
etag: "bcbe97b98d6018eab1657c41ede222ec"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 52d81ab39149060c3e8a6dd52d312f6d0a8d838d
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 284778, 99

GET
H2 200 post_identification_sync.f9ad780df3b2d7b564ff.js Show response
static-tracking.klaviyo.com/onsite/js/ 7 KB
3 KB 222ms
33ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/post_identification_sync.f9ad780df3b2d7b564ff.js?cb=1
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c646cb0308d0dd95672b9e1ab8b52a98f3638b681f79dcf1daf8c9fa62b534c

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: pxF1k6FrrmVyQTHLnLcCpYEbiDQDLLGm
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: GTZXT1WXXSTACEFM
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 2797
x-amz-id-2: mVODi0FtmYCa3bsQ1m7uIgtUUW6Zanukxhx3cSKEXffMOT7bFRilX2T5f4mBXNRhsuw7o2rVD44=
x-served-by: cache-lga21920-LGA, cache-yul1970040-YUL
last-modified: Tue, 03 Sep 2024 21:31:50 GMT
server: AmazonS3
etag: "4993a56d4454dbf6ee11da2689ac79b9"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: df2b7a81dd7a2fb2ff7fceb46bd3d0692fb4e9eb
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 5, 102

GET
H2 200 dest5.html
helenoftroy.demdex.net/ Frame A399 0
0 208ms
24ms Document
text/html 44.196.169.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://helenoftroy.demdex.net/dest5.html?d_nsid=0

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.196.169.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-196-169-18.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Fri, 13 Sep 2024 20:55:25 GMT
dcs: dcs-prod-va6-1-v064-030476fbe.edge-va6.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 19 Aug 2024 11:19:04 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: 72PgxVnWTzU=

GET
H2 200 A1383054-af52-4393-915c-f47a16c284281.js Show response
d.impactradius-event.com/ 37 KB
16 KB 240ms
56ms Script
text/javascript 35.186.249.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.impactradius-event.com/A1383054-af52-4393-915c-f47a16c284281.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.249.72 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 72.249.186.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: edc4c4260d84a701185f43dbbfeb15fcb68c868b23a1f81af2f90a3d21b213bb

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: gzip
age: 0
x-guploader-uploadid: AD-8ljt81c0_KXl1iJYI09xCPDcz8JDBUERUFE6M7ir1pGrBZ1rOa-hhd9Q75CwXZoqeeWgVKrLIlU8akg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15392
last-modified: Fri, 22 Mar 2024 16:21:45 GMT
server: UploadServer
etag: "07cca15193c3e370e1c4fb2a425a4bb9"
vary: Accept-Encoding
x-goog-generation: 1711124505722604
x-goog-hash: crc32c=jWiBZg==, md5=B8yhUZPD43DhxPsqQlpLuQ==
access-control-allow-origin: *
content-type: text/javascript; charset=utf-8
cache-control: public,max-age=900,s-maxage=300
x-goog-stored-content-length: 15392
accept-ranges: bytes
expires: Fri, 13 Sep 2024 21:00:25 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 256ms
67ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 13 Sep 2024 20:55:24 GMT
last-modified: Fri, 06 Sep 2024 21:17:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1967CA7751E14DA09D77B6B2D9705C9C Ref B: YMQ01EDGE0311 Ref C: 2024-09-13T20:55:25Z
etag: "016326a20db1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14305

GET
H2 200 amzn.js Show response
c.amazon-adsystem.com/aat/ 17 KB
6 KB 212ms
30ms Script
application/javascript 3.171.134.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aat/amzn.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.134.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-134-120.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b604e18370e4d2d157036b796fe9bde8710565d5c37d5c71774f8e4cc89f0640

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: B14hs8_QxO.vp231KHKfyqeLnVmU2U12
content-encoding: gzip
via: 1.1 284ac69616559909913fa0f0502158ea.cloudfront.net (CloudFront), 1.1 67c9dfb38affc3a08786f92219ccc792.cloudfront.net (CloudFront)
date: Fri, 13 Sep 2024 13:15:56 GMT
last-modified: Mon, 02 Sep 2024 15:05:35 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P8, JFK52-P8
x-amz-server-side-encryption: AES256
etag: W/"74357f0dac08d28bc19b6fe1a274ce67"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
x-amz-cf-id: bnOafsCYZOEbnnBPESI8LJTNJLayGbIehwkjvFRfIMuiPai7BPLxCg==

GET
H2 200 widget.js Show response
cdn.kustomerapp.com/chat-web/ 937 B
1 KB 209ms
37ms Script
application/javascript 18.164.116.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.kustomerapp.com/chat-web/widget.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.116.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-116-90.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cdddc59d5ab037f2ed926d1144ba5a71b74ca6aa560534284c48a65b684c0822

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: ZPiYTjbNY9.FmOI7UX3REqgCNzOWeGzg
date: Fri, 13 Sep 2024 20:54:56 GMT
x-amz-meta-releaseversion: release-v0.1.378
via: 1.1 00266a01055b9f1e1ad959f077c1d96a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
age: 30
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 937
last-modified: Tue, 27 Aug 2024 16:03:35 GMT
server: AmazonS3
etag: "ffbe3d7f36acb787c1d12aec7e4959f4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, s-maxage=60
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: m5dcmcdufJjM2yNP3N8RgUMQJuBwygDF_Y6qvRpgeIeuJq4Tuw6Etg==

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 22 KB
22 KB 205ms
33ms Script
text/javascript 35.244.142.80
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:48:48 GMT
age: 397
x-guploader-uploadid: AD-8ljtah0e_EGhmUlHa2QXoIwawCKzxEoAybGyLUp5Wpu3bMDxTjvbTPRYqjfq4I5n6vA1D7ac
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22096
last-modified: Tue, 25 Jun 2024 13:55:49 GMT
server: UploadServer
etag: "4eddeec95afda969b3d1b2fb970c1eb1"
x-goog-generation: 1719323749654301
x-goog-hash: crc32c=NZyeaA==, md5=Tt3uyVr9qWmz0bL7lwwesQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 22096
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 13 Sep 2024 21:48:48 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 269ms
97ms Script
application/javascript 23.206.172.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CPMEN33C77U83Q69S5BG&lib=ttq
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-206-172-62.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 27d0566567b8e452ad2a9555820f020e45ad115e7e88c03cc0094a09339fe383

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: dda3961
date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240913205525F097A4D42168BD48774A-6692045F44BBC24E-00
x-cache: TCP_MISS from a23-58-89-60.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=4, origin; dur=60
content-length: 2147
pragma: no-cache
server: nginx
x-tt-logid: 20240913205525F097A4D42168BD48774A
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 61,23.58.89.60
x-tt-trace-host: 01c6924f8812bfc1a214d7532ab5d94386f3d6ad0a069c8f692e6424e04d6d3dab6fe30e8283141f44015129209473ef9d714ab4b82df763ee1fb8caa57b9db05d463c21dd5c5d50a5f3796bab7d1524696027d4214ce5c983942d74dc2f14dc6f
expires: Fri, 13 Sep 2024 20:55:25 GMT

GET
H2

200

activityi;dc_pre=CJyc8YnnwIgDFVka0AQdwIEG0Q;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za20...
14167590.fls.doubleclick.net/ Frame AC85
Redirect Chain

https://14167590.fls.doubleclick.net/activityi;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967z...
https://14167590.fls.doubleclick.net/activityi;dc_pre=CJyc8YnnwIgDFVka0AQdwIEG0Q;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=no...

0
0

82ms
33ms

Document
text/html

142.251.40.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://14167590.fls.doubleclick.net/activityi;dc_pre=CJyc8YnnwIgDFVka0AQdwIEG0Q;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA?

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.230 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 332
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 20:55:25 GMT
expires: Fri, 13 Sep 2024 20:55:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 20:55:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://14167590.fls.doubleclick.net/activityi;dc_pre=CJyc8YnnwIgDFVka0AQdwIEG0Q;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;...
td.doubleclick.net/td/fls/rul/ Frame AB98 0
0 213ms
60ms Document
text/html 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=14167590;type=lpv8e0;cat=mm-hy0;ord=4373365360250;npa=0;auiddc=773975576.1726260925;ps=1;pcor=410110722;pscdl=noapi;frm=0;gtm=45fe49b0v9181364967za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA?

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 20:55:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 favicon_1.png
www.oxo.com/media/favicon/stores/2/ 2 KB
11 KB 108ms
101ms Other
image/webp 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/media/favicon/stores/2/favicon_1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a87697d9f0ee36132ab0adf0f672d52097863981bed8651037e9311d8905fa2b

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=wPABxjAEQR0AHNBcKtClRc8FucIj5SQK64FSWEy5kbw-1726260925-1.0.1.1-IznrM7NzRH1CgWTWcQmS7ux8YZzIgq1zyUiv279qsdiDP6xzI.6sJfEZrevfEwZT3la2qjs72QbUwGWrqos2z6zPyGL5KJFIGl1hYRPLaSjuW5dtAfF8qpr10axeZhle2TYvSSx3KeI4hmFe6i89T8MH75OJ1OsJ43mclUdz7DSxtIvQVfZH.KJDXoNuulvOIxHBukGwNWZkgFr6m_DS.A; report-to cf-eqdpaaytzxsdoqsu, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Kz0WzmVOx5YUIv7AEx1HJv1eohPbZfKspiIj5I3MYgA-1726260925-1.0.1.1-YyqDiEqT1qy0XPMsKQQZUeId9BtiHJ4OVgOUGWqeTEJqWgwU7Dj.93fBehbjpa_Se2OeHyCFmQ9or858BKYugu7Q2DGUwlhFOfQqbZbj4NltAD.SUcedyuul2gWxQzu60.yg4xarpPp5WEemcTpeirxyLIMMAlq9AcbeZKH5RpmgjpMeKDsPjLwWboSG5qsbBSvuRtIDexcUJ4Kxd_yvKw; report-to cf-vgnjrlcmzfjlszaa

