urlscan.io logo urlscan.io
SecurityTrails logo

www.icandyworld.com Open in urlscan Pro
149.86.96.251  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.icandyworld.com/
Submission Tags: sansec.io magecart Search All
Submission: On June 26 via api from US — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 32 IPs in 6 countries across 21 domains to perform 114 HTTP transactions. The main IP is 149.86.96.251, located in Manchester, United Kingdom and belongs to SONASSI, GB. The main domain is www.icandyworld.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 21st 2023. Valid for: a year.
This is the only time www.icandyworld.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
38 149.86.96.251 199542 (SONASSI)
4 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2600:9000:211... 16509 (AMAZON-02)
9 2600:9000:205... 16509 (AMAZON-02)
4 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 172.67.184.69 13335 (CLOUDFLAR...)
1 2600:9000:214... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 18.66.102.51 16509 (AMAZON-02)
14 2.21.20.12 20940 (AKAMAI-ASN1)
3 2a03:2880:f08... 32934 (FACEBOOK)
2 52.222.236.60 16509 (AMAZON-02)
1 108.138.26.55 16509 (AMAZON-02)
2 2a02:26f0:710... 20940 (AKAMAI-ASN1)
2 34.107.203.234 396982 (GOOGLE-CL...)
1 13.32.27.19 16509 (AMAZON-02)
3 2600:9000:21f... 16509 (AMAZON-02)
2 100.24.234.123 14618 (AMAZON-AES)
1 2600:9000:20e... 16509 (AMAZON-02)
2 2a02:6ea0:c70... 60068 (CDN77 _)
1 54.216.242.9 16509 (AMAZON-02)
4 2a03:2880:f17... 32934 (FACEBOOK)
1 34.253.34.140 16509 (AMAZON-02)
2 3.94.16.235 14618 (AMAZON-AES)
1 2600:9000:215... 16509 (AMAZON-02)
2 2620:127:f00f... 13335 (CLOUDFLAR...)
2 172.64.144.121 13335 (CLOUDFLAR...)
1 104.18.39.221 13335 (CLOUDFLAR...)
1 2600:9000:225... 16509 (AMAZON-02)
3 142.250.185.132 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
114 32
38    149.86.96.251 (Manchester, United Kingdom)

ASN199542 (SONASSI, GB)
PTR: lb1.dh1.c292.sonassihosting.com
www.icandyworld.com
4    2a02:26f0:3500:11::215:14d6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
agbvkrrzbq.cloudimg.io
1    2600:9000:211e:5c00:18:6c16:27c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
tools.luckyorange.com
9    2600:9000:2057:2000:2:85f7:af00:93a1 (United States)

ASN16509 (AMAZON-02, US)
widget.gotolstoy.com
4    2a02:26f0:3500:18::1724:a29d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consent.cookiebot.com
1    172.67.184.69 (United States)

ASN13335 (CLOUDFLARENET, US)
polyfill.io
1    2600:9000:214f:600:f:8ce2:fb80:93a1 (United States)

ASN16509 (AMAZON-02, US)
www.dwin1.com
3    2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    18.66.102.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-51.fra56.r.cloudfront.net
static.hotjar.com
14    2.21.20.12 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-12.deploy.static.akamaitechnologies.com
analytics.tiktok.com
3    2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    52.222.236.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-60.fra56.r.cloudfront.net
widget.trustpilot.com
1    108.138.26.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-55.fra56.r.cloudfront.net
invitejs.trustpilot.com
2    2a02:26f0:7100:8a0::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consentcdn.cookiebot.com
imgsct.cookiebot.com
2    34.107.203.234 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 234.203.107.34.bc.googleusercontent.com
settings.luckyorange.com
1    13.32.27.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net
script.hotjar.com
3    2600:9000:21f3:1600:1c:9484:cec0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.attn.tv
2    100.24.234.123 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-234-123.compute-1.amazonaws.com
apilb.gotolstoy.com
1    2600:9000:20eb:0:1f:af3f:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
lantern.roeyecdn.com
2    2a02:6ea0:c700::21 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
cdn.ometria.com
1    54.216.242.9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-242-9.eu-west-1.compute.amazonaws.com
lantern.roeye.com
4    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    34.253.34.140 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-34-140.eu-west-1.compute.amazonaws.com
trk.ometria.com
2    3.94.16.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-16-235.compute-1.amazonaws.com
api.gotolstoy.com
1    2600:9000:2156:7600:4:5b2f:f600:93a1 (United States)

ASN16509 (AMAZON-02, US)
play.gotolstoy.com
2    2620:127:f00f:ff01:: (Canada)

ASN13335 (CLOUDFLARENET, US)
cdn.shopify.com
2    172.64.144.121 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
icandy-gb.attn.tv
1    104.18.39.221 (None, )

ASN13335 (CLOUDFLARENET, US)
events.attentivemobile.com
1    2600:9000:225e:cc00:a:78b:4e00:93a1 (United States)

ASN16509 (AMAZON-02, US)
creatives.attn.tv
3    142.250.185.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f4.1e100.net
www.google.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
38 icandyworld.com
www.icandyworld.com
658 KB
14 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 787
149 KB
14 gotolstoy.com
widget.gotolstoy.com — Cisco Umbrella Rank: 36263
apilb.gotolstoy.com — Cisco Umbrella Rank: 32655
api.gotolstoy.com — Cisco Umbrella Rank: 78097
play.gotolstoy.com — Cisco Umbrella Rank: 87238
52 KB
6 attn.tv
cdn.attn.tv — Cisco Umbrella Rank: 4592
icandy-gb.attn.tv
creatives.attn.tv — Cisco Umbrella Rank: 9114
48 KB
6 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4936
consentcdn.cookiebot.com — Cisco Umbrella Rank: 5488
imgsct.cookiebot.com — Cisco Umbrella Rank: 5824
381 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
5 KB
4 cloudimg.io
agbvkrrzbq.cloudimg.io
404 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 5
982 B
3 ometria.com
cdn.ometria.com — Cisco Umbrella Rank: 55869
trk.ometria.com — Cisco Umbrella Rank: 48441
15 KB
3 trustpilot.com
widget.trustpilot.com — Cisco Umbrella Rank: 5884
invitejs.trustpilot.com — Cisco Umbrella Rank: 16515
11 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 204
74 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81
304 KB
3 luckyorange.com
tools.luckyorange.com — Cisco Umbrella Rank: 15059
settings.luckyorange.com — Cisco Umbrella Rank: 15051
5 KB
2 shopify.com
cdn.shopify.com — Cisco Umbrella Rank: 2357
580 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 894
script.hotjar.com — Cisco Umbrella Rank: 1260
60 KB
1 gstatic.com
www.gstatic.com
205 KB
1 attentivemobile.com
events.attentivemobile.com — Cisco Umbrella Rank: 4204
260 B
1 roeye.com
lantern.roeye.com — Cisco Umbrella Rank: 10427
155 B
1 roeyecdn.com
lantern.roeyecdn.com — Cisco Umbrella Rank: 10285
2 KB
1 dwin1.com
www.dwin1.com — Cisco Umbrella Rank: 5178
15 KB
1 polyfill.io
polyfill.io — Cisco Umbrella Rank: 1692
651 B
114 21
Domain Requested by
38 www.icandyworld.com www.icandyworld.com
analytics.tiktok.com
14 analytics.tiktok.com www.icandyworld.com
analytics.tiktok.com
9 widget.gotolstoy.com www.icandyworld.com
widget.gotolstoy.com
4 www.facebook.com www.icandyworld.com
4 consent.cookiebot.com www.icandyworld.com
consent.cookiebot.com
www.googletagmanager.com
4 agbvkrrzbq.cloudimg.io www.icandyworld.com
3 www.google.com www.icandyworld.com
www.gstatic.com
3 cdn.attn.tv www.googletagmanager.com
cdn.attn.tv
3 connect.facebook.net www.icandyworld.com
connect.facebook.net
3 www.googletagmanager.com www.icandyworld.com
www.googletagmanager.com
2 icandy-gb.attn.tv analytics.tiktok.com
2 cdn.shopify.com widget.gotolstoy.com
www.icandyworld.com
2 api.gotolstoy.com analytics.tiktok.com
2 cdn.ometria.com www.icandyworld.com
analytics.tiktok.com
2 apilb.gotolstoy.com widget.gotolstoy.com
analytics.tiktok.com
2 settings.luckyorange.com tools.luckyorange.com
2 widget.trustpilot.com www.icandyworld.com
widget.trustpilot.com
1 www.gstatic.com www.google.com
1 creatives.attn.tv cdn.attn.tv
1 imgsct.cookiebot.com
1 events.attentivemobile.com cdn.attn.tv
1 play.gotolstoy.com widget.gotolstoy.com
1 trk.ometria.com www.icandyworld.com
1 lantern.roeye.com www.icandyworld.com
1 lantern.roeyecdn.com www.dwin1.com
1 script.hotjar.com static.hotjar.com
1 consentcdn.cookiebot.com consent.cookiebot.com
1 invitejs.trustpilot.com www.icandyworld.com
1 static.hotjar.com www.icandyworld.com
1 www.dwin1.com www.icandyworld.com
1 polyfill.io www.icandyworld.com
1 tools.luckyorange.com www.icandyworld.com
114 32
Subject Issuer Validity Valid
*.icandyworld.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-21 -
2024-10-20		 a year crt.sh
*.cloudimg.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-14 -
2024-11-13		 a year crt.sh
luckyorange.com
Amazon RSA 2048 M03		 2023-11-18 -
2024-12-15		 a year crt.sh
*.gotolstoy.com
Amazon RSA 2048 M02		 2024-02-25 -
2025-03-24		 a year crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-02-28 -
2025-02-27		 a year crt.sh
*.polyfill.io
Sectigo RSA Domain Validation Secure Server CA		 2024-02-20 -
2025-02-19		 a year crt.sh
*.dwin1.com
Amazon RSA 2048 M03		 2023-10-18 -
2024-11-15		 a year crt.sh
*.google-analytics.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-04-05 -
2024-07-04		 3 months crt.sh
*.trustpilot.com
Amazon RSA 2048 M03		 2024-01-03 -
2025-01-31		 a year crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-02-26 -
2025-02-26		 a year crt.sh
settings.luckyorange.com
R3		 2024-06-04 -
2024-09-02		 3 months crt.sh
*.attn.tv
Amazon RSA 2048 M02		 2024-04-30 -
2025-05-28		 a year crt.sh
*.roeyecdn.com
Amazon RSA 2048 M01		 2023-10-04 -
2024-10-30		 a year crt.sh
www.cdn77.com
R10		 2024-06-25 -
2024-09-23		 3 months crt.sh
*.roeye.com
Amazon RSA 2048 M03		 2023-11-26 -
2024-12-24		 a year crt.sh
*.ometria.com
Amazon RSA 2048 M03		 2023-12-02 -
2024-12-30		 a year crt.sh
cdn.shopify.com
E1		 2024-05-03 -
2024-08-01		 3 months crt.sh
attn.tv
WE1		 2024-06-09 -
2024-07-09		 a month crt.sh
attentivemobile.com
WE1		 2024-06-09 -
2024-07-09		 a month crt.sh
*.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh

This page contains 8 frames:

Primary Page: https://www.icandyworld.com/
Frame ID: BD1C04024606870EC7464F70D13EA4C8
Requests: 109 HTTP requests in this frame