Strict-Transport-Security

max-age=31557600

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:25 GMT
strict-transport-security: max-age=31557600
cf-cache-status: HIT
x-platform-server: i-0e323f5c977a7b537, i-0e323f5c977a7b537
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=wPABxjAEQR0AHNBcKtClRc8FucIj5SQK64FSWEy5kbw-1726260925-1.0.1.1-IznrM7NzRH1CgWTWcQmS7ux8YZzIgq1zyUiv279qsdiDP6xzI.6sJfEZrevfEwZT3la2qjs72QbUwGWrqos2z6zPyGL5KJFIGl1hYRPLaSjuW5dtAfF8qpr10axeZhle2TYvSSx3KeI4hmFe6i89T8MH75OJ1OsJ43mclUdz7DSxtIvQVfZH.KJDXoNuulvOIxHBukGwNWZkgFr6m_DS.A; report-to cf-eqdpaaytzxsdoqsu, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Kz0WzmVOx5YUIv7AEx1HJv1eohPbZfKspiIj5I3MYgA-1726260925-1.0.1.1-YyqDiEqT1qy0XPMsKQQZUeId9BtiHJ4OVgOUGWqeTEJqWgwU7Dj.93fBehbjpa_Se2OeHyCFmQ9or858BKYugu7Q2DGUwlhFOfQqbZbj4NltAD.SUcedyuul2gWxQzu60.yg4xarpPp5WEemcTpeirxyLIMMAlq9AcbeZKH5RpmgjpMeKDsPjLwWboSG5qsbBSvuRtIDexcUJ4Kxd_yvKw; report-to cf-vgnjrlcmzfjlszaa
age: 644383
traceresponse: 00-17f29ea574e6e6b1e04c71ae8f98c247-24de7369bf2cad79-01
cf-polished: origFmt=png, origSize=3399
x-cache: MISS
content-disposition: inline; filename="favicon_1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1654
x-served-by: cache-iad-kiad7000159-IAD
last-modified: Fri, 16 Sep 2022 13:58:03 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
x-timer: S1725616041.688683,VS0,VE21
etag: "632480eb-d47"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=1z8maG3SLxqFRQEzBpXdIIEN50o99TqjRiabWVg2nOs-1726260925-1.0.1.1-ogupIRFPqZfDrQzUzeIbFsPx35Y9kO0DAiMLZu1OFh0HV1O4fxGitNKAklWycPRQHNdb6zXjgd2szw.i.2xXdYKOCwtBjlItTpkneZ8l19VDhFGH3QWOLbpbTxwpuA.bPTyG5XBfd_I2kOKOIeD._y_VNPpKF5kKworaC4bFgCdo6uBMLlNtr9XBcz8rNKE9y.fhnfoXslJKhGxdRQqGcg"}],"group":"cf-bdcprpwrqfnwwhuq","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Ri.XotS12sB3uF2Unlo6lQYsIThx6N9ej0oTt79wYXg-1726260925-1.0.1.1-mZEWRajh3z.vT7xvtquuRguEq6SpkIZlUnZZjR4Dg09xxUCd2PWTJApTbURCznHYqpWYoJQNjx.Kf.JLLhulGE.cMz8SaB4zWRnQAUdhYoYJoYmCytb2gAhMy8xkHSasIltoWi86yKNRyM595dYKnlDu5DJtE2Tu5__o7kV5sj0roDz4VTQeFl6bNHLHsC7jhCaTF.KzCxfAh9D0DrMX5g"}],"group":"cf-mpyzctwwdgwblazh","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=wPABxjAEQR0AHNBcKtClRc8FucIj5SQK64FSWEy5kbw-1726260925-1.0.1.1-IznrM7NzRH1CgWTWcQmS7ux8YZzIgq1zyUiv279qsdiDP6xzI.6sJfEZrevfEwZT3la2qjs72QbUwGWrqos2z6zPyGL5KJFIGl1hYRPLaSjuW5dtAfF8qpr10axeZhle2TYvSSx3KeI4hmFe6i89T8MH75OJ1OsJ43mclUdz7DSxtIvQVfZH.KJDXoNuulvOIxHBukGwNWZkgFr6m_DS.A"}],"group":"cf-eqdpaaytzxsdoqsu","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Kz0WzmVOx5YUIv7AEx1HJv1eohPbZfKspiIj5I3MYgA-1726260925-1.0.1.1-YyqDiEqT1qy0XPMsKQQZUeId9BtiHJ4OVgOUGWqeTEJqWgwU7Dj.93fBehbjpa_Se2OeHyCFmQ9or858BKYugu7Q2DGUwlhFOfQqbZbj4NltAD.SUcedyuul2gWxQzu60.yg4xarpPp5WEemcTpeirxyLIMMAlq9AcbeZKH5RpmgjpMeKDsPjLwWboSG5qsbBSvuRtIDexcUJ4Kxd_yvKw"}],"group":"cf-vgnjrlcmzfjlszaa","max_age":86400}
content-type: image/webp
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09bd7b46ab1e-YYZ
expires: Sat, 13 Sep 2025 20:55:25 GMT

POST
H3 204 /
rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com/rum/ 0
545 B 191ms
141ms Ping
text/plain 172.67.68.249
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com/rum/

Requested by

Host: cdn-assets.rapidspike.com
URL: https://cdn-assets.rapidspike.com/static/js/timingpcg.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.68.249 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.33

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarycNYHnIeBAVzDoU09

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: master-only
server: cloudflare
x-powered-by: PHP/7.4.33
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oyk6OvqxP0n40vEAl6DcgvYf0KsiEUO8MQgC8jM9rWa3Klcans7xb84SV4Tg51bWgETHhebppw%2F7J0DgYGfQl9wKkuK32wfeZy0tFhreUyK%2BCMpzz%2BOSuvJGg2RuK5%2F%2F0CdBMA4%2B9oCbO1yiv2emb5gHEtNwigE4OdxqA1PALTKVZhdfguficB8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 8c2b09bf0e58a1ec-YYZ
access-control-allow-headers: X-Requested-With,content-type,Authorization
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
191 B 317ms
87ms Ping
text/json 204.2.133.136
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.2.133.136 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 13 Sep 2024 20:55:25 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H2 200 RCd7d98eaf8af24328b3b9fdcbca27333b-source.min.js Show response
assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/ 669 B
588 B 66ms
38ms Script
application/x-javascript 2600:141b:1c00:2096::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/cab2d94d43ef/RCd7d98eaf8af24328b3b9fdcbca27333b-source.min.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2096::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0b9110bc010c9e78315dfe729265d33c4d10b723a759d757141a8148bead5074

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: gzip
last-modified: Fri, 13 Sep 2024 14:49:15 GMT
server: AkamaiNetStorage
etag: "c0ef945e89e249015fdf6b59de6a6fbe:1726238955.601956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.oxo.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 334
expires: Fri, 13 Sep 2024 21:55:25 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 5 KB
2 KB 190ms
30ms Script
application/javascript 2600:141b:1c00:2582::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2582::1931 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 919293e56b6a814a84a579b014f63a2423b0419c418494da7baa7c0c5893cde1

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: br
x-cdn: akamai
etag: "b37f6fea55e9029c9c9d413c47f69cb7"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=7200
accept-ranges: bytes
alt-svc: h3=":443"; ma=600
content-length: 1878

GET
H3 200 favicon_1.png
www.oxo.com/media/favicon/stores/2/ 2 KB
0 12ms
11ms Other
image/webp 104.17.95.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.oxo.com/media/favicon/stores/2/favicon_1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.95.156 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a87697d9f0ee36132ab0adf0f672d52097863981bed8651037e9311d8905fa2b

Security Headers

Name

Value

Content-Security-Policy

base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=wPABxjAEQR0AHNBcKtClRc8FucIj5SQK64FSWEy5kbw-1726260925-1.0.1.1-IznrM7NzRH1CgWTWcQmS7ux8YZzIgq1zyUiv279qsdiDP6xzI.6sJfEZrevfEwZT3la2qjs72QbUwGWrqos2z6zPyGL5KJFIGl1hYRPLaSjuW5dtAfF8qpr10axeZhle2TYvSSx3KeI4hmFe6i89T8MH75OJ1OsJ43mclUdz7DSxtIvQVfZH.KJDXoNuulvOIxHBukGwNWZkgFr6m_DS.A; report-to cf-eqdpaaytzxsdoqsu, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Kz0WzmVOx5YUIv7AEx1HJv1eohPbZfKspiIj5I3MYgA-1726260925-1.0.1.1-YyqDiEqT1qy0XPMsKQQZUeId9BtiHJ4OVgOUGWqeTEJqWgwU7Dj.93fBehbjpa_Se2OeHyCFmQ9or858BKYugu7Q2DGUwlhFOfQqbZbj4NltAD.SUcedyuul2gWxQzu60.yg4xarpPp5WEemcTpeirxyLIMMAlq9AcbeZKH5RpmgjpMeKDsPjLwWboSG5qsbBSvuRtIDexcUJ4Kxd_yvKw; report-to cf-vgnjrlcmzfjlszaa

Request headers

Referer: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 13 Sep 2024 20:55:25 GMT
content-security-policy: base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com *.stripe.network www.recaptcha.net *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google-analytics.com *.trustarc.com mpsnare.iesnare.com; font-src *.sdiapi.com *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net *.typekit.net *.klaviyo.com *.adobe.com *.yotpo.com *.googleapis.com mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=wPABxjAEQR0AHNBcKtClRc8FucIj5SQK64FSWEy5kbw-1726260925-1.0.1.1-IznrM7NzRH1CgWTWcQmS7ux8YZzIgq1zyUiv279qsdiDP6xzI.6sJfEZrevfEwZT3la2qjs72QbUwGWrqos2z6zPyGL5KJFIGl1hYRPLaSjuW5dtAfF8qpr10axeZhle2TYvSSx3KeI4hmFe6i89T8MH75OJ1OsJ43mclUdz7DSxtIvQVfZH.KJDXoNuulvOIxHBukGwNWZkgFr6m_DS.A; report-to cf-eqdpaaytzxsdoqsu, frame-src services.sheerid.com *.stripe.network www.recaptcha.net *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' *.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net *.google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com *.ftcdn.net *.behance.net fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com *.google.com www.gstatic.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com *.stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Kz0WzmVOx5YUIv7AEx1HJv1eohPbZfKspiIj5I3MYgA-1726260925-1.0.1.1-YyqDiEqT1qy0XPMsKQQZUeId9BtiHJ4OVgOUGWqeTEJqWgwU7Dj.93fBehbjpa_Se2OeHyCFmQ9or858BKYugu7Q2DGUwlhFOfQqbZbj4NltAD.SUcedyuul2gWxQzu60.yg4xarpPp5WEemcTpeirxyLIMMAlq9AcbeZKH5RpmgjpMeKDsPjLwWboSG5qsbBSvuRtIDexcUJ4Kxd_yvKw; report-to cf-vgnjrlcmzfjlszaa
cf-cache-status: HIT
x-platform-server: i-0e323f5c977a7b537, i-0e323f5c977a7b537
age: 644383
traceresponse: 00-17f29ea574e6e6b1e04c71ae8f98c247-24de7369bf2cad79-01
cf-polished: origFmt=png, origSize=3399
x-cache: MISS
content-disposition: inline; filename="favicon_1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1654
x-served-by: cache-iad-kiad7000159-IAD
last-modified: Fri, 16 Sep 2022 13:58:03 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
x-timer: S1725616041.688683,VS0,VE21
etag: "632480eb-d47"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=1z8maG3SLxqFRQEzBpXdIIEN50o99TqjRiabWVg2nOs-1726260925-1.0.1.1-ogupIRFPqZfDrQzUzeIbFsPx35Y9kO0DAiMLZu1OFh0HV1O4fxGitNKAklWycPRQHNdb6zXjgd2szw.i.2xXdYKOCwtBjlItTpkneZ8l19VDhFGH3QWOLbpbTxwpuA.bPTyG5XBfd_I2kOKOIeD._y_VNPpKF5kKworaC4bFgCdo6uBMLlNtr9XBcz8rNKE9y.fhnfoXslJKhGxdRQqGcg"}],"group":"cf-bdcprpwrqfnwwhuq","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Ri.XotS12sB3uF2Unlo6lQYsIThx6N9ej0oTt79wYXg-1726260925-1.0.1.1-mZEWRajh3z.vT7xvtquuRguEq6SpkIZlUnZZjR4Dg09xxUCd2PWTJApTbURCznHYqpWYoJQNjx.Kf.JLLhulGE.cMz8SaB4zWRnQAUdhYoYJoYmCytb2gAhMy8xkHSasIltoWi86yKNRyM595dYKnlDu5DJtE2Tu5__o7kV5sj0roDz4VTQeFl6bNHLHsC7jhCaTF.KzCxfAh9D0DrMX5g"}],"group":"cf-mpyzctwwdgwblazh","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=wPABxjAEQR0AHNBcKtClRc8FucIj5SQK64FSWEy5kbw-1726260925-1.0.1.1-IznrM7NzRH1CgWTWcQmS7ux8YZzIgq1zyUiv279qsdiDP6xzI.6sJfEZrevfEwZT3la2qjs72QbUwGWrqos2z6zPyGL5KJFIGl1hYRPLaSjuW5dtAfF8qpr10axeZhle2TYvSSx3KeI4hmFe6i89T8MH75OJ1OsJ43mclUdz7DSxtIvQVfZH.KJDXoNuulvOIxHBukGwNWZkgFr6m_DS.A"}],"group":"cf-eqdpaaytzxsdoqsu","max_age":86400}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Kz0WzmVOx5YUIv7AEx1HJv1eohPbZfKspiIj5I3MYgA-1726260925-1.0.1.1-YyqDiEqT1qy0XPMsKQQZUeId9BtiHJ4OVgOUGWqeTEJqWgwU7Dj.93fBehbjpa_Se2OeHyCFmQ9or858BKYugu7Q2DGUwlhFOfQqbZbj4NltAD.SUcedyuul2gWxQzu60.yg4xarpPp5WEemcTpeirxyLIMMAlq9AcbeZKH5RpmgjpMeKDsPjLwWboSG5qsbBSvuRtIDexcUJ4Kxd_yvKw"}],"group":"cf-vgnjrlcmzfjlszaa","max_age":86400}
content-type: image/webp
cache-control: public, max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
cf-ray: 8c2b09bd7b46ab1e-YYZ
expires: Sat, 13 Sep 2025 20:55:25 GMT

GET
H2 200 widget-api.9c6719bbbaa73c785088.js Show response
cdn.kustomerapp.com/chat-web/release-v0.1.378/ 32 KB
12 KB 59ms
27ms Script
application/javascript 18.164.116.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.kustomerapp.com/chat-web/release-v0.1.378/widget-api.9c6719bbbaa73c785088.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.116.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-116-90.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 36b5d68de469ab371ce1f9df36f3f9528303b72f32a0d563417927feb85bf5b5

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 27 Aug 2024 16:03:47 GMT
x-amz-version-id: ldCXZ3S4iOXZvtaKd4gDjS4V6jcwSK0w
content-encoding: br
via: 1.1 00266a01055b9f1e1ad959f077c1d96a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
age: 1486299
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 27 Aug 2024 16:03:37 GMT
server: AmazonS3
etag: W/"36b24bccd8ff65cffd2de5c5c520b770"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=34149600, s-maxage=34149600
vary: accept-encoding
x-amz-cf-id: Xym533L62OQJKJRRfDGWxtb2RZj8ooo8U0Xq0foiEMe6Yi6FnfauVA==

GET
H2 200 onsite Show response
fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/ 2 KB
1 KB 141ms
18ms XHR
application/json 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/onsite?company_id=WZkk5e

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7aec2bb9cf4a00eff340ab865e364431c953b6eef48acdffe1c69ff4c02c6bc1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; report-uri /csp/
Strict-Transport-Security	max-age=900

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; report-uri /csp/
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
strict-transport-security: max-age=900
age: 103204
x-cache: MISS, HIT
content-length: 525
x-served-by: cache-bos4637-BOS, cache-yul1970032-YUL
server: nginx
allow: GET, HEAD, OPTIONS
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
content-language: en-us
cache-control: max-age=10
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
accept-ranges: bytes
access-control-allow-headers
x-cache-hits: 0, 0

GET
H2 200 full-forms Show response
static-forms.klaviyo.com/forms/api/v7/WZkk5e/ 49 KB
9 KB 136ms
14ms XHR
application/json 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-forms.klaviyo.com/forms/api/v7/WZkk5e/full-forms
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5e30c3134e8ae35ab935591d7ffa47463aa218dd0ba248ab728cb01d694a3b81

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: dIb1vQACDPVmZMOz2OOIZqMWwcGazIrJ
content-encoding: gzip
via: 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: X9QCPENVB2A43AH4
age: 257636
x-amz-server-side-encryption: AES256
x-cache: HIT
client-geo-continent: NA
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: full-forms/shared full-forms/WZkk5e custom-fonts/WZkk5e
content-length: 8383
x-amz-id-2: ZDMgahxKPmwBFZtQP08raDYjk96nOuRz1IiAz2EkfQ3guMJgEEAYW4Po/57ANFldFdP+y9Eccfc=
x-served-by: cache-yul1970045-YUL
client-geo-country: CA
last-modified: Tue, 10 Sep 2024 21:14:35 GMT
server: AmazonS3
x-timer: S1726260925.399913,VS0,VE0
etag: "0567f1d6a5179b740d44d1871eecfe06"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: client-geo-continent, client-geo-country
cache-control: max-age=5
accept-ranges: bytes
x-cache-hits: 13

POST
H2 204 0
bat.bing.com/actionp/ 0
360 B 53ms
49ms Ping
text/plain 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/actionp/0?ti=17509843&tm=al001&Ver=2&mid=9f910af0-0ba2-420f-82c0-890ed19fa883&evt=dedup

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 13 Sep 2024 20:55:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 92F2CB509E934C079A61AA33A11BF025 Ref B: YMQ01EDGE0311 Ref C: 2024-09-13T20:55:25Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 17509843.js Show response
bat.bing.com/p/action/ 370 B
425 B 49ms
47ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17509843.js

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

fce461e0fefe1d6d687b3eab8304d3affaf23fb674b18bfb5242ccfc544e1bb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Fri, 13 Sep 2024 20:55:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6156C0DAB1D846D0A2D449BF1AEFF6F6 Ref B: YMQ01EDGE0311 Ref C: 2024-09-13T20:55:25Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
962 B 118ms
47ms Stylesheet
text/css 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

620ec7947095b6f875ce7694812120d60ef68ae4d44a9762a4b370a42b8d06ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 19:09:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Sep 2024 20:55:25 GMT

GET
H2 200 csd4kkg.css
use.typekit.net/ 6 KB
0 1ms
0ms Stylesheet
text/css 2600:141b:1c00:8::1728:b32c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/csd4kkg.css
Requested by: Host: client
URL: about:client
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b32c Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 3a55d7bad75dfbc5f71ce1c967dcb60506ee28dd7b790989e075dd6e23a5d0b7

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:21 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 933

GET
H2 200 p.css
p.typekit.net/ 5 B
0 0ms
0ms Stylesheet
text/css 2600:141b:1c00:8::1728:b323
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=csd4kkg&ht=tk&f=10879.10881.10882.10884.10885.15586.32874.32875&a=163302954&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/csd4kkg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b323 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:22 GMT
last-modified: Sun, 10 Mar 2024 12:44:13 GMT
server: nginx
etag: "65edab1d-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 l
use.typekit.net/af/9b05f3/000000000000000000013365/27/ 50 KB
0 3ms
3ms Font
application/font-woff2 2600:141b:1c00:8::1728:b32c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9b05f3/000000000000000000013365/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/csd4kkg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b32c Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 96b67419d2538b42413797739000601d5884a81872b8346559c04770100a29fb

Request headers

Referer: https://use.typekit.net/csd4kkg.css
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
server: nginx
etag: "22520917f01d8d34c0dcc1417c749962b8a47011"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 51524

GET
H2 200 l
use.typekit.net/af/309dfe/000000000000000000010091/27/ 42 KB
0 5ms
4ms Font
application/font-woff2 2600:141b:1c00:8::1728:b32c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/309dfe/000000000000000000010091/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/csd4kkg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b32c Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 04dd88ec3632bfd618a21c8657d6faf685a33fde9d3bf3c7e0e43ce9f517c55d

Request headers

Referer: https://use.typekit.net/csd4kkg.css
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
server: nginx
etag: "e7811049bfa1845589c42f0b31c9740a16cee93a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 43076

GET
H2 200 l
use.typekit.net/af/c4c302/000000000000000000012192/27/ 37 KB
0 7ms
7ms Font
application/font-woff2 2600:141b:1c00:8::1728:b32c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/c4c302/000000000000000000012192/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/csd4kkg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b32c Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: ede1e92420014b36965595bc4e534bd9539d3a479049757c948656e0693ca713

Request headers

Referer: https://use.typekit.net/csd4kkg.css
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:23 GMT
server: nginx
etag: "4ebc5ff8cdca4d1fd1cc372a566245315efad524"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 37492

GET
H2 200 vendors~reviews~atlas~ClientStore.dd9d02dd9fc376e8dd48.js Show response
static-tracking.klaviyo.com/onsite/js/ 22 KB
8 KB 18ms
17ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/vendors~reviews~atlas~ClientStore.dd9d02dd9fc376e8dd48.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa03b89682a1f628e945d75327d8d602161b73c35d7159a34e6b2d01af15e4ca

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: uHxWfubxSz18mc66KbZvzGcudrJyx24h
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: FMRCRR10A1JR6AJD
age: 591
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 7760
x-amz-id-2: Va/eBp+Ma9WuDJv73oSORIe4rjzSlaYefAEMen55h1rxnVYIYnIzzu5TaeAqIhjAwJ9OYvZZWtU=
x-served-by: cache-lga21934-LGA, cache-yul1970040-YUL
last-modified: Wed, 04 Sep 2024 09:47:17 GMT
server: AmazonS3
etag: "2f5438508c293a1ad8e8f5b6a6cbd520"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: fe9d5c42df6e2e06076cbff586bc3f255f1db35f
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 106695, 108