Frame: https://www.icandyworld.com/awin/?awc=&source=
Frame ID: 5C5A767FFE58043722192F5042C8AB29
Requests: 1 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: AC9C37ED73DA628C39C51C62068F84C7
Requests: 1 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=5cbcc7f9001a030001a81e00
Frame ID: 5CD594E73812C27BD550EE2EFBA3629D
Requests: 1 HTTP requests in this frame

Frame: https://play.gotolstoy.com/2.0.0-l/index.html?host&url=https://www.icandyworld.com/&safari=false&dontDownload=true&playerType=bubble&isShopifyStore=false&shopifyStoreUrl=&modalId=45708103-5df7-4ee0-81d1-05cb1e42addb&ai=140d92b2-3ab8-4fb4-a243-7c163e1297ce&pl=true&pv=1.0.0&isFeed=true&publishId=5rd0jnj0mu7kk
Frame ID: BCDF33D8004CD892F9B5A7002C185EEA
Requests: 1 HTTP requests in this frame

Frame: https://creatives.attn.tv/creatives-dynamic/multiPage/index.html
Frame ID: 91B9B78226BE39F950CB7D25377B8C0B
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf00HoaAAAAAFb3dS5ZjzTAO-TjrEhp7W6m-qgH&co=aHR0cHM6Ly93d3cuaWNhbmR5d29ybGQuY29tOjQ0Mw..&hl=en&v=KXX4ARWFlYTftefkdODAYWZh&theme=light&size=normal&cb=9xo6ugxsx6i2
Frame ID: 0E6F4323196A4C04CFED05DA3F1C5F4F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=KXX4ARWFlYTftefkdODAYWZh&k=6Lf00HoaAAAAAFb3dS5ZjzTAO-TjrEhp7W6m-qgH
Frame ID: A93D6C6AAFF1157F0735A6113B7344AE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

iCandy | Designer Prams, Pushchairs & Travel Systems

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js
Overall confidence: 100%
Detected patterns
  • require.*\.js
Overall confidence: 100%
Detected patterns
  • dwin1\.com
Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

114
Requests

100 %
HTTPS

52 %
IPv6

21
Domains

32
Subdomains

32
IPs

6
Countries

2968 kB
Transfer

7700 kB
Size

28
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

114 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.icandyworld.com/ 		188 KB
47 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
6091c2c2287eee8048a87d3a9732beaf90d4a75d39efc0b731ee0af10a0afe59
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-length
42221
content-security-policy-report-only
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.twitter.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
content-type
text/html; charset=UTF-8
date
Wed, 26 Jun 2024 15:29:21 GMT
expires
-1
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
pragma
no-cache
strict-transport-security
max-age=0
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
require.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/ 		124 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
498cac7c0e972e071acb2c9284f41f1aa60368709cad6ccc188ab085c2f2b805
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa53-1f1fd"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
41434
expires
Fri, 26 Jul 2024 15:29:21 GMT
mixins.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/mage/requirejs/ 		1 KB
913 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/mage/requirejs/mixins.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
0043579690952cd59395cbeb7036b585ba6c272b249711032a508ea8757033e5
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa54-56e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
604
expires
Fri, 26 Jul 2024 15:29:21 GMT
requirejs-config.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/ 		38 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs-config.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
ae0fcbeeee52438c0ce5165431675621410578efa70d67fe21669b3a0262c480
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa54-9804"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
7250
expires
Fri, 26 Jul 2024 15:29:21 GMT
ec.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Anowave_Ec/js/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Anowave_Ec/js/ec.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
d6fe19d894fa069a9f5450f406f560635a2a1a7e8b99501f815dd1b088f666a7
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673face-4b44"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
5217
expires
Fri, 26 Jul 2024 15:29:21 GMT
ec4.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Anowave_Ec4/js/ 		11 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Anowave_Ec4/js/ec4.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
cc3f0fe972b6149aea4b99efafff5bba85e93edc607e0d225dee49ff9ed2303f
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa0d-2dc6"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
1685
expires
Fri, 26 Jul 2024 15:29:21 GMT
MabryPro-Regular.woff2
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/fonts/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/fonts/MabryPro-Regular.woff2
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
9eef404e1d34559d37639a78bce2729ee6fe142b8380f7ea713b2ace226ed7aa
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Origin
https://www.icandyworld.com
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
strict-transport-security
max-age=0
last-modified
Thu, 20 Jun 2024 09:44:42 GMT
etag
"6673fa0a-c264"
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
49764
expires
Fri, 26 Jul 2024 19:53:34 GMT
MabryPro-Light.woff2
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/fonts/ 		46 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/fonts/MabryPro-Light.woff2
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
50220fd8348cd7b34c20d32fd7d5f1b52eecec7b9ce96da61a907ca41027d812
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Origin
https://www.icandyworld.com
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
strict-transport-security
max-age=0
last-modified
Thu, 20 Jun 2024 09:44:42 GMT
etag
"6673fa0a-b960"
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
47456
expires
Fri, 26 Jul 2024 19:53:34 GMT
iCandy_Peach_7_Coco_Chocolate_Factory_Image_web_1_.jpg
agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media// 		344 KB
345 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//iCandy_Peach_7_Coco_Chocolate_Factory_Image_web_1_.jpg?func=crop&width=2880&height=1636
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Scaleflex HTTP Loadbalancer /
Resource Hash
46751a11a1c0d6b08dab6a2cc7fd065188f1cf59db43ff24f2cabc6da1e9e112
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date
Wed, 26 Jun 2024 19:53:34 GMT
x-hexa-masterrefresh
x-hexa-originusedcode
200
x-origin-visibility
OV_NORMAL_FILE
alt-svc
h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length
352518
x-xss-protection
1
x-hexa-initwait
probably_cached, first_req 21219360s ago, no_wait
x-debug-original-url
/v7/www.icandyworld.com/media//iCandy_Peach_7_Coco_Chocolate_Factory_Image_web_1_.jpg?func=crop&width=2880&height=1636
server
Scaleflex HTTP Loadbalancer
x-cloudimg-traceid
C080_240625021458_575df_eMok#600z
etag
"2965645554"
x-resource-status
cached_resized
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2442136, s-maxage=31536000
x-hexa-flowtrace
AnRo<200:JPG>Rr<ok1>M[0]R
timing-allow-origin
*
akamai-request-bc
[a=23.206.213.86,b=3821975089,c=g,n=DE_HE_FRANKFURT,o=20940]
CSE_TOTEM_BLACK.png
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/images/footer/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/images/footer/CSE_TOTEM_BLACK.png
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
8446f53674ec39d255c9b0fe8e7ec9a311628eaef41e930947e465ffaf718057
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
strict-transport-security
max-age=0
last-modified
Thu, 20 Jun 2024 09:44:42 GMT
etag
"6673fa0a-4207"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
16903
expires
Fri, 26 Jul 2024 19:53:34 GMT
store-modal.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_StoreSwitcher/js/ 		740 B
706 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_StoreSwitcher/js/store-modal.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
18429b78aad640e9c7a4e7312b4e58d7f5a63656bd4f98feaec343b94d314feb
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fad2-2e4"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
397
expires
Fri, 26 Jul 2024 15:29:21 GMT
stripe_payments.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/StripeIntegration_Payments/js/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/StripeIntegration_Payments/js/stripe_payments.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
6505f1c83d7fa7630159fed40bebdb3b0e46fa5e4a57c708bab1927f36d2a67f
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa0d-23f7"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
2068
expires
Fri, 26 Jul 2024 15:29:21 GMT
lo.js
tools.luckyorange.com/core/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tools.luckyorange.com/core/lo.js?site-id=955127aa
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5c00:18:6c16:27c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f1af3d8764c953e392d3f12b9645ac7f1826b19d9204534a08634761adc75b31

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:40:01 GMT
content-encoding
gzip
via
1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
814
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
4672
last-modified
Tue, 18 Jun 2024 20:39:57 GMT
server
AmazonS3
etag
"3ff941ebab9571a9dc6b8881bbfe5945"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
DcAYy-Y3Mv__q15GqvP2jMoLG-v8KxESbOXA_ybkyxsVJ9IxfY6iWQ==
widget.js
widget.gotolstoy.com/widget/ 		96 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/widget.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5872e0912a0ed55ab74d0db1569c52a23ad10967d8d851e515f226ddbe47c22e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:21 GMT
x-amz-version-id
obE_eDSspE_Zli.THT_TrrR6nFB.8qgz
content-encoding
br
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"cc3b1168845372e931067990b19b99d4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
29114
cache-control
no-cache
x-amz-cf-id
yxl-nUltyGeeGpIUjZm9inZt5BKE5BbgnhHwYs_oNsbnNcGgSBpbDQ==
uc.js
consent.cookiebot.com/ 		109 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7dda4b29507887a80d74c81a30e6ff5241e414a7381cc0a4f6eef32595ebadf3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
last-modified
Tue, 18 Jun 2024 07:02:36 GMT
etag
"0eb47f4dc1da1:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=668
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
24996
expires
Wed, 26 Jun 2024 20:04:42 GMT
polyfill.min.js
polyfill.io/v3/ 		104 B
651 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?features=default%2CArray.prototype.includes%2CPromise
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.184.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Origin
https://www.icandyworld.com
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cdn-server
Global
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5021
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 26 Jun 2024 18:29:53 GMT
server
cloudflare
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bTiNvx0bJJO%2Bt%2FShgQ0AduedhywFX6YMRgJi7qxmJmUtiT%2BApa%2FrFodkm6pWmRIlV6saXaliaEERwnV7lyFB4zaPSQ1R1dq10T18N9hPnZdLhTOVqd0PnFICjIvTtA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=3600
cf-ray
899fbe851b3b94a0-LHR
33065.js
www.dwin1.com/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dwin1.com/33065.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:600:f:8ce2:fb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bc96e5797f55bc2b5b08948855c1f675dbafa9932653e15c142a1485ae9fb6e3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
KN2phi5v2MeWQCGJkXlSw6_v0lpihHqd
content-encoding
gzip
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
date
Wed, 26 Jun 2024 19:53:34 GMT
x-amz-cf-pop
FRA53-C1
age
576
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 12 Jun 2024 08:39:28 GMT
server
AmazonS3
etag
W/"51927e8c40690307eb3c158b80d32f14"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600, s-maxage=600
x-amz-cf-id
tJ9fn5pTMI6y7eY_jUVTTlWF1hReutEOSXtvjj8xOvEfO2Nt8Jm5qA==
0fde08cc80eaf319f309330cda3eff73.min.css
www.icandyworld.com/static/version1718876641/_cache/merged/ 		248 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/_cache/merged/0fde08cc80eaf319f309330cda3eff73.min.css
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
5cb5cbf29fef11b91e3aa6bbf0e72a3c2cae2c46934854f2cec52776971d9c95
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fbc8-3df76"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
41576
expires
Fri, 26 Jul 2024 15:29:21 GMT
styles-l.min.css
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/css/ 		167 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/css/styles-l.min.css
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
067a840158ea59ff112ee2b8a3a59a67b3d5fbacc526e8db4e0c7867b11987fb
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa0a-29b78"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
29426
expires
Fri, 26 Jul 2024 15:29:21 GMT
gtm.js
www.googletagmanager.com/ 		346 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5562HZ
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
872113048282495cf16b00a835fa119341cf4c1eec0537b3d094a42400612d97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112863
x-xss-protection
0
last-modified
Wed, 26 Jun 2024 19:12:32 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 26 Jun 2024 19:53:34 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
events
www.icandyworld.com/datalayer/index/ 		13 B
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/datalayer/index/events?
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Anowave_Ec/js/ec.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
24de1c4a19c43ad41b013f13dcd858c17b0daa7f33a53f19913e5b11366d1c2e
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.icandyworld.com/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json
content-security-policy-report-only
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.twitter.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
cache-control
no-store, no-cache, must-revalidate, max-age=0
accept-ranges
bytes
content-length
33
x-xss-protection
1; mode=block
expires
-1
/
www.icandyworld.com/awin/ Frame 5C5A 		0
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/awin/?awc=&source=
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://www.icandyworld.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-length
20
content-security-policy-report-only
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.twitter.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
content-type
text/html; charset=UTF-8
date
Wed, 26 Jun 2024 19:53:34 GMT
expires
-1
pragma
no-cache
strict-transport-security
max-age=0
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
shared.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/bundles/ 		717 KB
192 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/bundles/shared.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
3733b318201a648c6718829f3e668728e2de9ac13abf2192ba323264f9194ec7
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa39-b32ad"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
196155
expires
Fri, 26 Jul 2024 15:29:21 GMT
instantsearch.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/ 		33 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/instantsearch.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
b351454f3d8511331c0465ed16abef4689dc0989430805b0637f75254274f673
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa0c-85fa"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
5895
expires
Fri, 26 Jul 2024 15:29:21 GMT
insights.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/ 		11 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/insights.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
4175db246aad8814e7089a5f0924c11b73e26ee5c2e2672e995a5fc84b1bc27f
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa0c-2b71"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
2074
expires
Fri, 26 Jul 2024 15:29:21 GMT
mute-migrate.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/js/ 		94 B
381 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/js/mute-migrate.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
9197c58197441035e92dff7ca0ed7c707e5b871957275b15d9ecc9aeb8353fa8
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:21 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:21 GMT
etag
W/"6673fa0d-5e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
74
expires
Fri, 26 Jul 2024 15:29:21 GMT
/
www.icandyworld.com/store-switcher/popup/init/ 		21 B
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/store-switcher/popup/init/?time=1719431614229
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_StoreSwitcher/js/store-modal.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
63c24d0f1f2bd1fd149b160de0ec09a1ed6354f0f95acf8534379e864203089c
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json
content-security-policy-report-only
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.twitter.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
cache-control
no-store, no-cache, must-revalidate, max-age=0
accept-ranges
bytes
content-length
39
x-xss-protection
1; mode=block
expires
-1
hotjar-424350.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-424350.js?sv=6
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-51.fra56.r.cloudfront.net
Software
/
Resource Hash
0ada097176c78f1ad5a21b8fb2fd001fbd4262e8688d412b1bec09294e74a801
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/45fc45289eacd3aaa0080aa2f3fd4766
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
yRjAX6IKFoz8-ikqseVJAyk1JfyfsvCBdDSdnWkaQYtW8ButOa1egQ==
events.js
analytics.tiktok.com/i18n/pixel/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CLB2TN3C77U0K4UVJ690&lib=ttq
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5cb1732a10ce257d9c48435659b69fe68dd819579d42517d04cc0fae0b842741