GET
H2 200 ClientStore.baa1c9ca873876336e4f.js Show response
static-tracking.klaviyo.com/onsite/js/ 65 KB
19 KB 19ms
16ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/ClientStore.baa1c9ca873876336e4f.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e552fe88d7963151ada92d4aa63b1d6d5f35fb9829887bd98abac7fe1ac998f2

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: EjkSAqGKTF3pf.xjV.GhsPVFatMgbA47
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: 93ETZ662A75QAFZ4
age: 591
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 18720
x-amz-id-2: UoJblJChCc1Iwtqz0o7Xn14c5W9BCdlWQfrBnHG6nvFMifBHSzSqMkBYUeTFyQGzJwKdG2vd58g=
x-served-by: cache-lga21938-LGA, cache-yul1970040-YUL
last-modified: Thu, 12 Sep 2024 14:39:50 GMT
server: AmazonS3
etag: "3373e642dc54541da8c2b51a937c8b61"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 21571c98d63ae835bf6215dba2bdfcdd087cc914
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 48, 116

GET
H3 200 650562561764846 Show response
connect.facebook.net/signals/config/ 75 KB
15 KB 36ms
30ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/650562561764846?v=2.9.167&r=stable&domain=www.oxo.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

f2eccd0cba46b820a0b985857875fe4f8407a6e87a03ba0a537906fe738d4ab1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 13 Sep 2024 20:55:25 GMT
document-policy: force-load-at-top
x-fb-server-load: 32
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15125
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=28, rtx=0, c=70, mss=1232, tbw=67096, tp=62, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: cIO1RfqUg4IMKdcc4o2so0ZRz/15lvl3F6vL0cBt6aUNOcALasfO2tyodWW+1klO4DIGDnELKycR+tctPcop6w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 122ms
41ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-QN3HZX14P2&gtm=45je4990v898268557z89176638692za200zb9176638692&_p=1726260921801&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1745456930.1726260926&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1726260925&sct=1&seg=0&dl=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA&dt=Choose%20Your%20Location&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=5889
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 20:55:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.oxo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
251 B 129ms
46ms Ping
text/plain 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QN3HZX14P2&cid=1745456930.1726260926&gtm=45je4990v898268557z89176638692za200zb9176638692&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QN3HZX14P2&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c09::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 20:55:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.oxo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ga-audiences
www.google.ca/ads/ 0
0

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 347D 0
0 58ms
56ms Document
text/html 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-QN3HZX14P2&gacid=1745456930.1726260926&gtm=45je4990v898268557z89176638692za200zb9176638692&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=605016192

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 20:55:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 0
bat.bing.com/action/ 0
237 B 49ms
48ms Image
text/plain 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17509843&tm=al001&Ver=2&mid=9f910af0-0ba2-420f-82c0-890ed19fa883&sid=802b3f50721211ef850f7d9713094eb4&vid=802b7120721211ef96082b9aa4f50d88&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Choose%20Your%20Location&p=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA&r=&lt=5176&pt=1726260919767,,,,,1594,1594,1594,1594,1594,,1608,1678,1768,1760,3786,3793,3844,5173,5173,5176&pn=0,0&evt=pageLoad&sv=1&cdb=AQAQ&rn=514294

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 13 Sep 2024 20:55:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F7127140467545C7A9BDE0761B8AE573 Ref B: YMQ01EDGE0311 Ref C: 2024-09-13T20:55:25Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.97c41ef3.js Show response
s.pinimg.com/ct/lib/ 82 KB
23 KB 28ms
25ms Script
application/javascript 2600:141b:1c00:2582::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.97c41ef3.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2582::1931 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e2d60cdf4948bf1fcc89d3e1fb4875dbfe0cd45125eced25eb220b5fd72abe73

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: br
x-cdn: akamai
etag: "e1539e83e14f862d3b381b23e74d63fa"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 23701

GET
H2 200 main.MTkzZDVlN2M0MQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 340 KB
96 KB 31ms
30ms Script
application/javascript 23.206.172.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MQ.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-206-172-62.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 864072a3229468b4abd5debaf97f3ed17b77f098513c523746cb825ee183e68f

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: dda3a83
date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024091213060983FA34520DA301AE7EBA
x-tt-trace-id: 00-24091213060983FA34520DA301AE7EBA-7FADB927822284E9-00
vary: Accept-Encoding
x-cache: TCP_HIT from a23-58-89-60.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01290a2d425f1b71d735d71fce1fccf3a198c85758d0c0d9bcd02d29143a0ad6572b0428ff26825101c44a10290565ae2bb7f82c5fb00cf266cc2062c5eb1ffc9b5ef32184cb5740bb05c8c4eaebbf8d278e97452c513526df00b23f46831ccd3f
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=19
content-length: 97159

OPTIONS
H2 200 track-analytics
a.klaviyo.com/onsite/ Frame 0
0 139ms
67ms Preflight
text/html 2606:4700:4400::6812:2889
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://a.klaviyo.com/onsite/track-analytics?company_id=WZkk5e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2889 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; report-uri /csp/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.oxo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
allow: POST, OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 8c2b09c27d5f33fa-YUL
content-encoding: gzip
content-language: en-us
content-security-policy: frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; report-uri /csp/
content-type: text/html; charset=utf-8
date: Fri, 13 Sep 2024 20:55:25 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Language, Cookie, Accept-Encoding
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow

GET
H2 200 532.ac8560c0d9dc45583405.css
static-tracking.klaviyo.com/onsite/js/ 78 KB
9 KB 23ms
15ms Stylesheet
text/css 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/532.ac8560c0d9dc45583405.css
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 91b5cc5750ea1b9aa9f88011d7166e5fdc5f70ee027530e244daa6c53fef9b14

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: x7ojCTdJAGARArxNm6no0DZTL00XCUdv
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: S75ZZFC26QBJTETA
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 8997
x-amz-id-2: HvI5xhyZk4LKxJSTVEvF7+VDlVeWoJgEGsqBhAfVII94k7PxB4TV/KtdYuSkrv5lGdCIkpxCqW2n74E5hM2P5OYb+s/iJx96N1lEwSPiQRA=
x-served-by: cache-lga21923-LGA, cache-yul1970040-YUL
last-modified: Mon, 09 Sep 2024 16:08:48 GMT
server: AmazonS3
etag: "087f6eca1e131e1ba76c610ce92af682"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 68fe2336608c03cc81ec4a8ce50379992fbee11f
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 4, 115

POST
H2 202 track-analytics Show response
a.klaviyo.com/onsite/ 50 B
317 B 92ms
84ms XHR
application/json 2606:4700:4400::6812:2889
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://a.klaviyo.com/onsite/track-analytics?company_id=WZkk5e

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2889 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; report-uri /csp/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-security-policy: base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; report-uri /csp/
content-length: 50
server: cloudflare
allow: POST, OPTIONS
vary: Accept-Language, Cookie, Accept-Encoding
content-language: en-us
access-control-allow-origin: *
access-control-allow-methods: POST
content-type: application/json
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 8c2b09c2fdc933fa-YUL
access-control-allow-headers
x-robots-tag: noindex, nofollow

POST
H2 202 track-analytics Show response
a.klaviyo.com/onsite/ 50 B
343 B 87ms
79ms XHR
application/json 2606:4700:4400::6812:2889
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://a.klaviyo.com/onsite/track-analytics?company_id=WZkk5e

Requested by

Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2889 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; base-uri 'none'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; report-uri /csp/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; base-uri 'none'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; report-uri /csp/
content-length: 50
server: cloudflare
allow: POST, OPTIONS
vary: Accept-Language, Cookie, Accept-Encoding
content-language: en-us
access-control-allow-origin: *
access-control-allow-methods: POST
content-type: application/json
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 8c2b09c2fdc633fa-YUL
access-control-allow-headers
x-robots-tag: noindex, nofollow

OPTIONS
H2 200 track-analytics
a.klaviyo.com/onsite/ Frame 0
0 137ms
66ms Preflight
text/html 2606:4700:4400::6812:2889
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://a.klaviyo.com/onsite/track-analytics?company_id=WZkk5e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2889 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.oxo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
allow: POST, OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 8c2b09c27d5e33fa-YUL
content-encoding: gzip
content-language: en-us
content-security-policy: base-uri 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
content-type: text/html; charset=utf-8
date: Fri, 13 Sep 2024 20:55:25 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Language, Cookie, Accept-Encoding
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow

GET
H2 200 styles.c55c43061a96111d7f0b.js Show response
static-tracking.klaviyo.com/onsite/js/ 13 KB
4 KB 32ms
29ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/styles.c55c43061a96111d7f0b.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b50230fe1cada6c4b01fd3c1a291b8bda2b17ed14fb7c5bede010c11a05af23

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: SZXFpO7Iki4UUWYU9SmQis9L33KXHfMh
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: 265TC4M4EY5M6D7V
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 3660
x-amz-id-2: fM1XqMWTaXmA2DsYJtACsHKCl2JoHPoiJThFMQUGh7G6qzz9t8Ha6c58nyiNhOa2IPsVm28ZXdI=
x-served-by: cache-lga21932-LGA, cache-yul1970040-YUL
last-modified: Tue, 13 Aug 2024 10:51:57 GMT
server: AmazonS3
etag: "2a67fb093c345ba6407d9bc0885170d2"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: d682cf6b66add4bca41f2fb7cb88b63f39926c55
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 3, 113

GET
H2 200 vendors~Render.0c25648017ae73d787f3.js Show response
static-tracking.klaviyo.com/onsite/js/ 54 KB
13 KB 21ms
18ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/vendors~Render.0c25648017ae73d787f3.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b32ecf9c38bd556a3acfee9a4ba84646d3f57213996be78237478dc7fcb23ae

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 3RT5f0QoD0uf5L9_QcMqtKNtr4Is2Bjy
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: 17NYM8P16K7402HH
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 13332
x-amz-id-2: sC4KOV9DYSpRmKThoyRPEQ0Z97ISMHpYU6OHoxBFAiPz9sCm2bb+w8UAH66G5hJHPWMbhTteS/o=
x-served-by: cache-lga21953-LGA, cache-yul1970040-YUL
last-modified: Wed, 31 Jul 2024 13:50:15 GMT
server: AmazonS3
etag: "ebe765bf55aae6e78fc8d01391ed8fd8"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 6cd710688fb5738a74da96f6f07b7bb3c8ff57eb
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 301816, 113