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
1475aa6d
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240626195334CBBB14BF9B15C908429A-0D1D631763AADC63-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=1, cdn-cache; desc=MISS, edge; dur=1, origin; dur=108
content-length
1544
pragma
no-cache
server
nginx
x-tt-logid
20240626195334CBBB14BF9B15C908429A
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
109,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0ef24115987956ad05d3c272cc91704e73dc0a3a2c01c6df0cafc9d5115b30e935487e8d90325422d8b334bc74390d5ac2b8b666b447f72e7fb6a1702ef3b7ef0e6
expires
Wed, 26 Jun 2024 19:53:34 GMT
fbevents.js
connect.facebook.net/en_US/ 		219 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fb759f336d8732288a8fbe36d47a4130c59c175cddd1f4c516a29c377458dee1
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 26 Jun 2024 19:53:34 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58025
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=70, rtx=0, c=12, mss=1297, tbw=2787, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
Pu08ydeerLHUK+tveBaO11EvCLaQxXg/lcrF0YpYx2w/PLQ+CdWKIrxa1ElesuJ+X6Xd6ctesHxMcKl1XRWIxA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
tp.widget.bootstrap.min.js
widget.trustpilot.com/bootstrap/v5/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-60.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
02e5bf47b2473c1da7a39a25b14f0f5d9857142842d33def047e492f9f610cb9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 01:37:57 GMT
content-encoding
gzip
via
1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P4
age
65738
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
6759
x-xss-protection
1; mode=block
last-modified
Thu, 26 Oct 2023 12:27:20 GMT
server
AmazonS3
etag
"15864ce88fa79a3e954417d0c3396798"
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
bdZEvF3HMMq69Y6rfrZWbHcctg1eLZMjoWrP4Z_wD_1OEMmR6wZ2yw==
tp.min.js
invitejs.trustpilot.com/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invitejs.trustpilot.com/tp.min.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.26.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-26-55.fra56.r.cloudfront.net
Software
/
Resource Hash
3124f1637fba4270fffb020d9cd30558a8bf4890800357506f1a3596eccb0488

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 04:28:52 GMT
content-encoding
gzip
via
1.1 26f61e70ac4b967ea82841cbd2dc7cf0.cloudfront.net (CloudFront)
last-modified
Thu, 21 Mar 2024 14:45:34 GMT
x-amz-cf-pop
FRA56-P7
age
55482
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=86400
x-amz-cf-id
xsvqUzESF9Xwa0n2t81V-av-p3e_gUlUmS1gCj-b64wuxFs7AOofAw==
loader-1.svg
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/images/ 		639 B
656 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/images/loader-1.svg
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/_cache/merged/0fde08cc80eaf319f309330cda3eff73.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
17de128a2efb8bdccfa188617f96220c75487fc6d6b9a8942209a72c50c66457
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/static/version1718876641/_cache/merged/0fde08cc80eaf319f309330cda3eff73.min.css
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Thu, 20 Jun 2024 09:44:42 GMT
etag
W/"6673fa0a-27f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
358
expires
Fri, 26 Jul 2024 19:53:34 GMT
truncated
/ 		199 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bcb97849ddf5c8f36c9a3bac2f72b13a7a7c1a85fccf1f9dca814cd87c68741f

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
algoliaBundle.min.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/internals/ 		518 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/internals/algoliaBundle.min.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
d471de46201a3262c595e5347ca58c42c31984c5698cbb9fbf929dacf0d921a1
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:22 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:22 GMT
etag
W/"6673fa0c-817ef"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
121982
expires
Fri, 26 Jul 2024 15:29:22 GMT
catalog-product-view.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/bundles/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/bundles/catalog-product-view.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
3035b4494ab38d11c0a231a4ee349db1eb2882e86f747c068d6a26e3c5691629
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:22 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:22 GMT
etag
W/"6673fa34-86be"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
10323
expires
Fri, 26 Jul 2024 15:29:22 GMT
common.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/internals/ 		29 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/internals/common.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
3f1655ddee2ed141d4fa587756e5e3ec3c1dc8f44951add94fc1ca00241d8f8c
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:22 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:22 GMT
etag
W/"6673fa0c-7521"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
6802
expires
Fri, 26 Jul 2024 15:29:22 GMT
hooks.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/ 		217 B
451 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/hooks.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
59c8fb22ddd56c719cb79171502b54556f6db1e81ef4e3954d0c7a7d3cdb24cc
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:22 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:22 GMT
etag
W/"6673fa0c-d9"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
143
expires
Fri, 26 Jul 2024 15:29:22 GMT
search-insights.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/internals/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Algolia_AlgoliaSearch/internals/search-insights.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
2b175a5076076c182fef3d3aecee76f9a8c0c048b87aa79e494160ecf0157206
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:22 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:22 GMT
etag
W/"6673fa0c-2133"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
2678
expires
Fri, 26 Jul 2024 15:29:22 GMT
HP-PushchairSlider-Peach7.jpg
agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//peach/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//peach/HP-PushchairSlider-Peach7.jpg?func=crop&width=546&height=729
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Scaleflex HTTP Loadbalancer /
Resource Hash
b7f56545b10baf0b509884678125dbf3aa6d8e47c7635bffa543b5fd7b728455
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date
Wed, 26 Jun 2024 19:53:34 GMT
x-hexa-masterrefresh
x-hexa-originusedcode
200
x-origin-visibility
OV_NORMAL_FILE
content-length
19116
x-xss-protection
1
x-hexa-initwait
probably_cached, first_req 52322301s ago, no_wait
x-debug-original-url
/v7/www.icandyworld.com/media//peach/HP-PushchairSlider-Peach7.jpg?func=crop&width=546&height=729
server
Scaleflex HTTP Loadbalancer
x-cloudimg-traceid
C080_240625060441_9db59_F0ek#600z
etag
"3548553794"
x-resource-status
cached_resized
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2455854, s-maxage=31536000
x-hexa-flowtrace
AnRo<200:JPG>Rr<ok1>M[0]R
timing-allow-origin
*
akamai-request-bc
[a=23.206.213.86,b=3821975399,c=g,n=DE_HE_FRANKFURT,o=20940]
Orange-4-black-profile.jpg
agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media// 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//Orange-4-black-profile.jpg?func=crop&width=546&height=729
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Scaleflex HTTP Loadbalancer /
Resource Hash
1a3904719a3fcd03ea299a7761118f92762212285697c893f75d92d033eb43a0
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date
Wed, 26 Jun 2024 19:53:34 GMT
x-hexa-masterrefresh
x-hexa-originusedcode
200
x-origin-visibility
OV_NORMAL_FILE
content-length
17674
x-xss-protection
1
x-hexa-initwait
probably_cached, first_req 10120147s ago, no_wait
x-debug-original-url
/v7/www.icandyworld.com/media//Orange-4-black-profile.jpg?func=crop&width=546&height=729
server
Scaleflex HTTP Loadbalancer
x-cloudimg-traceid
C081_240625145429_6f626_w51W#350y
etag
"2386953566"
x-resource-status
cached_resized
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2487649, s-maxage=31536000
x-hexa-flowtrace
AnRo<200:JPG>Rr<ok1>M[0]R
timing-allow-origin
*
akamai-request-bc
[a=23.206.213.86,b=3821975400,c=g,n=DE_HE_FRANKFURT,o=20940]
HP-PushchairSlider-Core_1.jpg
agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//Core/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//Core/HP-PushchairSlider-Core_1.jpg?func=crop&width=546&height=729
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Scaleflex HTTP Loadbalancer /
Resource Hash
a71d87fc04f9f1da7702389aca7100337f73e5592e0e45b061de5fa2a7693437
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date
Wed, 26 Jun 2024 19:53:34 GMT
x-hexa-masterrefresh
x-hexa-originusedcode
200
x-origin-visibility
OV_NORMAL_FILE
content-length
21066
x-xss-protection
1
x-hexa-initwait
probably_cached, first_req 32756735s ago, no_wait
x-debug-original-url
/v7/www.icandyworld.com/media//Core/HP-PushchairSlider-Core_1.jpg?func=crop&width=546&height=729
server
Scaleflex HTTP Loadbalancer
x-cloudimg-traceid
C082_240620183717_1c508_DFTc#350y
etag
"521473165"
x-resource-status
cached_resized
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=2068975, s-maxage=31536000
x-hexa-flowtrace
AnRo<200:JPG>Rr<ok1>M[0]R
timing-allow-origin
*
akamai-request-bc
[a=23.206.213.86,b=3821975402,c=g,n=DE_HE_FRANKFURT,o=20940]
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame AC9C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:8a0::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://www.icandyworld.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
gzip
content-length
392
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 26 Jun 2024 19:53:34 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Thu, 26 Jun 2025 19:53:34 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1719431614562_34603335_175245683_19_683_69_421_255";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
consent-sdk-2.2.js
consent.cookiebot.com/Framework/IAB/ 		275 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/Framework/IAB/consent-sdk-2.2.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
aeaeab014462d2f82ac03c3ea32b709ffde068de53ed3fb755efa6b98b2a47f6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
last-modified
Tue, 18 Jun 2024 07:02:36 GMT
etag
"d6c03d804dc1da1:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=130
accept-ranges
bytes
content-length
87946
expires
Wed, 26 Jun 2024 19:55:44 GMT
cc.js
consent.cookiebot.com/84690ddd-0659-4241-b7b4-d1ba4f2aee4f/ 		1014 KB
244 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/84690ddd-0659-4241-b7b4-d1ba4f2aee4f/cc.js?renew=false&referer=www.icandyworld.com&dnt=false&init=false&framework=TCFv2.2
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8946e70288a4c0c87ef1a916945058df6d775caeacd8f1264d7a998913314697

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
last-modified
Wed, 26 Jun 2024 19:53:34 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1200
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
955127aa
settings.luckyorange.com/ 		149 B
240 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://settings.luckyorange.com/955127aa
Requested by
Host: tools.luckyorange.com
URL: https://tools.luckyorange.com/core/lo.js?site-id=955127aa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.203.234 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
234.203.107.34.bc.googleusercontent.com
Software
/
Resource Hash
9e7d077bc4ed2b07c9d582064be1e9801b9eb967ea7582597a4f8ca8e08a3cbe

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
x-lucky-uid
undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-lucky-referrer
Referer
https://www.icandyworld.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
via
1.1 google
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.icandyworld.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
149
955127aa
settings.luckyorange.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://settings.luckyorange.com/955127aa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.203.234 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
234.203.107.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-lucky-referrer,x-lucky-uid
Access-Control-Request-Method
GET
Origin
https://www.icandyworld.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Origin,Authorization,Content-Type,X-Lucky-Uid,X-Lucky-Site-Id,X-Lucky-Impersonate,X-Lucky-Session-Id,X-Lucky-Referrer
access-control-allow-methods
POST,GET,PUT,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://www.icandyworld.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 26 Jun 2024 19:53:34 GMT
via
1.1 google
modules.de6b9e294c29aa146ba1.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.de6b9e294c29aa146ba1.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-424350.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-19.fra56.r.cloudfront.net
Software
/
Resource Hash
743c4b93ab02f0ece15aa8bdb1f7b5d57e1753fe5ef6d320612ee0888e1196c6
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 10:29:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
206667
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56329
last-modified
Mon, 24 Jun 2024 10:28:38 GMT
etag
"008a76cf1200a93494425164a6546e72"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
kR6EcOf08abNhSPk3c5YPsgp2gE61T4m5MFlRT-JVjSuQ373-PsAVQ==
index.html
widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/ Frame 5CD5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=5cbcc7f9001a030001a81e00
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-60.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://www.icandyworld.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
38727
cache-control
max-age=86400
content-encoding
gzip
content-length
1923
content-type
text/html
date
Wed, 26 Jun 2024 09:08:09 GMT
etag
"d205a76a074ffa37fef1a95e9205fbb0"
last-modified
Mon, 24 Jun 2024 09:02:05 GMT
server
AmazonS3
strict-transport-security
max-age=31536000
via
1.1 c9499008aa7e1acd11e9fbc171281d82.cloudfront.net (CloudFront)
x-amz-cf-id
Q3HvGw45458azhkj0ClYF22MyA7arh3Jr69SERa1JA6dVkrVxDAGTQ==
x-amz-cf-pop
FRA56-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
main.MTU0NDc1MDUxNA.js
analytics.tiktok.com/i18n/pixel/static/ 		347 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CLB2TN3C77U0K4UVJ690&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
dcc03e67388fc47df733e0933ecb66bce3915b494a7ab920776ebbbfbebde84a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
1475aed3
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
2024062015135614485B612EFA74875E96
x-tt-trace-id
00-24062015135614485B612EFA74875E96-56BCDF723D6487A1-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01f4a1793dfa6752a2b769500f9f8e7e2037c30ebd455d085799ec3e74b013a8048727f403890091143610e00ae91b30b6b00c282c7b5df2c34638beb23db2a60408d65a0183cce4f1588da0e5fe2d442e3dab2e8b68c85229873e395cb9a0d040
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=15
content-length
101091
js
www.googletagmanager.com/gtag/ 		325 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2FPWBQFNX4&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5562HZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3fb3e33be63958cb8774620945a6fbb05c45d024421565b5e69249d1ca81032b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109550
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 26 Jun 2024 19:53:34 GMT
uc.js
consent.cookiebot.com/ 		109 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/uc.js?cbid=84690ddd-0659-4241-b7b4-d1ba4f2aee4f&implementation=gtm&consentmode-dataredaction=dynamic
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5562HZ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7dda4b29507887a80d74c81a30e6ff5241e414a7381cc0a4f6eef32595ebadf3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
last-modified
Tue, 18 Jun 2024 07:02:36 GMT
etag
"0eb47f4dc1da1:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=668
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
24996
expires
Wed, 26 Jun 2024 20:04:42 GMT
dtag.js
cdn.attn.tv/icandy/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/icandy/dtag.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5562HZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:1600:1c:9484:cec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
79126f05e28737bf913135cf7b5185c93c12b9ee818c8c60916367aa29e8d6e8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
mtHqxHVED5ikqg7TSGxaTWqoaSef378X
content-encoding
gzip
via
1.1 eb1a8c1b1275e33a016e623478052110.cloudfront.net (CloudFront)
date
Wed, 26 Jun 2024 19:53:36 GMT
last-modified
Mon, 17 Jun 2024 09:04:13 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
etag
W/"8b30ea1f83e5b2b25bfd84c778b9b929"
vary
Accept-Encoding, Origin
x-cache
RefreshHit from cloudfront
content-type
text/javascript
cache-control
public, max-age=120
x-amz-replication-status
COMPLETED
x-amz-cf-id
Aqg8hDRu65FhdwC2hJ71S1-Qa460QD4SYcu4GxVFWvhcqJAWwfNlzw==
destination
www.googletagmanager.com/gtag/ 		242 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-0&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5562HZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ce1f3b164255ce3015655133d7def8cecf3d06186f3e25e72f247d21fbc6161f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
87851
x-xss-protection
0
last-modified
Wed, 26 Jun 2024 19:12:32 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 26 Jun 2024 19:53:34 GMT
1868045399979214
connect.facebook.net/signals/config/ 		60 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1868045399979214?v=2.9.159&r=stable&domain=www.icandyworld.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7ff394069bd7863181060c8a6fda7b448f6ea3f8fa1dcac3636342f457dfda8a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 26 Jun 2024 19:53:34 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=75, rtx=0, c=61, mss=1297, tbw=63544, tp=-1, tpl=-1, uplat=79, ullat=1
pragma
public
x-fb-debug
DvIXFFV0uKL2q80tEUR7Wqhx+py/WOgif0yUE6QE2t6LBLH3FooybR6xyBwpR0bwRNwYQbNx9S47EcPcyLdKBw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
03883bb2-f5a7-4941-ad0a-b9a1398b93ed
apilb.gotolstoy.com/actions/accounts/ 		143 B
307 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apilb.gotolstoy.com/actions/accounts/03883bb2-f5a7-4941-ad0a-b9a1398b93ed?timestamp=1719431614643&url=https%3A%2F%2Fwww.icandyworld.com%2F&sessionCount=0&lastSeenAt=2024-06-26T19%3A53%3A34.643Z&firstSeenAt=null&tolstoySeenCounter=%7B%7D&isMobile=false&domain=www.icandyworld.com&appUrl=undefined
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.24.234.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-24-234-123.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
967c0c78eea5f5334dbb6b8c01753c51e7992cc0a77ee15dc807678d140c9f8b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:35 GMT
content-encoding
gzip
server
awselb/2.0
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
Content-Type
content-length
139
lantern_global_33065.min.js
lantern.roeyecdn.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lantern.roeyecdn.com/lantern_global_33065.min.js
Requested by
Host: www.dwin1.com
URL: https://www.dwin1.com/33065.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:0:1f:af3f:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
89e376227526c1dca26bcf7bdce37cca101266c89a8c2c01cb8af490c66853a6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
F7ahbQmW3RL6oalsM7vI5ITidWPZO5gu
date
Wed, 26 Jun 2024 08:35:30 GMT
via
1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
last-modified
Mon, 30 Oct 2023 14:31:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
age
42300
etag
"253ca8ec698b3645fe745d1597b1f568"
x-cache
Hit from cloudfront
content-type
application/octet-stream
content-length
1815
x-amz-cf-id
ydXNs0qDuVsxIRM0Vc7EVMwwiCjyjjzUxkQdzXRuIp2260e20zFakQ==
image-switcher.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_ContentManagement/js/ 		452 B
511 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_ContentManagement/js/image-switcher.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
cf66f06b92bbd5f692d231d5457bb023d45f36f06e60b40f4444375d6e4dad30
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:22 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:22 GMT
etag
W/"6673fae6-1c4"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
202
expires
Fri, 26 Jul 2024 15:29:22 GMT
background-media.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_ContentManagement/js/ 		1 KB
775 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_ContentManagement/js/background-media.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
b56a789c70e85e65132f55ff43a08a276cf61c155f2fbafdf58b3a4e7b8fcf12
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:22 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:22 GMT
etag
W/"6673fae6-4aa"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
466
expires
Fri, 26 Jul 2024 15:29:22 GMT
redirect.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_StoreSwitcher/js/ 		246 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Icandy_StoreSwitcher/js/redirect.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
06c8e2b61f65c226c99f010e3b0701377ed056710a9aba0029d08468f169d209
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:22 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:22 GMT
etag
W/"6673fad2-f6"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
148
expires
Fri, 26 Jul 2024 15:29:22 GMT
block-loader.html
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_Ui/templates/ 		332 B
460 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_Ui/templates/block-loader.html
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/bundles/shared.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
7b96c8d87924a3e1faea005d7d169573e7ac670823376e02f6d41f19f5f638e9
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:33 GMT
content-encoding
gzip
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 19:53:33 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
content-length
246
bff1f4731dc1fdaf.js
cdn.ometria.com/tags/ 		39 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ometria.com/tags/bff1f4731dc1fdaf.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
0e8453696e1dad18a789837603e56e012f98a58ac78578fa2173dda9ba396881