GET
H2 200 Render.648be7beeeb1a32bafa8.js Show response
static-tracking.klaviyo.com/onsite/js/ 131 KB
32 KB 25ms
23ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-tracking.klaviyo.com/onsite/js/Render.648be7beeeb1a32bafa8.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d7b822b32631317d0747d27081792a295a968c4740d7eb0e0e25ebc5d9b4ce70

Request headers

Referer: https://www.oxo.com/
Origin: https://www.oxo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 7ak6hqM.K9ih0Gdf80tmMaSQNFzXn4sv
content-encoding: br
via: 1.1 varnish, 1.1 varnish
date: Fri, 13 Sep 2024 20:55:25 GMT
x-amz-request-id: 1DE2EWG3RVGQXA1D
age: 592
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-meta-surrogate-control: max-age=31536000
x-amz-meta-surrogate-key: fender-asset
content-length: 32894
x-amz-id-2: peDlRSqpDh8HPIfNhVDSBwj4kIn+foGP+N8H1iza+XsfhXv3BwnH2zyshb9i4d4Tz5762UdmR6Y=
x-served-by: cache-lga21951-LGA, cache-yul1970040-YUL
last-modified: Thu, 12 Sep 2024 14:39:50 GMT
server: AmazonS3
etag: "0e03f6e5ebdd00fdc5769737033416fe"
vary: Accept-Encoding
x-amz-meta-entrypoints-hash: 21571c98d63ae835bf6215dba2bdfcdd087cc914
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000,stale-while-revalidate=10800
accept-ranges: bytes
x-cache-hits: 64, 116

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 133ms
25ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=650562561764846&ev=PageView&dl=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA&rl=&if=false&ts=1726260925804&sw=1600&sh=1200&v=2.9.167&r=stable&a=adobe_launch&ec=0&o=4126&fbp=fb.1.1726260925792.662929752246385498&cs_est=true&ler=empty&cdl=API_unavailable&it=1726260925555&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=24, rtx=0, c=10, mss=1297, tbw=2826, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 13 Sep 2024 20:55:25 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 357ms
251ms Image
image/png 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=650562561764846&ev=PageView&dl=https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA&rl=&if=false&ts=1726260925804&sw=1600&sh=1200&v=2.9.167&r=stable&a=adobe_launch&ec=0&o=4126&fbp=fb.1.1726260925792.662929752246385498&cs_est=true&ler=empty&cdl=API_unavailable&it=1726260925555&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
date: Fri, 13 Sep 2024 20:55:26 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7414234218301691355", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=24, rtx=0, c=14, mss=1297, tbw=3144, tp=-1, tpl=-1, uplat=214, ullat=0
pragma: no-cache
x-fb-debug: vgzAD1mwy8tZwAl9CGGJ2n4O5YIELAmEhgfnIqnYkj9tPXGEdjxIs+Kqp5wdi/LC0JEX4HTv2jBpnCXfGPYz1Q==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7414234218301691355"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7414234218301691355"}],"group":"network-errors"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 321 B
339 B 94ms
37ms XHR
application/json 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2615798535048&pd=%7B%22em%22%3A%224c3fa26c1cff68a0c408e34667bf6d30fd90700e92b6d0253f1e7ad1b3ea9684%22%7D&cb=1726260925875&dep=2%2CPAGE_LOAD
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 3
alt-svc: h3=":443";ma=600
x-pinterest-rid: 3079717267537488
content-length: 186
pin-unauth: dWlkPVpHUTRZemcxWW1VdFlqZzFNaTAwTVRsbExXSTNNalF0TldGaVpHVTRPR0V6Tnpoaw
pragma: no-cache
referrer-policy: origin
x-pinterest-rid-128bit: 753429e4b7ad32f52abd5a89ac356a33
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.oxo.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 04c72559290fb12af78741d63dcb884b64587706
epik: empty
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 321 B
397 B 89ms
35ms XHR
application/json 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%22e408a4f6-e756-4c48-8330-da6a0b2c00d8%22%7D&tid=2615798535048&cb=1726260925883&dep=5%2CEVENT_TAGS_ABSENT
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:25 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
x-pinterest-rid: 5375394566884340
content-length: 186
pin-unauth: dWlkPU56YzFNRGRsTXpVdFpXUXhZUzAwTmpkakxXRTFaV1F0TkRObU9XUXlaV0V4WkRkbQ
pragma: no-cache
referrer-policy: origin
x-pinterest-rid-128bit: b7076f7fce0fa4cc0775b949b0abab5b
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.oxo.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 04c72559290fb12af78741d63dcb884b64587706
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/v3/ 35 B
482 B 73ms
34ms Fetch
image/gif 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/v3/?tid=2615798535048&pd=%7B%22em%22%3A%224c3fa26c1cff68a0c408e34667bf6d30fd90700e92b6d0253f1e7ad1b3ea9684%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2297c41ef3%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1726260925895
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 20:55:25 GMT
referrer-policy: origin
x-cdn: fastly
x-pinterest-rid-128bit: 35923fda584e0a963ae9a2fb2e5ce123
content-type: image/gif
access-control-allow-origin: https://www.oxo.com
pinterest-version: 04c72559290fb12af78741d63dcb884b64587706
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
x-pinterest-rid: 4245103323471733
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
871 B 104ms
102ms Ping
text/plain 23.206.172.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-206-172-62.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 1fe15a8.dda3b8c
date: Fri, 13 Sep 2024 20:55:26 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240913205526D2450400E5AFD4624747-2CF60C4D4623867A-00
x-cache: TCP_MISS from a23-58-89-60.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
x-parent-response-time: 58,23.58.89.60
server-timing: cdn-cache; desc=MISS, edge; dur=24, origin; dur=43, inner; dur=34
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240913205526D2450400E5AFD4624747
x-cache-remote: TCP_MISS from a23-220-104-5.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 43,23.220.104.5
x-tt-trace-host: 01c6924f8812bfc1a214d7532ab5d94386392d599cee24a4ab5b7711af204fc77ea2b186bf7c4e7f4f32b29b4bb77ed97df33c966617ec5c0f6f5223387a9927a6368a7e0ac57e72de7f3da6f21229f5f2368153514988059569feb40719284afc2708e31a5a3f658c9c480ed2a580a037
access-control-allow-headers: Authorization,*
expires: Fri, 13 Sep 2024 20:55:26 GMT

GET
H2 200 identify_7bf75739.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 33ms
33ms Script
application/javascript 23.206.172.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-206-172-62.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: dda3ba0
date: Fri, 13 Sep 2024 20:55:26 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202408300225272DCF0E49A25075B1263C
x-tt-trace-id: 00-2408300225272DCF0E49A25075B1263C-578A250FEB8B6FD1-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-58-89-60.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01219296fdbd6215c6ae9d1a5d5202510208699a917ea6bcb6a4a8867b5d0e3a82d275eead75f3ccdd7d419bc9d104e23828796e3478be100caab845546542c62c26bc38f14dbbc3b17887aead0622e6b449c5088362f1c101f4660cd6821aad8b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=9
content-length: 39485

GET
H2 200 / Show response
ct.pinterest.com/v3/ 35 B
653 B 55ms
51ms Fetch
image/gif 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%22e408a4f6-e756-4c48-8330-da6a0b2c00d8%22%7D&tid=2615798535048&cb=1726260926123&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22em%22%3A%224c3fa26c1cff68a0c408e34667bf6d30fd90700e92b6d0253f1e7ad1b3ea9684%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.oxo.com%2FcountrySelector%2Fgeoip%2Fgetaction%2F%3Fcountry_code%3DCA%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2297c41ef3%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 20:55:26 GMT
referrer-policy: origin
x-cdn: fastly
x-pinterest-rid-128bit: 417c476472fa6a400b82dbf110bd55d4
content-type: image/gif
access-control-allow-origin: https://www.oxo.com
pinterest-version: 04c72559290fb12af78741d63dcb884b64587706
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
x-pinterest-rid: 8294671098040375
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 token_create.js Show response
ct.pinterest.com/static/ct/ 4 KB
4 KB 30ms
29ms Script
application/javascript 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/static/ct/token_create.js
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 20:55:26 GMT
x-cdn: fastly
age: 6221
etag: "16d5d552603d86726ae439fc61299d42"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
timing-allow-origin: https://ct.pinterest.com
alt-svc: h3=":443";ma=600
content-length: 4103

GET
H2 200 ct.html
ct.pinterest.com/ Frame 79AC 0
0 75ms
35ms Document
text/html 151.101.128.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: rapid-cdn.yottaa.com
URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.128.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.oxo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443";ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Fri, 13 Sep 2024 20:55:26 GMT
pinterest-version: 04c72559290fb12af78741d63dcb884b64587706
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 0
x-pinterest-rid: 1052980028165332
x-pinterest-rid-128bit: ed03eb473e8dc80292215d911fc12576

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
717 B 99ms
97ms Ping
text/plain 23.206.172.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-206-172-62.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.oxo.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: dda3c96
date: Fri, 13 Sep 2024 20:55:26 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240913205526003BDDBDD1A02E4787E0-7DEE35B69586CF91-00
x-cache: TCP_MISS from a23-58-89-60.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
server-timing: inner; dur=23, cdn-cache; desc=MISS, edge; dur=10, origin; dur=34
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240913205526003BDDBDD1A02E4787E0
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 34,23.58.89.60
x-tt-trace-host: 01c6924f8812bfc1a214d7532ab5d94386f3d6ad0a069c8f692e6424e04d6d3dabfc49f271f9a1e5b97fd63573b393da1b0a6096f04cb6ca01c130df3771acd6b715efd47fa8889f877b2e5a5efabe8cc06fd7b6bb42486fdd0831cdbd6f1b2d1c
access-control-allow-headers: Authorization,*
expires: Fri, 13 Sep 2024 20:55:26 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.crobox.io
URL: https://cdn.crobox.io/js/0tyxwj.js

Domain: p.teads.tv
URL: https://p.teads.tv/teads-fellow.js

Domain: www.google.ca
URL: https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QN3HZX14P2&cid=1745456930.1726260926&gtm=45je4990v898268557z89176638692za200zb9176638692&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=208175794