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-77-pop
frankfurtDE
date
Wed, 26 Jun 2024 19:53:34 GMT
x-amz-version-id
TGCuOnkPAV8ITmBmLVsFC.kp8vlyUyR4
content-encoding
gzip
x-amz-request-id
EXFNM1TA28VMV71H
x-accel-date-max
1718743297
x-amz-server-side-encryption
AES256
x-77-cache
HIT
x-cache
REVALIDATED
x-age
5525
x-accel-date
1719426089
alt-svc
h3=":443"; ma=86400
x-amz-id-2
76P7m4Z+oenwoOBIp4y2tWZnuG9Rjm+WMm5QjJwyZRm25/xqK7nPkax7FBwgrpWgC1FhcbzMH44=
x-77-nzt
EgwB1GY4sQGWlRUAAAwBJRPCNAH3iwMAAA
x-accel-expires
@1719431985
x-77-age
5525
last-modified
Tue, 11 Oct 2022 15:59:35 GMT
server
CDN77-Turbo
etag
W/"c425f6b09b9650d81d379a2c2ab1b1c6"
x-77-nzt-ray
1cb09c0e8c4faebbbe717c6655663734
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=86400, s-maxage=3600
messages-mixin.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/StripeIntegration_Payments/js/mixins/ 		512 B
524 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/StripeIntegration_Payments/js/mixins/messages-mixin.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
bb4758d377b1af1e2e5da49748f7c48728d62dbdaa86e5e2b7293e87df16afe8
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:23 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:23 GMT
etag
W/"6673fa0d-200"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
215
expires
Fri, 26 Jul 2024 15:29:23 GMT
authentication-popup.html
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_Customer/template/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_Customer/template/authentication-popup.html
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/bundles/shared.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
7f4956b0be7b669741c27c05982c13cc40600b856746459f7efd8ba308537c0b
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:33 GMT
content-encoding
gzip
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 19:53:33 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
content-length
1087
reCaptcha.html
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_ReCaptchaFrontendUi/template/ 		560 B
568 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_ReCaptchaFrontendUi/template/reCaptcha.html
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/bundles/shared.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
e753f8d0bf9fcf0a7db44a8b0c324d3691bf223821e338cbcdf5762c7c132b16
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 19:53:34 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
content-length
354
identify_ce1d8843.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_ce1d8843.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
1475b5a4
date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202405211400000ED8D85B2593863F7B9E
x-tt-trace-id
00-2405211400000ED8D85B2593863F7B9E-35627ECC8BDAE6EF-00
vary
Accept-Encoding
x-cache
TCP_HIT from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01ccb90ac94d192b5fd8226e8c369cf711cbfad6a36cc8e381f86823362faef40f607e18da6e4ce45d44370858b669c20272bc0056b26167dd6df11c1445703d34004aa9514ce24005f7f776df0d572f250216272e426f770c6f3e089057cae5ed
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
content-length
39883
monitor
analytics.tiktok.com/api/v2/ 		0
700 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475b605
date
Wed, 26 Jun 2024 19:53:34 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24062619533435E9567324253E711AA6-19AC321E65370489-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=12, cdn-cache; desc=MISS, edge; dur=4, origin; dur=118
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024062619533435E9567324253E711AA6
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
118,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0efa9d5720b9dff0fede08b1c5442e7d43725306c42ac642005357b8b1607ba945a52bb36d83102eef732678af50727edb717984c06b4fc02e9cfdd2c4700f8a1f3
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:34 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
704 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475b607
date
Wed, 26 Jun 2024 19:53:34 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2406261953347B09ED8EFC36BA0F5D0C-48AADF8378EAA7E5-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=12, cdn-cache; desc=MISS, edge; dur=10, origin; dur=118
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202406261953347B09ED8EFC36BA0F5D0C
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
119,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0ef5f61b49c847ce691bd0135b5cc2dd79ebfd270dab353e19f4327d91a6c705780df51068f1b3c928ab653bce846b0002722b5d3372362003ac0f3c94818ffb857
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:34 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
704 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475b616
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240626195334D13563397298FF08908A-4A1B9FCD6AB68B5B-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=11, cdn-cache; desc=MISS, edge; dur=54, origin; dur=117
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240626195334D13563397298FF08908A
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
117,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0eff3ce5b8e21e78c6fd26bd5b692a6348857a51d43ab8489e9c8cb656fbf0364a234af1c9e4d98d7ecc4c8ed4f7ad597da83747fb9b736fdaf975b6cf49608cbfe
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
705 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475b617
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24062619533494FBC32C7868BE16FB90-140D3F701EC4D8DD-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=13, cdn-cache; desc=MISS, edge; dur=53, origin; dur=119
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024062619533494FBC32C7868BE16FB90
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
119,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0ef6ad389231cd947392976d22adcf5a0a3404acf3c21901ff8d443d08631325a6e739f5e0f6f38b19467500c482b4d41b20f2bcb4b7bbcdbf7bf2fe0cc39693042
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
847 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
8bf358af.1475b618
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240626195334E215F28F36B81D6BCEC4-1A5FB2E951CF2587-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
142,23.51.23.76
server-timing
cdn-cache; desc=MISS, edge; dur=158, origin; dur=39, inner; dur=33
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240626195334E215F28F36B81D6BCEC4
x-cache-remote
TCP_MISS from a23-220-105-155.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
39,23.220.105.155
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc51ce55ca7d61d010793ed701aa93be48218e32dafa27b7d1d599a75647c1ca50659a165769da489ae578223827131f0e69c3777d6cc0f8012853d8dbe777dfdfec3991c4f7be809870c9c63bcb23309371088b3949b47ecc8b07062d396144a5
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
703 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475b619
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240626195334C5553D5536F0AB6EF847-3082A9587014549D-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=11, cdn-cache; desc=MISS, edge; dur=60, origin; dur=118
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240626195334C5553D5536F0AB6EF847
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
119,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0ef24115987956ad05d3c272cc91704e73d4318d153f85690ed5748755459927428407f1d21ae4cbfc5ac62beb713d7a9695977388b581398a0261c2e0089d30cf5
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
703 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475b61a
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2406261953348A3C53BFC77A6D6ED7A9-61CCA39463D44359-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=14, cdn-cache; desc=MISS, edge; dur=61, origin; dur=121
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202406261953348A3C53BFC77A6D6ED7A9
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
121,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0efa2e5380d6f424d8bdec3c76165d6978707a10167c4b4794f317bf5174eaaed082c45b631df2e250ca6e320dd7f8deb0704112eb5556ba79feb26a9e7b4f9e1be
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475b77a
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240626195334243EED3D939172099D8D-2F54345031F5A886-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=33, cdn-cache; desc=MISS, edge; dur=5, origin; dur=150
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240626195334243EED3D939172099D8D
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
151,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0efcb60dd6a879b6e2db6865e84a1d8e6a7ce45341d42fd2dfeb2ee57d2afb9bf84ae931b9d02b9fdb76c854712fc84eda7d29f3946d75fc805eb005e26b697e7a8
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
1002142613207627
connect.facebook.net/signals/config/ 		21 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1002142613207627?v=2.9.159&r=stable&domain=www.icandyworld.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106%2C186%2C185%2C187%2C192%2C193%2C194%2C190%2C182%2C123%2C152%2C181%2C183%2C114%2C146%2C136%2C140%2C176%2C120%2C218%2C107%2C119%2C219%2C154%2C111%2C134%2C127%2C115
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
362289c13b4c4c8997eb58ce495d84d842c6826c11a402ce28a818e7456e5794
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 26 Jun 2024 19:53:34 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=69, rtx=0, c=72, mss=1297, tbw=76467, tp=-1, tpl=-1, uplat=44, ullat=1
pragma
public
x-fb-debug
0SK2TIbevDxB97j+3RLnv5LI5CLJq6OiFLl5bVW1+fG5WkzhWYr0NdydcN66ptfGDztgELd0iegyVJj+5iDadg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
track.php
lantern.roeye.com/ 		0
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lantern.roeye.com/track.php?fingerprint=8319dbf7-1797-4bfe-9e32-5ee3e2566dd9&referrer=&landingpage=https%3A%2F%2Fwww.icandyworld.com%2F&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&site=33065
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.242.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-242-9.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:35 GMT
server
nginx
content-length
0
content-type
image/gif
froogaloop.js
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/js/lib/ 		2 KB
949 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/js/lib/froogaloop.js
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/requirejs/require.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
be8b51ffb37d864a2ba662d9de815277a243daac644b4f911cb648908c356a70
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 15:29:23 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 15:29:23 GMT
etag
W/"6673fa0d-605"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
640
expires
Fri, 26 Jul 2024 15:29:23 GMT
captcha.html
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_Captcha/template/checkout/ 		2 KB
886 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_Captcha/template/checkout/captcha.html
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
142b5cf5159444b30b43bf78daccafead19a4c8dd4481c5c96a7d6c46b1013c8
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:34 GMT
content-encoding
gzip
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 19:53:34 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
content-length
672
monitor
analytics.tiktok.com/api/v2/ 		0
704 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475b9da
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240626195335BBF2EAEAB1433C08DABC-53689A55149D52B2-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=208, cdn-cache; desc=MISS, edge; dur=3, origin; dur=315
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240626195335BBF2EAEAB1433C08DABC
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
315,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0efa65c40ea992deba36d0f1207d4f5be24b9cb5e73877d674995b1ce0aa2c0eed48989a954d6e5db79b4e390c61c377e76509f3ad3b7630b97e44a4539bc0753c5
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
/
www.facebook.com/tr/ 		0
32 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1868045399979214&ev=PageView&dl=https%3A%2F%2Fwww.icandyworld.com%2F&rl=&if=false&ts=1719431614978&sw=1600&sh=1200&v=2.9.159&r=stable&ec=0&o=4126&fbp=fb.1.1719431614977.700860331806147795&ler=empty&cdl=API_unavailable&it=1719431614625&coo=false&rqm=GET
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=68, rtx=0, c=10, mss=1297, tbw=2818, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 26 Jun 2024 19:53:35 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1868045399979214&ev=PageView&dl=https%3A%2F%2Fwww.icandyworld.com%2F&rl=&if=false&ts=1719431614978&sw=1600&sh=1200&v=2.9.159&r=stable&ec=0&o=4126&fbp=fb.1.1719431614977.700860331806147795&ler=empty&cdl=API_unavailable&it=1719431614625&coo=false&rqm=FGET
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xe3f5557f83a456f9","source_keys":["1","2"]},{"key_piece":"0xe6eab2585df7a3ce","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Wed, 26 Jun 2024 19:53:35 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7384902555358609611", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=67, rtx=0, c=10, mss=1297, tbw=3164, tp=-1, tpl=-1, uplat=156, ullat=0
pragma
no-cache
x-fb-debug
2JsPEA9IVMS9k7czX8k9nAAbLCoQ5rkixEUwp25B2TmNXoB9RLj+x7sZQs+AM/7/9Zt92WZo3hXC7gg9g8q9kQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7384902555358609611"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
270 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1002142613207627&ev=PageView&dl=https%3A%2F%2Fwww.icandyworld.com%2F&rl=&if=false&ts=1719431614980&sw=1600&sh=1200&v=2.9.159&r=stable&ec=0&o=4126&fbp=fb.1.1719431614977.700860331806147795&ler=empty&cdl=API_unavailable&it=1719431614625&coo=false&rqm=GET
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=68, rtx=0, c=10, mss=1297, tbw=2818, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 26 Jun 2024 19:53:35 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1002142613207627&ev=PageView&dl=https%3A%2F%2Fwww.icandyworld.com%2F&rl=&if=false&ts=1719431614980&sw=1600&sh=1200&v=2.9.159&r=stable&ec=0&o=4126&fbp=fb.1.1719431614977.700860331806147795&ler=empty&cdl=API_unavailable&it=1719431614625&coo=false&rqm=FGET
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x444458a286ba2bd3","source_keys":["1","2"]},{"key_piece":"0x61331f0e7cfe3767","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Wed, 26 Jun 2024 19:53:35 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7384902556174167385", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=67, rtx=0, c=10, mss=1297, tbw=6359, tp=-1, tpl=-1, uplat=159, ullat=0
pragma
no-cache
x-fb-debug
a2OvqlFb6KVp/1xfdqya0dKikTzPtzJDCjOd0/t0deknjQyjdhEQa3Ifkq3htOVrJgq6xEHnDTWbsDWUwDOWZA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7384902556174167385"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
data.json
cdn.ometria.com/overlays/bff1f4731dc1fdaf/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.ometria.com/overlays/bff1f4731dc1fdaf/data.json
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
bd2c199cdf883fcbf18150fe237c524ccdb9b37496997f78303121e0eb5a97ca