Verdicts & Comments Add Verdict or Comment

161 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.oxo.com/	1970-01-20 23:31:04	Name: PHPSESSID Value: 55ca997375da0ae9d8a1c072c82102b6
.www.oxo.com/	1970-01-20 23:31:44	Name: geo_location Value: CA
www.oxo.com/	1970-01-20 23:31:04	Name: X-Magento-Vary Value: 0db438056299e6ace6f32d758bb557230bf41c8c66c6c0b05a511a70f2c8453e
.demdex.net/	1970-01-21 03:50:12	Name: demdex Value: 79080372818410402722610795415115723096
.oxo.com/	1969-12-31 23:59:59	Name: AMCVS_1FFF6FB66047579B0A495FA7%40AdobeOrg Value: 1
.oxo.com/	1970-01-20 23:31:02	Name: TAsessionID Value: a49cbb0b-50cd-482d-9df3-aab8b0558b68\|NEW
.oxo.com/	1969-12-31 23:59:59	Name: notice_behavior Value: implied,us
.oxo.com/	1969-12-31 23:59:59	Name: TLTSID Value: 35846387440681796156367158717086
.oxo.com/	1970-01-21 08:16:36	Name: TLTDID Value: 93191206283751053387345413134151
www.oxo.com/	1970-01-21 03:50:12	Name: _ALGOLIA Value: anonymous-075b501a-b31c-46d2-a521-c964b59c72f1
.dpm.demdex.net/	1970-01-21 03:50:12	Name: dpm Value: 79080372818410402722610795415115723096
.www.oxo.com/	1970-01-20 23:32:27	Name: form_key Value: fepIOVJSJBIwqo5Q
.oxo.com/	1970-01-21 09:07:00	Name: AMCV_1FFF6FB66047579B0A495FA7%40AdobeOrg Value: 179643557%7CMCIDTS%7C19980%7CMCMID%7C74418948608589896483369674835470886552%7CMCAAMLH-1726865723%7C7%7CMCAAMB-1726865723%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1726268123s%7CNONE%7CMCSYNCSOP%7C411-19987%7CvVersion%7C5.5.0
.oxo.com/	1969-12-31 23:59:59	Name: s_cc Value: true
www.oxo.com/	1970-01-20 23:31:04	Name: mage-cache-storage Value: {}
www.oxo.com/	1970-01-20 23:31:04	Name: mage-cache-storage-section-invalidation Value: {}
www.oxo.com/	1970-01-20 23:31:04	Name: mage-cache-sessid Value: true
.oxo.com/	1970-01-21 08:16:36	Name: cf_clearance Value: BPUyVhyor96vMwWO83vykjfzBL7tjIiVCWkT6hGUmpk-1726260924-1.2.1.1-_zIxH9NpCIpqv18nTQ2tKv0ZYw6LrORbIeyUpQOsjxgGcJ98c2JP0sPagzgiNHQAtwQxEo4OemqKL4EfaHpScgkvHWzhghgG1qQQw9MxMC8o5oIJC5DAoiZXOC2ciVEDX3Aroae1wMVG_ev4b092dyTrFVz9gJbWHBUx5ze3hPbH0fbAnWyjVVvVLU5G5omtn9tqXwGbhXvXigER67MNaZcEf_Ngud31JVca9kPl02X9OxXyD5JcOSxd_gMkwtLI0lGBii_VVgUNIARNSXNVKtILQgIHbez8HOnT5.6wQZ4..gMX5uYTP85sLuiEKduWuwWduE7zED6Hs3JJ5vX27DA711w4QrJOLCmuxw80yl3UYALNBaSKTykVR8Z.PJEX
www.oxo.com/	1970-01-20 23:31:04	Name: recently_viewed_product Value: {}
www.oxo.com/	1970-01-20 23:31:04	Name: recently_viewed_product_previous Value: {}
www.oxo.com/	1970-01-20 23:31:04	Name: recently_compared_product Value: {}
www.oxo.com/	1970-01-20 23:31:04	Name: recently_compared_product_previous Value: {}
www.oxo.com/	1970-01-20 23:31:04	Name: product_data_storage Value: {}
www.oxo.com/	1970-01-20 23:31:04	Name: mage-messages Value:
.adobedc.net/	1970-01-21 08:16:36	Name: mg Value: 72483b3f-c43f-438d-bf14-2d792d3b2380
.oxo.com/	1970-01-21 01:40:36	Name: _gcl_au Value: 1.1.773975576.1726260925
.doubleclick.net/	1970-01-21 00:14:12	Name: ar_debug Value: 1
.oxo.com/	1970-01-20 23:31:02	Name: __cf_bm Value: QWU0944BGaLpSE09XasZWI8Qfe1BJxolNAGXlr2B70A-1726260925-1.0.1.1-nVJMoOMZqmZ5DHATHifzW7XsZpemYW5HlzKxE54SfoNv.HW8zHgqbnRD6csvDaLILbdHZ5bhjRDlxQmZNnRWNg
.oxo.com/	1969-12-31 23:59:59	Name: s_plt Value: 5.18
.oxo.com/	1969-12-31 23:59:59	Name: s_pltp Value: choose%20your%20location
.doubleclick.net/	1970-01-21 09:07:00	Name: IDE Value: AHWqTUnDQ1ODZ_X8vqDAlvPiuTDNVkEYP1fEtiwTtv-_NtHc83-z_ANlfzPgmXW4UaI
.doubleclick.net/	1970-01-21 03:50:12	Name: receive-cookie-deprecation Value: 1
www.oxo.com/	1970-01-21 09:07:00	Name: __kla_id Value: eyJjaWQiOiJPVEV3T0RJeVpUa3RaV014WkMwME9HRTVMVGhtTlRBdE4ySTNPRE14TldSaVlqVXciLCIkcmVmZXJyZXIiOnsidHMiOjE3MjYyNjA5MjUsInZhbHVlIjoiIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vd3d3Lm94by5jb20vY291bnRyeVNlbGVjdG9yL2dlb2lwL2dldGFjdGlvbi8/Y291bnRyeV9jb2RlPUNBIn0sIiRsYXN0X3JlZmVycmVyIjp7InRzIjoxNzI2MjYwOTI1LCJ2YWx1ZSI6IiIsImZpcnN0X3BhZ2UiOiJodHRwczovL3d3dy5veG8uY29tL2NvdW50cnlTZWxlY3Rvci9nZW9pcC9nZXRhY3Rpb24vP2NvdW50cnlfY29kZT1DQSJ9fQ==
.bing.com/	1970-01-21 08:52:36	Name: MUID Value: 37E9C72946486852292CD3D0479E6972
.bat.bing.com/	1970-01-20 23:41:05	Name: MR Value: 0
.oxo.com/	1969-12-31 23:59:59	Name: IR_gbd Value: oxo.com
.oxo.com/	1969-12-31 23:59:59	Name: IR_9558 Value: 1726260925414%7C0%7C1726260925414%7C%7C
.tiktok.com/	1970-01-21 08:52:36	Name: _ttp Value: 2m23cnalFfA4FvCYwaPNWBYzeBx
www.oxo.com/	1970-01-21 08:16:36	Name: __pdst Value: 00a16bcbbbb144fb98420a7c8818912f
.oxo.com/	1970-01-21 09:07:00	Name: _ga_QN3HZX14P2 Value: GS1.1.1726260925.1.0.1726260925.60.0.0
.oxo.com/	1970-01-21 09:07:00	Name: _ga Value: GA1.1.1745456930.1726260926
.oxo.com/	1970-01-20 23:32:27	Name: _uetsid Value: 802b3f50721211ef850f7d9713094eb4
.oxo.com/	1970-01-21 08:52:36	Name: _uetvid Value: 802b7120721211ef96082b9aa4f50d88
.bing.com/	1970-01-21 08:52:36	Name: MSPTC Value: Al4G6dqcCYW2PwGVIPjvbcjaFjIh9DLzRQwAor8M6K8
.oxo.com/	1970-01-21 01:40:36	Name: _fbp Value: fb.1.1726260925792.662929752246385498
.pinterest.com/	1970-01-21 08:16:36	Name: ar_debug Value: 1
.oxo.com/	1970-01-21 08:52:36	Name: _tt_enable_cookie Value: 1
.oxo.com/	1970-01-21 08:52:36	Name: _ttp Value: TjWfp0dMOOfGgEWxKzgt_WHU_pQ
.oxo.com/	1970-01-21 08:16:36	Name: _pin_unauth Value: dWlkPVpHUTRZemcxWW1VdFlqZzFNaTAwTVRsbExXSTNNalF0TldGaVpHVTRPR0V6Tnpoaw
.ct.pinterest.com/	1970-01-21 08:16:36	Name: _pinterest_ct_ua Value: "TWc9PSZiV3FhSjJkL2I4TXdRaTczbDFWT0V2UTJURzJYeUdncHB2ZjFsOHh6STRsM3FsUUlUZnFwV005T2kzbWVFN05zOVJsRTVBUlNGbGlpUjVvK2V3MmtOVCt5bVNIbUNsOUhETjFsbmRzRG9jYz0ma0hMUzVUcVNEWDliekhYY1dPVm10c05uUEhvPQ=="

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/launch-012b4acf6374.min.js(Line 4) Message: Refused to load the script 'https://cdn.crobox.io/js/0tyxwj.js' because it violates the following Content Security Policy directive: "script-src cdnjs.cloudflare.com analytics.tiktok.com .stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com .klaviyo.com .yottaa.net .yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com .sdiapi.com f.vimeocdn.com .adobedtm.com .adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net .magento-ds.com .typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .yotpo.com s7.addthis.com .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com .mageside.com doubleclick.net .hydroflask.com .oxo.com .pcapredict.com .lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net .fbot.me services.postcodeanywhere.co.uk .parcellab.com .trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com .brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com .clarity.ms .spectrumcustomizer.com js.acq.io ssl.geoplugin.net .yimg.com ajax.googleapis.com cdn.pushplanet.com .cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com .impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com .googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
deprecation	warning	(Line 318) Message: Listener added for a 'DOMSubtreeModified' mutation event. This event type is deprecated, and will be removed from this browser VERY soon. Usage of this event listener will cause performance issues today, and represents a large risk of imminent site breakage. Consider using MutationObserver instead. See https://chromestatus.com/feature/5083947249172480 for more information.
security	error	URL: https://assets.adobedtm.com/ba2a113ab3b7/6c745b6b1b5f/launch-012b4acf6374.min.js(Line 4) Message: Refused to load the script 'https://p.teads.tv/teads-fellow.js' because it violates the following Content Security Policy directive: "script-src cdnjs.cloudflare.com analytics.tiktok.com .stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com .klaviyo.com .yottaa.net .yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com .sdiapi.com f.vimeocdn.com .adobedtm.com .adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net .magento-ds.com .typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .yotpo.com s7.addthis.com .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com .mageside.com doubleclick.net .hydroflask.com .oxo.com .pcapredict.com .lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net .fbot.me services.postcodeanywhere.co.uk .parcellab.com .trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com .brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com .clarity.ms .spectrumcustomizer.com js.acq.io ssl.geoplugin.net .yimg.com ajax.googleapis.com cdn.pushplanet.com .cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com .impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com .googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js Message: Refused to connect to 'https://s.amazon-adsystem.com/iu3?pid=c36b40d4-928a-4bfe-b660-a95148a4a483&event=PageView&ts=1726260923616' because it violates the following Content Security Policy directive: "connect-src analytics.tiktok.com .stripe.network www.recaptcha.net .addressy.com .klaviyo.com .datadome.co .yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io .sdiapi.com dpm.demdex.net .omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com .adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com .algolia.net .algolia.com .algolianet.com .yotpo.com ekr.zdassets.com/ .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .braintree-api.com .paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net .oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk .parcellab.com .rapidspike.com .brilliantcollector.com cloud.vimeo.com vimeo.com .clarity.ms bat.bing.com .kaltura.com .spectrumcustomizer.com .acq.io ssl.geoplugin.net .yimg.com .hotjar.com vc.hotjar.io .pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com .googletagmanager.com .analytics.google.com .g.doubleclick.net .google.com .google-analytics.com *.trustarc.com mpsnare.iesnare.com".
javascript	error	URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js Message: Refused to connect to 'https://s.amazon-adsystem.com/iu3?pid=c36b40d4-928a-4bfe-b660-a95148a4a483&event=PageView&ts=1726260923616' because it violates the document's Content Security Policy.
security	error	URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js Message: Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the following Content Security Policy directive: "connect-src analytics.tiktok.com .stripe.network www.recaptcha.net .addressy.com .klaviyo.com .datadome.co .yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io .sdiapi.com dpm.demdex.net .omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com .adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com .algolia.net .algolia.com .algolianet.com .yotpo.com ekr.zdassets.com/ .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .braintree-api.com .paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net .oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk .parcellab.com .rapidspike.com .brilliantcollector.com cloud.vimeo.com vimeo.com .clarity.ms bat.bing.com .kaltura.com .spectrumcustomizer.com .acq.io ssl.geoplugin.net .yimg.com .hotjar.com vc.hotjar.io .pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com .googletagmanager.com .analytics.google.com .g.doubleclick.net .google.com .google-analytics.com *.trustarc.com mpsnare.iesnare.com".
javascript	error	URL: https://rapid-cdn.yottaa.com/rapid/lib/bdWgmLaioz2oPA.js Message: Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the document's Content Security Policy.
security	error	URL: https://www.oxo.com/countrySelector/geoip/getaction/?country_code=CA Message: Refused to load the image 'https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QN3HZX14P2&cid=1745456930.1726260926&gtm=45je4990v898268557z89176638692za200zb9176638692&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=208175794' because it violates the following Content Security Policy directive: "img-src services.sheerid.com www.ojrq.net .klaviyo.com .cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net .google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com .baidu.com .omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com .typekit.net www.paypalobjects.com .ftcdn.net .behance.net fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com validator.swagger.io .yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com .paypal.com mageside.com .mageside.com .hydroflask.com hydroflask.attn.tv .oxo.com .lightboxcdn.com na-stage.hele.digital .parcellab.com .trustarc.com cfvod.kaltura.com .bing.com .clarity.ms .hele.digital via.placeholder.com .locally.com .spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com .acq.io .yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com .facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com .google.com www.gstatic.com ssl.gstatic.com googletagmanager.com .googletagmanager.com fonts.googleapis.com .google-analytics.com .analytics.google.com .g.doubleclick.net .fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com *.dl.dropboxusercontent.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'self' 'unsafe-inline' 'unsafe-eval'; child-src assets.braintreegateway.com c.paypal.com .paypal.com http: https: blob: 'self' 'unsafe-inline'; connect-src analytics.tiktok.com .stripe.network www.recaptcha.net .addressy.com .klaviyo.com .datadome.co .yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io .sdiapi.com dpm.demdex.net .omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com .adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com .algolia.net .algolia.com .algolianet.com .yotpo.com ekr.zdassets.com/ .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .braintree-api.com .paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net .oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk .parcellab.com .rapidspike.com .brilliantcollector.com cloud.vimeo.com vimeo.com .clarity.ms bat.bing.com .kaltura.com .spectrumcustomizer.com .acq.io ssl.geoplugin.net .yimg.com .hotjar.com vc.hotjar.io .pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://.hotjar.com 'self' 'unsafe-inline' www.googleadservices.com googletagmanager.com .googletagmanager.com .analytics.google.com .g.doubleclick.net .google.com .google-analytics.com .trustarc.com mpsnare.iesnare.com; font-src .sdiapi.com .klaviyo.com .typekit.net .yotpo.com .googleapis.com .gstatic.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com .hydroflask.com .oxo.com cdn.kustomerapp.com .trustarc.com .lightboxcdn.com .spectrumcustomizer.com data: 'self' 'unsafe-inline' fonts.gstatic.com; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com .yotpo.com .iterable.com .cardinalcommerce.com .paypal.com .oxo.com .brilliantcollector.com .facebook.com 'self' 'unsafe-inline'; frame-ancestors .stripe.com stripe.com .kmail-lists.com 'self'; manifest-src 'self' 'unsafe-inline'; media-src .akamaized.net .kaltura.com cfvod.kaltura.com .adobe.com .oxo.com .vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src cdn.jsdelivr.net .typekit.net .klaviyo.com .adobe.com .yotpo.com .googleapis.com mageside.com .mageside.com .oxo.com .pcapredict.com services.postcodeanywhere.co.uk .lightboxcdn.com .parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline' googletagmanager.com .googletagmanager.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/1/2 blob:; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=p9oigUrIL37.twM7fsC.ZM_qTVc.HxJvUgO4u7fJgck-1726260921-1.0.1.1-bfeVM2QGpVsWBFNHJioV.inlVWvRLmE7dZlswGM2HF6xacX19DILjhPwM6Y3cOWdJgbdpL72z1ncYaruPFUmSzNOak4G1332eOEX7ZRH4GdY4EK.Ulkn50qyTxY6w0Y_joi0pyJL1TPQbiOprW4IM9hivehFhpIRJ0_3I.c05SAZB2T_qH24vAqJkRZo3JVKSqvRgqGwb5m8BmA7dNS96Q; report-to cf-wklzwnphtjgkmaxh frame-src services.sheerid.com .stripe.network www.recaptcha.net .sdiapi.com .kmail-lists.com fast.amc.demdex.net .adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.sandbox.paypal.com player.vimeo.com .youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com .yotpo.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com assets.braintreegateway.com pay.google.com .cardinalcommerce.com .paypal.com doubleclick.net .doubleclick.net vice01.hydroflask.com hydroflask.attn.tv .oxo.com .lightboxcdn.com .hydroflask.com .brilliantcollector.com .demdex.net .kustomer.support .kustomer.help .trustarc.com .locally.com .facebook.com .fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline' .googletagmanager.com bid.g.doubleclick.net td.doubleclick.net .fls.doubleclick.net; img-src services.sheerid.com www.ojrq.net .klaviyo.com .cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net .google.co.in google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com .baidu.com .omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com .typekit.net www.paypalobjects.com .ftcdn.net .behance.net fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com validator.swagger.io .yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com .paypal.com mageside.com .mageside.com .hydroflask.com hydroflask.attn.tv .oxo.com .lightboxcdn.com na-stage.hele.digital .parcellab.com .trustarc.com cfvod.kaltura.com .bing.com .clarity.ms .hele.digital via.placeholder.com .locally.com .spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com .acq.io .yimg.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com .facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net 'self' 'unsafe-inline' google.com .google.com www.gstatic.com ssl.gstatic.com googletagmanager.com .googletagmanager.com fonts.googleapis.com .google-analytics.com .analytics.google.com .g.doubleclick.net .fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.dropbox.com .dl.dropboxusercontent.com; script-src cdnjs.cloudflare.com analytics.tiktok.com .stripe.network www.recaptcha.net ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com .klaviyo.com .yottaa.net .yottaa.com cdn.pdst.fm c.disquscdn.com cdn.kustomerapp.com unpkg.com .sdiapi.com f.vimeocdn.com .adobedtm.com .adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net .magento-ds.com .typekit.net www.paypalobjects.com js.braintreegateway.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .yotpo.com s7.addthis.com .iterable.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com .paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com .mageside.com doubleclick.net .hydroflask.com .oxo.com .pcapredict.com .lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net .fbot.me services.postcodeanywhere.co.uk .parcellab.com .trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com .brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com .clarity.ms .spectrumcustomizer.com js.acq.io ssl.geoplugin.net .yimg.com ajax.googleapis.com cdn.pushplanet.com .cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com .impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net mpsnare.iesnare.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' oxo.com/p/2/2 blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=pEVdrFVeq2IDyI3goGJ9gIlIGlVjljcAWygQxKafAEI-1726260921-1.0.1.1-gtyMaONXgQ3ALrEUNvWDtbdOkPz6VDeGGymwS4FVj1Z_wvwQnAhmayCeadhfgvl3Xvi4ti2RGyvjgQNv1Tqr9DEkWaPaR9_3pQtvGOr6h7DS1MTv6ApS0i3epeZtMAXV2mzRB2oujlot7f57a2FHW_.bkWyTUw_a.PLa_ukTeR5qJ_F4fMQijExra2bPMnnVx3Gy9OQQYiI2s8FAREhF.w; report-to cf-hhwmbxnnpksazxny
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