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-77-pop
frankfurtDE
date
Wed, 26 Jun 2024 19:53:35 GMT
x-amz-version-id
gVz0RgVEncFNMzjWMPhrdNM5F7hEM7PY
content-encoding
gzip
x-amz-request-id
73G1GVEBQ58S0SW2
x-accel-date-max
1717657888
x-amz-server-side-encryption
AES256
x-77-cache
HIT
x-cache
REVALIDATED
x-age
3613
x-accel-date
1719428002
alt-svc
h3=":443"; ma=86400
x-amz-id-2
XFVaBvUoNXJ0gJkbxPhooqu86SQwbwUhBNEbPq6UtZRUw9cbi56x+23s/BQDCcatkZ/OQWUnlGE=
x-77-nzt
EgwB1GY4sQGWHQ4AAAwBJRPCNAH3DAAAAA
x-accel-expires
@1719431860
x-77-age
3613
last-modified
Thu, 09 Feb 2023 17:16:47 GMT
server
CDN77-Turbo
etag
W/"f7c0b19136af0046883dcb3a44d23e39"
x-77-nzt-ray
1cb09c0ede5ec8debf717c66136f701e
access-control-max-age
0
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
access-control-allow-origin
*
content-type
application/json
cache-control
max-age=300, s-maxage=300
event.gif
trk.ometria.com/track/v3/bff1f4731dc1fdaf/ 		43 B
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trk.ometria.com/track/v3/bff1f4731dc1fdaf/event.gif?data=y29Ypvz5Dfq3CgDnnMX2rwTemfqMy2LKpuriCuHys1bsAtDYmxbymM4My25LDZ0XjMr0B3vJAd0WjMrZAxPLpte2mdb4mtiWmczLBMm9vvrgltGMC25LDZ0XjNrSyxn0pte3mtK0mZe2mtqMC2LKpwjMzMrHzJeYn0nxsueWDhmZm2j6oszUC2vZpteMB3n0CZ0XnZe5ndmXnJe0jMvJyw1Wpsz0AwrZpsz1CMW9Ahr0ChmLm0eLmKyLmKz3D3CUAwnHBMr5D29YBgqUy29TjtjgjNnPDgu9mYzUChy9mszKjtvcCNvYBcu1rd0Mzcu1qNr5CguLnuq9Ag9TzxbHz2uMDhLWzt1WywDLDMLLDYzJAgfUBMvSpxn5C3rLBq%3D%3D&rnd=RqCrue&enc=UTF-8
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.34.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-34-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 26 Jun 2024 19:53:35 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
messages.html
www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_Ui/template/ 		2 KB
793 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/Magento_Ui/template/messages.html
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
226b70e920a7f3dafd21200158520b7373fb97d3552fe40266dd17cefc191f34
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:35 GMT
content-encoding
gzip
strict-transport-security
max-age=0
last-modified
Wed, 26 Jun 2024 19:53:35 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
accept-ranges
bytes
content-length
579
monitor
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475bce9
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2406261953358DDB7C507FF14E6C3258-534C46AC2D22770A-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=11, cdn-cache; desc=MISS, edge; dur=6, origin; dur=125
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202406261953358DDB7C507FF14E6C3258
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
125,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0ef24115987956ad05d3c272cc91704e73d5fd0c38448f3f9fbcb2627151e4b1e5abe53f4f8d56f51eb32362219ba9fce3b039ef8e2890e659f461ef4220c06c985
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-12.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1475bceb
date
Wed, 26 Jun 2024 19:53:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24062619533508DA59768333A70897C6-03D8F7F90C77752E-00
x-cache
TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing
inner; dur=13, cdn-cache; desc=MISS, edge; dur=8, origin; dur=118
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024062619533508DA59768333A70897C6
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
119,23.51.23.76
x-tt-trace-host
01e183bd1a0f73f1d7bdad6b8fa76252dc45717cc9aa0ca1f58154fa482b6cd0ef891f5985e45b0aaae1c63cfd0a22d6fda2a440698f8628042df9d892d9dcc2a0d6e553f5938d798a952f3f6bc00c7d6fb3e76bcfbacb540b3e52fbe7197084a9
access-control-allow-headers
Authorization,*
expires
Wed, 26 Jun 2024 19:53:35 GMT
Carousel.da67f341.js
widget.gotolstoy.com/widget/ 		1 KB
1016 B 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/Carousel.da67f341.js
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9cdd71d919283dc8d80cd3cf87204169e763074316268f635d4359d34b75a87c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:22 GMT
x-amz-version-id
rdcTQ1ebXofgRQeXAVfgZ8pFn2wzKLTp
content-encoding
br
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"d9dab6a41b81bc250d73800a6b4bdab5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
29114
cache-control
no-cache
x-amz-cf-id
-pkgZC5taFnL372lvHWze5mCUcY7QAyMeU9NrAMvldtHoErgd1aVkg==
widget.events.3ac3dc1f.js
widget.gotolstoy.com/widget/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/widget.events.3ac3dc1f.js
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c92e962b23dc80f0d735694b27e7863681302f3d9645c39d613b0be7658d3798

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:22 GMT
x-amz-version-id
2dJaX0qwkoY_mbbC.AOUjFhUB1JHP5ro
content-encoding
br
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"3122a6566c6818ecb518ec3fe7ec0e44"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
29114
cache-control
no-cache
x-amz-cf-id
rjbjs6o-YCYbQ6ugseYFvg2Sq_lkNNxEd6MeDDJFK3gxZ1lYb-Yr4g==
Carousel.d4a7dc8d.js
widget.gotolstoy.com/widget/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/Carousel.d4a7dc8d.js
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1b4b20c2c1c4e16d3a405694bb1b797b5abe1ba1f75e3e799033c9adadf89fd8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:22 GMT
x-amz-version-id
82.G5Kyc2iRHZWoXLYohBRFalVspRVmm
content-encoding
br
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"264b5d17e6cee77c6a63271ee2bef48c"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
29114
cache-control
no-cache
x-amz-cf-id
-4znQFnw0RzZSPdXMfzj-MC4P20zyUb5XOkGq4_lwngcMqVhbf8vcg==
CarouselLoader.48fdce06.js
widget.gotolstoy.com/widget/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/CarouselLoader.48fdce06.js
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
99f01ea7d173c61fa3d5459845925f68fc9315dd69a891b416fc003d025993d9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:22 GMT
x-amz-version-id
lm89KaHiFzLUPze7B5uyNwU1hwRcxdD0
content-encoding
br
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"cf191f8c9eb89e1a3197fc320fcd900b"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
29114
cache-control
no-cache
x-amz-cf-id
b59Nfj8vpoDwG0fvsGZHw3pocFIWGzVISA-bx04VLL29F_Tjrc0d_A==
Bubble.ce5c787e.css
widget.gotolstoy.com/widget/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/Bubble.ce5c787e.css
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dda4d3f91400496413813585cbf16ab6737e90a885edc1359e46e804b21eb248

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:24 GMT
x-amz-version-id
0f9XVbwRGqMp4Bln3DEfLkvp4sGRmTSs
content-encoding
br
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"4390c1ee48b4eb886618428d0a5578bd"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/css
age
29112
cache-control
no-cache
x-amz-cf-id
lBACoPPSxEAQ6LMKNtKPQGvfcHsejVp5npy--Saa4_Zw07gntXYADg==
Carousel.69e09bd6.css
widget.gotolstoy.com/widget/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/Carousel.69e09bd6.css
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
806edb1e76228618ef722569052bb66c54bdada3c870d367ca4e515e32a60fe9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:22 GMT
x-amz-version-id
afhT9HX3i23YcXng1omqLAmVQw9_O6N8
content-encoding
br
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"d9764bd9fcfd69432c2d57845e1d3479"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/css
age
29114
cache-control
no-cache
x-amz-cf-id
l9MlgVae2WfpsKxSkm5FDM6mY91XoaIlXu5xOWMgX0_7vwdn-i6vWg==
bubble.js
widget.gotolstoy.com/widget/ 		27 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/bubble.js
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a67433a238c99fadc9f0e6b3f8ca5636d5c84c15482c50d6f5d227f922842087

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:22 GMT
x-amz-version-id
ytg_msPKF5rTOSHlSHZrt0BBrc8TY47x
content-encoding
br
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"063025a2e19c185b7ed9b7e7c1983627"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
age
29114
cache-control
no-cache
x-amz-cf-id
AbR192xrEjStGUOLu7rLlp69CoUqOG3jmUCtoMA1nmFq3dB97Qftyg==
widget.events.js
widget.gotolstoy.com/widget/ 		939 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.gotolstoy.com/widget/widget.events.js
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:2000:2:85f7:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b65ca4a9adc591ed45918b52d06da90296044e2fb3702f809940a24b07d5a526

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:48:32 GMT
x-amz-version-id
h_o8XkKy0jGJ.Su3rMhAY3ipCmiJ2Aaq
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
29104
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
939
last-modified
Wed, 26 Jun 2024 11:48:16 GMT
server
AmazonS3
etag
"9d80335a66d2b8ce45a06a3f4fae756a"
vary
Origin
content-type
application/javascript
cache-control
no-cache
accept-ranges
bytes
x-amz-cf-id
J7oGf5nMMt6tRJPot16gYQtTdcbT5tArN0Mm57HDcHtjH1Nc4dHlJw==
by-publish-id
apilb.gotolstoy.com/settings/widget/ 		7 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apilb.gotolstoy.com/settings/widget/by-publish-id?widgetType=bubble&publishId=5rd0jnj0mu7kk
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.24.234.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-24-234-123.compute-1.amazonaws.com
Software
awselb/2.0 /
Resource Hash
d159c485669a4e545a47ecd5fd7a705d04e450295f0d8649fe9b49b4e1916cb0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:35 GMT
content-encoding
gzip
server
awselb/2.0
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
Content-Type
content-length
1934
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb1004ef2071d4409cb15afa72254c6f3c984242115072fe318bb308d6a2d1e1

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		293 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
event
api.gotolstoy.com/events/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.gotolstoy.com/events/event
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.94.16.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-16-235.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.icandyworld.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,content-type,x-amz-date,x-amz-security-token,x-amz-user-agent,x-amzn-trace-id,x-api-key
access-control-allow-methods
GET,OPTIONS,POST
access-control-allow-origin
https://www.icandyworld.com
access-control-max-age
0
apigw-requestid
Z_a2Lj21oAMEbPw=
date
Wed, 26 Jun 2024 19:53:36 GMT
vary
origin
event
api.gotolstoy.com/events/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.gotolstoy.com/events/event
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.94.16.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-16-235.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://www.icandyworld.com/
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://www.icandyworld.com
date
Wed, 26 Jun 2024 19:53:37 GMT
access-control-allow-credentials
true
content-length
0
vary
origin
apigw-requestid
Z_a2NgDFoAMEbww=
index.html
play.gotolstoy.com/2.0.0-l/ Frame BCDF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://play.gotolstoy.com/2.0.0-l/index.html?host&url=https://www.icandyworld.com/&safari=false&dontDownload=true&playerType=bubble&isShopifyStore=false&shopifyStoreUrl=&modalId=45708103-5df7-4ee0-81d1-05cb1e42addb&ai=140d92b2-3ab8-4fb4-a243-7c163e1297ce&pl=true&pv=1.0.0&isFeed=true&publishId=5rd0jnj0mu7kk
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/Carousel.d4a7dc8d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:4:5b2f:f600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://www.icandyworld.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
14022
cache-control
no-cache
content-encoding
br
content-type
text/html
date
Wed, 26 Jun 2024 15:59:55 GMT
etag
W/"6e3534105d0b57b58d8c592905e3d33b"
last-modified
Wed, 26 Jun 2024 15:59:48 GMT
server
AmazonS3
vary
Accept-Encoding Origin
via
1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
x-amz-cf-id
aoYmdbBAooQN1onL_WxRu-pYB_l1Gequx8CCZFxsfqxXdYChQ7dqGw==
x-amz-cf-pop
FRA50-C1
x-cache
Hit from cloudfront
c3d8cc455d1d4cf695973537fb78ae60.thumbnail.0000000000.jpg
cdn.shopify.com/s/files/1/0556/5782/4305/files/preview_images/ 		33 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/s/files/1/0556/5782/4305/files/preview_images/c3d8cc455d1d4cf695973537fb78ae60.thumbnail.0000000000.jpg?v=1713274581
Requested by
Host: widget.gotolstoy.com
URL: https://widget.gotolstoy.com/widget/bubble.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:ff01:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ef31f57056b7e93db8586a191ce714266a7e916cebe84b057a9a7df0ebb1675
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:36 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
1252052
source-type
image/jpeg
server-timing
imagery;dur=342.322, imageryFetch;dur=95.656, imageryProcess;dur=173.225;desc="image", cfRequestDuration;dur=22.999763, ipv6
source-length
181486
content-length
34146
x-xss-protection
1; mode=block
x-request-id
49a8256d-4d6e-404a-8556-366a29bf0fb7-1717427088
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 03 Jun 2024 15:04:48 GMT
server
cloudflare
x-shopid
55657824305
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=epCq2T125pKOHd3em2N%2B8TPNIiepwC6D7EEvTAhFzQbUBIlLS0wsyO8ZYtXTgOJ%2BCePl%2B4U3KntK0wNrF0b6Vem5f63FGLEz5l3XHRIqy4ITogekwXH%2F5lopD4YTA%2F%2BgAxRHOG%2BLNj5z0pwnPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0556/5782/4305/files/preview_images/c3d8cc455d1d4cf695973537fb78ae60.thumbnail.0000000000.jpg>; rel="canonical"
cf-ray
899fbe9419779539-LHR
unified-tag.js
cdn.attn.tv/tag/4-latest/ 		123 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_302cdc2011
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/icandy/dtag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:1600:1c:9484:cec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1aea165a1bb393798a8d20189157b0f7a799c6d7ae2d5c9b59a700e15acec14e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
j4krP5FLKgHwD9UZA20FxkH9e7A_3ztC
content-encoding
gzip
via
1.1 eb1a8c1b1275e33a016e623478052110.cloudfront.net (CloudFront)
date
Wed, 26 Jun 2024 19:52:26 GMT
x-amz-cf-pop
FRA2-C2
age
71
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 25 Jun 2024 16:08:48 GMT
server
AmazonS3
etag
W/"954f36687ef138bae8d4b0532386bf26"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=300
x-amz-cf-id
HIEDjlTK802K6ixQuYgUbhM0Flou2cjEmh0_kceamdHbsU8BZ2GO8A==
c6ae81e210e64a949bfe8613abf33bc7.SD-480p-0.9Mbps-27249758.mp4
cdn.shopify.com/videos/c/vp/c6ae81e210e64a949bfe8613abf33bc7/ 		545 KB
546 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/videos/c/vp/c6ae81e210e64a949bfe8613abf33bc7/c6ae81e210e64a949bfe8613abf33bc7.SD-480p-0.9Mbps-27249758.mp4
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:ff01:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e6ab3a3d974dddd63fe6faf70ba59378ffe5ddd3375dd402ad6dbd7f5d09258
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer
https://www.icandyworld.com/
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:36 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
age
2004528
Content-Range
bytes 0-557706/557707
server-timing
imagery;dur=125.976, imageryFetch;dur=125.517, cfRequestDuration;dur=21.999836, ipv6
alt-svc
h3=":443"; ma=86400
Content-Length
557707
x-xss-protection
1; mode=block
x-request-id
2294111e-d4a7-45e6-9ada-81097ac77146-1717427088
last-modified
Mon, 03 Jun 2024 15:04:48 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LO1tuQ9rGxbimXdZtGcgQsMRV37DjHV7P3ZN1jd2CmG95iNFT4gbz3tX7ygCXiBA2yTqhUQtB2QK6%2BtKyBeFYytLEqg0jK0v%2FCm%2B%2FUFDfvYGV8U5m%2Bfa6R0Loty%2Bv2UVXQH85JuI18vkCFGeQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/mp4
access-control-allow-origin
*
access-control-expose-headers
Content-Type, Range, Access-Control-Allow-Origin
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/videos/c/vp/c6ae81e210e64a949bfe8613abf33bc7/c6ae81e210e64a949bfe8613abf33bc7.SD-480p-0.9Mbps-27249758.mp4>; rel="canonical"
cf-ray
899fbe94197b9539-LHR
/
icandy-gb.attn.tv/d/ 		5 B
253 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://icandy-gb.attn.tv/d/?attn_vid=b52b87c44ea140939ac3eb9109770ca8
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.144.121 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:37 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
4
cf-ray
899fbe951c74369a-LHR
alt-svc
h3=":443"; ma=86400
e
events.attentivemobile.com/ 		0
260 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://events.attentivemobile.com/e?v=4.37.9_71cd04ce4a&pd=https%3A%2F%2Fwww.icandyworld.com%2F&u=b52b87c44ea140939ac3eb9109770ca8&c=icandy-gb&ceid=zcD&lt=1719431616693&tag=modern&cs=4219730321&t=v&r=&m=%7B%22source%22%3A%22a%22%7D&cb=1719431616697
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_302cdc2011
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.39.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:36 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
access-control-expose-headers
Set-Cookie, X-Count, X-Token
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
5
cf-ray
899fbe94ef3823cc-LHR
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
zcD.js
cdn.attn.tv/growth-tag-assets/client-configs/ 		0
382 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/growth-tag-assets/client-configs/zcD.js
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_302cdc2011
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:1600:1c:9484:cec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
kGJjc2HxNgGNuk_7UqP1h9o.liqWLb8I
content-encoding
via
1.1 eb1a8c1b1275e33a016e623478052110.cloudfront.net (CloudFront)
date
Wed, 26 Jun 2024 03:25:00 GMT
last-modified
Mon, 17 Dec 2018 20:59:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
age
59339
etag
"d41d8cd98f00b204e9800998ecf8427e"
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
0
x-amz-cf-id
6I5iSU_3lOraVK1vf4_7JiQJNFpIIfDGRQq17KrS95a-LDaHShe_0w==
unrenderedCreative
icandy-gb.attn.tv/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://icandy-gb.attn.tv/unrenderedCreative?v=4.37.9&r=&id=b52b87c44ea140939ac3eb9109770ca8&pv=1&l=https%3A%2F%2Fwww.icandyworld.com%2F&w=1600&h=1200&ss_ref=ORGANIC&f=2
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.144.121 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7c886604bb5afc8fc4a9c095b8db670a2add3b32acec6fcc4c7fe429d39e1e3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 26 Jun 2024 19:53:37 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
25
cf-ray
899fbe976fcf369a-LHR
alt-svc
h3=":443"; ma=86400
1.gif
imgsct.cookiebot.com/ 		35 B
744 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgsct.cookiebot.com/1.gif?dgi=84690ddd-0659-4241-b7b4-d1ba4f2aee4f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:8a0::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 26 Jun 2024 19:53:37 GMT
X-GUploader-UploadID
ACJd0NqlNnztDlJB-jMYWu9ZEiD5xGXvl1Skqs--HSXoT2zLYRzkG75bZ3Obbu7DNH6X7wScYiMqi6suFg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
Connection
keep-alive
Content-Length
35
Last-Modified
Mon, 23 Oct 2023 11:39:32 GMT
Server
UploadServer
ETag
"c2196de8ba412c60c22ab491af7b1409"
x-goog-generation
1698061172769999
x-goog-hash
crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
*
Cache-Control
public,max-age=1800
x-goog-stored-content-length
35
Accept-Ranges
bytes
Content-Type
image/gif
favicon.ico
www.icandyworld.com/media/favicon/stores/3/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/media/favicon/stores/3/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
d206064353aa1d9b4e0e02aef3bcdbf9fc4dd274aaee45c8d9046ff0c44bdf23
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:37 GMT
content-encoding
br
strict-transport-security
max-age=0
last-modified
Thu, 08 Oct 2020 09:14:48 GMT
etag
W/"5f7ed888-52a"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/x-icon
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
1327
expires
Fri, 26 Jul 2024 19:53:37 GMT
favicon.ico
www.icandyworld.com/media/favicon/stores/3/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://www.icandyworld.com/media/favicon/stores/3/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.86.96.251 Manchester, United Kingdom, ASN199542 (SONASSI, GB),
Reverse DNS
lb1.dh1.c292.sonassihosting.com
Software
/
Resource Hash
d206064353aa1d9b4e0e02aef3bcdbf9fc4dd274aaee45c8d9046ff0c44bdf23
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:37 GMT
content-encoding
br
last-modified
Thu, 08 Oct 2020 09:14:48 GMT
etag
W/"5f7ed888-52a"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/x-icon
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
1327
expires
Fri, 26 Jul 2024 19:53:37 GMT
index.html
creatives.attn.tv/creatives-dynamic/multiPage/ Frame 91B9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://creatives.attn.tv/creatives-dynamic/multiPage/index.html
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_302cdc2011
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:cc00:a:78b:4e00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://www.icandyworld.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
max-age=0
content-encoding
gzip
content-type
text/html
date
Wed, 26 Jun 2024 19:53:38 GMT
etag
W/"e2d83a306649f5ccab7f111754e8b366"
last-modified
Fri, 21 Jun 2024 19:12:20 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-cf-id
6ShTahcg-LyxZYoYiVKH5iEuCzqhwuRMmdHlAGLFlG6McRIy68Wg_g==
x-amz-cf-pop
FRA60-P4
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
qEPO1gNaxgD1sV3uZlIjvjNERwNGLNp_
x-cache
RefreshHit from cloudfront
api.js
www.google.com/recaptcha/ 		1 KB
982 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=globalOnRecaptchaOnLoadCallback&render=explicit
Requested by
Host: www.icandyworld.com
URL: https://www.icandyworld.com/static/version1718876641/frontend/Icandy/icandy/en_GB/bundles/shared.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f4.1e100.net
Software
GSE /
Resource Hash
b08db662ae2c6c669d21f0a4e01f487e1f0ac2dc0f1e3dc061ad0f75a6622af5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 19:53:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 26 Jun 2024 19:53:39 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/ 		517 KB
205 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=globalOnRecaptchaOnLoadCallback&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b20abde9f7eb27dc344dbbb35f59aba01e4cc70262c07c260beadef9072f25e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.icandyworld.com/
Origin
https://www.icandyworld.com
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 12:10:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
209238
x-xss-protection
0
last-modified
Sat, 15 Jun 2024 04:02:13 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 26 Jun 2025 12:10:47 GMT
anchor
www.google.com/recaptcha/api2/ Frame 0E6F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf00HoaAAAAAFb3dS5ZjzTAO-TjrEhp7W6m-qgH&co=aHR0cHM6Ly93d3cuaWNhbmR5d29ybGQuY29tOjQ0Mw..&hl=en&v=KXX4ARWFlYTftefkdODAYWZh&theme=light&size=normal&cb=9xo6ugxsx6i2
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-89Mm1px1U4vOAJd8YzQtXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://www.icandyworld.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-89Mm1px1U4vOAJd8YzQtXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 26 Jun 2024 19:53:40 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
bframe
www.google.com/recaptcha/api2/ Frame A93D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=KXX4ARWFlYTftefkdODAYWZh&k=6Lf00HoaAAAAAFb3dS5ZjzTAO-TjrEhp7W6m-qgH
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-fnJb2fNR20NRv2Rg1YdETw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://www.icandyworld.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-fnJb2fNR20NRv2Rg1YdETw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 26 Jun 2024 19:53:41 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