14167590.fls.doubleclick.net
a.klaviyo.com
ad.doubleclick.net
analytics.google.com
analytics.tiktok.com
assets.adobedtm.com
bat.bing.com
c.amazon-adsystem.com
cdn-assets.rapidspike.com
cdn.crobox.io
cdn.kustomerapp.com
cdn.pdst.fm
cdnjs.cloudflare.com
cm.everesttech.net
commerce.adobedc.net
commerce.adobedtm.com
connect.facebook.net
consent.trustarc.com
ct.pinterest.com
d.impactradius-event.com
dpm.demdex.net
fast.a.klaviyo.com
fonts.googleapis.com
helenoftroy.demdex.net
lib-us-1.brilliantcollector.com
oxo.sc.omtrdc.net
p.teads.tv
p.typekit.net
qoe-1.yottaa.net
rapid-cdn.yottaa.com
rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com
s.pinimg.com
static-forms.klaviyo.com
static-tracking.klaviyo.com
static.cloudflareinsights.com
static.klaviyo.com
stats.g.doubleclick.net
td.doubleclick.net
unpkg.com
use.typekit.net
www.facebook.com
www.google.ca
www.googletagmanager.com
www.oxo.com
cdn.crobox.io
p.teads.tv
www.google.ca
104.17.95.156
142.250.65.198
142.251.40.168
142.251.40.230
151.101.128.84
151.101.130.133
151.101.192.84
151.101.194.133
151.101.2.133
151.101.66.133
157.240.241.1
172.67.68.249
18.164.116.90
18.238.49.62
2001:4860:4802:32::181
204.2.133.136
23.206.172.62
2600:141b:1c00:2096::1e80
2600:141b:1c00:2582::1931
2600:141b:1c00:8::1728:b323
2600:141b:1c00:8::1728:b32c
2606:4700:4400::6812:2889
2606:4700::6810:5049
2606:4700::6811:190e
2606:4700::6811:f7cb
2607:f8b0:4004:c09::9d
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::200a
2607:f8b0:4006:821::2008
2620:1ec:33::10
2a03:2880:f112:182:face:b00c:0:25de
3.171.134.120
3.208.75.12
34.230.160.65
35.186.249.72
35.244.142.80
44.196.169.18
44.196.30.37
54.224.113.8
63.140.39.224
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
04dd88ec3632bfd618a21c8657d6faf685a33fde9d3bf3c7e0e43ce9f517c55d
059ae9281a7cece0d38dc22b536bafad0c303b0d8e13df0dd1b4e0f5af440a6b
05d5ad67a46abbea2c2f9ee2cfb787aa340da2f8e738a6c002d96a4371d14ae7
0b9110bc010c9e78315dfe729265d33c4d10b723a759d757141a8148bead5074
0c646cb0308d0dd95672b9e1ab8b52a98f3638b681f79dcf1daf8c9fa62b534c
0d2d50aa7913e562d4d2c4c302103991f36b7b9ea41fd5d6957bb161c01e6396
10a477066005d47f804c4a57ac101d51d0e3808bf7188125ed23d4f42e5cd484
1108c5d6a46cc684fffa4348a4ad097066d536f52b3a85c550bae2a7f50b68e9
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1d4fdec9bbde03db70d2add577e12d713e8cceb38fb75ba13df9c89252475f60
212ef5d094ee3282165c25a6988faa80f7be4f169b640562c1917b30f4086f65
216e59a83bf1438780c20e779bd737fecbce5304ee153ca7602ce1af152b462b
2429d86f3024682282e29e56d0a25f44a7bf1d77426954f25dacc6e706b0fbc1
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
27d0566567b8e452ad2a9555820f020e45ad115e7e88c03cc0094a09339fe383
2a6d90b55a4309d0187331c8d18508768f3f4e0efff92c1645e8f3ef248ed3f5
2cf7639863dd3a0d70b22b418c8101f15778ebc9eba65eb76dd3f6bd80fa1729
3240ec543e490912b08d24d01787505abd71fe604daa06957d68434a8cea8e7b
36b5d68de469ab371ce1f9df36f3f9528303b72f32a0d563417927feb85bf5b5
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3818259a072560b8c44820f8753d53344bdc817a9493e4c18ca38531ffb534e3
3a55d7bad75dfbc5f71ce1c967dcb60506ee28dd7b790989e075dd6e23a5d0b7
3b5778a825f1aef915a4a445b0153898da52e596dce76c6d67379444c2630137
3cb4dd6baf42a32c64edba891ed4a4b959c6c540fc3d6a082e11d4da6b3c144d
42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880
4ee83969c5ed3f38072076b0611914153d86dc42ce38b1ed98a04fcefef56e6b
54a95e5381069af1c1ffe30d039643382c05ebd59d587161b142d5f29290c909
5b50230fe1cada6c4b01fd3c1a291b8bda2b17ed14fb7c5bede010c11a05af23
5bda477fd8e24254a42e625d19959c5ebd57a88160636571c1dbde8fb3a88e0b
5cbcb51e74bb74a0b0cefac08607d82ad5902ee9a6169d96eb0e43b7d9ba88b6
5e30c3134e8ae35ab935591d7ffa47463aa218dd0ba248ab728cb01d694a3b81
5e47c97214b042582e64071246e8034e525cef66a5316f9af6a615f7bb01fc1b
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
620ec7947095b6f875ce7694812120d60ef68ae4d44a9762a4b370a42b8d06ad
660b88fbb87791c53d4209b3e6e14c5b4bc680ad45c99a07d6857a5bb7a0b9e5
69fe20e0351087ac46d9985ac537b3992abbcb105e0b91dbb712a0152e5e5eb1
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2
6eaa7d84867f4a3f58d1cff2d44b4d4adfcc58072a48d761fe092b7e6172b253
741bb7b767cbba5176971859d93cc980b80732b1385e1420a888872821878f2c
75390cc07befc573e53fb02146475bbd790bf207edeb76080aca6c77cf74caf9
77a1cd76f7b369b86ca16c770ccc8e6c19afe3f063f496cc617a8e224a725bcd
7809d3fb875bdae4682226eab4347462f66641e6adb222fff07361ee9d0f5526
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4
7aec2bb9cf4a00eff340ab865e364431c953b6eef48acdffe1c69ff4c02c6bc1
7b7438148621590f832534c952063346875c0d0abc79b38c32a09c00538d1cf9
7c96f39f1da71879be531cc928f08dfd8cfa8862206c3ba5c34a42c1e145a2c3
83a411a8f02a06fc217862488767751c306222d6b11843b42cfa7ce849b08a87
83fbfbc1de60b5eca1256243958600164c0d000b40c05ad57ca47106e49c85c3
864072a3229468b4abd5debaf97f3ed17b77f098513c523746cb825ee183e68f
87ffad11c7c626ac32be0bb1682ac038192b5a4beebded6eceaf8c610212bdb8
889cc2ae424a7a53dcd7aa3e2a72996f6b0d013ac756e9c66222bac3580ab14c
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8ad234746ca644a0ddd098f075ab122467fde2ec1ac44b9607b9dfc3f9a87ece
8b32ecf9c38bd556a3acfee9a4ba84646d3f57213996be78237478dc7fcb23ae
8cc8f3c0ad31b8fa76b04b5e5f338ac2abf28477037189bc279b1ee5720b81a5
8d7d2922afbb7aeb4815edfb4393e0fea0132bfbcce9246ce278c43f8067f2d6
919293e56b6a814a84a579b014f63a2423b0419c418494da7baa7c0c5893cde1
91b5cc5750ea1b9aa9f88011d7166e5fdc5f70ee027530e244daa6c53fef9b14
9685cb71997926787800eb8cc0b13873e0f39eb2a5e00a4005054480000dc27f
96b67419d2538b42413797739000601d5884a81872b8346559c04770100a29fb
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9c1008cd738a038c47e35e4a70ac961f8f250041436f127ad337f30e8f138610
9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552
a0e1790d7d90c7a831dcb3efdb0211f3b478ede77758538e9ce456154be97165
a19db97d8d5eb5c80855b8bbbf38e783b1d380d5b1ec7f47dafe3364bfe2fdf3
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a87697d9f0ee36132ab0adf0f672d52097863981bed8651037e9311d8905fa2b
aa03b89682a1f628e945d75327d8d602161b73c35d7159a34e6b2d01af15e4ca
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
af37a4f29c1102161e4aacadfb271176e6ed0e4f9aa8f20f6221cfe5785fcd3c
b604e18370e4d2d157036b796fe9bde8710565d5c37d5c71774f8e4cc89f0640
b6ccb5cfca813ee3a8a6b1311ce8055eac0724006412e010ab00db66e9f943b5
b80e2ebf2ced4ff0df3fbfb3731c3493824b50fb70c56969ae9a56488d3c714c
b9c2422604e5d51d58e09ad62046d2c9afb44c7816e6e8bc920ee2125c6fe499
bc2e8b81f7f213a51bbb4e5f9f2611d5c34e4dadc1f747fddf9b2463b6663f57
c77d33e522d7d70bed1641a0cb498f02f9c360305be8aafd83e727b1e5776628
c853e00afaed8f5bc00f96b24ea685eeb960433abf7dd98a79df91e591301231
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caefc900beabcb8b438e7e4861b34f560d256675a09c417fd201574cd257741c
cc0634f0db338f061a0b0179b5c5bf558fc0a32521503e4d9c1f343cab280f7c
cdddc59d5ab037f2ed926d1144ba5a71b74ca6aa560534284c48a65b684c0822
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
d238c3b4d157d9e1d8d0f0d5ccc65e8ae3ea7118ef2df89d04fbd152d862ed16
d2586e045767a0379e2072dc2fd04a86e9b2514620ffab62af46318aa20e2f01
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d6fe7fa366572680402e0efb5cffe25ef8e67497e71e1e2539c552507dc27c47
d7b822b32631317d0747d27081792a295a968c4740d7eb0e0e25ebc5d9b4ce70
da90484142079a67f8609c50324de041125ee49ca7eff1dff04527f393b082c9
de7ccfa90cbf84025491b157ec203b447da3d0e36cc1306d4817c577d682bb00
e2d60cdf4948bf1fcc89d3e1fb4875dbfe0cd45125eced25eb220b5fd72abe73
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e400cd30777e17efe3066485259980648528389e7305b028f35976b8c865d8b1
e552fe88d7963151ada92d4aa63b1d6d5f35fb9829887bd98abac7fe1ac998f2
e5f0cc14ea3f6828ccae339fcb67d02dc6ffc4b40d5682bcd10815a6d9dead0b
eb075186f60d57a2eb6a67b214fe5a9f46443693e312ef701b0edf308a2abd6e
edc4c4260d84a701185f43dbbfeb15fcb68c868b23a1f81af2f90a3d21b213bb
ede1e92420014b36965595bc4e534bd9539d3a479049757c948656e0693ca713
edebce51607e8abee169a5973d544fd6a0ec126e40c11832f89e4e369fb6ad93
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f029fa69f0e3d3776ce2881d5c0983412943c8dc236bbe30ad7c03f4783c4a60
f1962d7f9774218ab88d8c21eaced7e7f2c7965b23d98e2e5fcc166e2f4a342e
f2769341fbf31a14e512d5b4138e93597e2eaf57dc58a09748a0515f4d4fd267
f2eccd0cba46b820a0b985857875fe4f8407a6e87a03ba0a537906fe738d4ab1
f73c578afd4839c471623755979976453bc91f26c0cf24a9f302e0024bf30a7f
f841a021c983785e847e06ae688b3ea4700246e6ed06aa379f11705f3895fa30
fce461e0fefe1d6d687b3eab8304d3affaf23fb674b18bfb5242ccfc544e1bb7

www.oxo.com Open in urlscan Pro 104.17.95.156 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

145 Requests

95 %HTTPS

38 %IPv6

33 Domains

44 Subdomains

40 IPs

2 Countries

3946 kBTransfer

14068 kBSize

50 Cookies

19 Outgoing links

Page URL History

Redirected requests

145 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.oxo.com Open in urlscan Pro
104.17.95.156 Public Scan

Screenshot
Live screenshot

Full Image

145
Requests

95 %
HTTPS

38 %
IPv6

33
Domains

44
Subdomains

40
IPs

2
Countries

3946 kB
Transfer

14068 kB
Size

50
Cookies

145 HTTP transactions
0 data transactions