128 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 undefined| event object| fence object| sharedStorage string| BASE_URL function| require function| requirejs function| define undefined| $ function| jQuery object| AEC object| dataLayer object| dataLayerTransport object| EC object| google_tag_params object| G number| revenue object| DoubleClick object| a number| b function| initStripe object| stripe function| hj object| _hjSettings string| tolstoyAppKey boolean| gtag_enable_tcf_support string| TiktokAnalyticsObject object| ttq function| loadCSS function| fbq function| _fbq object| ometria object| algoliaConfig object| checkout object| authenticationPopup object| w string| TrustpilotObject function| tp object| f function| inIframe function| tryParseJson function| objectFitImages object| lazySizesConfig object| lazySizes object| picturefillCFG function| picturefill function| _ object| jQuery1124018289034059156228 function| tinycolor function| ImageViewer object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot function| __tcfapi object| CookieConsent object| LO object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| Trustpilot object| google_tag_manager object| google_tag_data function| parcelRequire693d object| tolstoyWidget object| AWIN object| Sha256 object| Utf8 function| AwinCustomEvent object| cookieStorage function| globalOnRecaptchaOnLoadCallback object| CookieConsentIABCMP object| CookiebotCMPControl object| iabbundle function| onYouTubeIframeAPIReady object| gaGlobal object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| CookiebotDialog object| CookieConsentDialog object| lanternTracker object| lantern object| algolia function| isMobile function| getCookie function| transformHit function| fixAutocompleteCssHeight function| fixAutocompleteCssSticky function| createISWidgetContainer object| routing object| AlgoliaBase64 object| algoliaAnalytics object| algoliaInsights function| Froogaloop function| $f object| _log boolean| ometria_overlays_enabled string| attn_d0x0b_cfg object| __attentive_cfg string| __attentive_domain object| __attentive boolean| __poll_for_path_change boolean| __attnLoaded object| attn_d0x0b_evt object| attentive boolean| attnOverlayLoaded object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_219263

28 Cookies

Domain/Path Name / Value
.tiktok.com/ Name: _ttp
Value: 2iQnLkY4C3rWQYoZyZVKudSUmHy
www.icandyworld.com/ Name: form_key
Value: MnYXF3v2Tg2z6Dnr
www.icandyworld.com/ Name: mage-cache-storage
Value: %7B%7D
www.icandyworld.com/ Name: mage-cache-storage-section-invalidation
Value: %7B%7D
www.icandyworld.com/ Name: mage-cache-sessid
Value: true
www.icandyworld.com/ Name: mage-messages
Value:
www.icandyworld.com/ Name: recently_viewed_product
Value: %7B%7D
www.icandyworld.com/ Name: recently_viewed_product_previous
Value: %7B%7D
www.icandyworld.com/ Name: recently_compared_product
Value: %7B%7D
www.icandyworld.com/ Name: recently_compared_product_previous
Value: %7B%7D
www.icandyworld.com/ Name: product_data_storage
Value: %7B%7D
.icandyworld.com/ Name: _tt_enable_cookie
Value: 1
.icandyworld.com/ Name: _ttp
Value: eJ7kkBvflF3K-X5Pn5gu5GMzgw-
.icandyworld.com/ Name: lantern
Value: 8319dbf7-1797-4bfe-9e32-5ee3e2566dd9
.www.icandyworld.com/ Name: PHPSESSID
Value: mgnbb40n1r2nivbq5eolkocam9
www.icandyworld.com/ Name: md_geo_ip_country
Value: GB
www.icandyworld.com/ Name: md_geo_already_request
Value: 1
.icandyworld.com/ Name: _hjSessionUser_424350
Value: eyJpZCI6ImQ5MGEzNTJkLWFkNDgtNWRjNi05NjI0LTgwYzNkNjZiNmM4YiIsImNyZWF0ZWQiOjE3MTk0MzE2MTQ5MTEsImV4aXN0aW5nIjpmYWxzZX0=
.icandyworld.com/ Name: _hjSession_424350
Value: eyJpZCI6IjU3YmVkNGEyLWY2ZjgtNDY1Zi05NzU3LTVjN2I0NjEzOTg4OCIsImMiOjE3MTk0MzE2MTQ5MTcsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.icandyworld.com/ Name: _fbp
Value: fb.1.1719431614977.700860331806147795
.icandyworld.com/ Name: ometria
Value: 2_cid%3DDHqHXKPRi7r1pX2n%26nses%3D1%26osts%3D1719431614%26sid%3Dbffdaf127CWIA0ts33bz9%26npv%3D1%26tids%3D%26slt%3D1719431614
www.icandyworld.com/ Name: __attentive_id
Value: b52b87c44ea140939ac3eb9109770ca8
www.icandyworld.com/ Name: _attn_
Value: eyJ1Ijoie1wiY29cIjoxNzE5NDMxNjE2Njk1LFwidW9cIjoxNzE5NDMxNjE2Njk1LFwibWFcIjoyMTkwMCxcImluXCI6ZmFsc2UsXCJ2YWxcIjpcImI1MmI4N2M0NGVhMTQwOTM5YWMzZWI5MTA5NzcwY2E4XCJ9In0=
www.icandyworld.com/ Name: __attentive_cco
Value: 1719431616696
.gotolstoy.com/ Name: tolstoy-anonymousId
Value: 140d92b2-3ab8-4fb4-a243-7c163e1297ce
www.icandyworld.com/ Name: __attentive_pv
Value: 1
www.icandyworld.com/ Name: __attentive_ss_referrer
Value: ORGANIC
www.icandyworld.com/ Name: __attentive_dv
Value: 1

104 Console Messages

Source Level URL
Text
security error URL: https://www.icandyworld.com/
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://www.icandyworld.com/(Line 57)
Message:
[Report Only] Refused to load the image 'https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//iCandy_Peach_7_Coco_Chocolate_Factory_Image_web_1_.jpg?func=crop&width=2880&height=1636' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/(Line 57)
Message:
[Report Only] Refused to load the image 'https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//iCandy_Peach_7_Coco_Chocolate_Factory_Image_web_1_.jpg?func=crop&width=2880&height=1636' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/(Line 57)
Message:
[Report Only] Refused to load the image 'https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//iCandy_Peach_7_Coco_Chocolate_Factory_Image_web_1_.jpg?func=crop&width=2880&height=1636' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/(Line 57)
Message:
[Report Only] Refused to load the image 'https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//iCandy_Peach_7_Coco_Chocolate_Factory_Image_web_1_.jpg?func=crop&width=2880&height=1636' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: about:blank
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: about:blank
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: about:blank
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the script 'https://tools.luckyorange.com/core/lo.js?site-id=955127aa' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.icandyworld.com/(Line 142)
Message:
[Report Only] Refused to load the script 'https://static.hotjar.com/c/hotjar-424350.js?sv=6' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/widget.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the script 'https://consent.cookiebot.com/uc.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.icandyworld.com/(Line 147)
Message:
[Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CLB2TN3C77U0K4UVJ690&lib=ttq' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the image 'https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//peach/HP-PushchairSlider-Peach7.jpg?func=crop&width=546&height=729' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the image 'https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//Orange-4-black-profile.jpg?func=crop&width=546&height=729' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the image 'https://agbvkrrzbq.cloudimg.io/v7/www.icandyworld.com/media//Core/HP-PushchairSlider-Core_1.jpg?func=crop&width=546&height=729' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/awin/?awc=&source=
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://consent.cookiebot.com/uc.js(Line 1)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://consent.cookiebot.com/uc.js(Line 1)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://consent.cookiebot.com/uc.js(Line 1)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://consent.cookiebot.com/uc.js(Line 1)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://consent.cookiebot.com/uc.js(Line 1)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://consent.cookiebot.com/uc.js(Line 1)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://consent.cookiebot.com/uc.js(Line 1)
Message:
[Report Only] Refused to load the script 'https://consent.cookiebot.com/Framework/IAB/consent-sdk-2.2.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://consent.cookiebot.com/uc.js(Line 1)
Message:
[Report Only] Refused to load the script 'https://consent.cookiebot.com/84690ddd-0659-4241-b7b4-d1ba4f2aee4f/cc.js?renew=false&referer=www.icandyworld.com&dnt=false&init=false&framework=TCFv2.2' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://tools.luckyorange.com/core/lo.js?site-id=955127aa
Message:
[Report Only] Refused to connect to 'https://settings.luckyorange.com/955127aa' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://tools.luckyorange.com/core/lo.js?site-id=955127aa
Message:
[Report Only] Refused to connect to 'https://settings.luckyorange.com/955127aa' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://consent.cookiebot.com/
Message:
[Report Only] Refused to frame 'https://consentcdn.cookiebot.com/' because it violates the following Content Security Policy directive: "frame-src 'self' secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://static.hotjar.com/c/hotjar-424350.js?sv=6(Line 2)
Message:
[Report Only] Refused to load the script 'https://script.hotjar.com/modules.de6b9e294c29aa146ba1.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CLB2TN3C77U0K4UVJ690&lib=ttq(Line 3)
Message:
[Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-5562HZ(Line 190)
Message:
[Report Only] Refused to load the script 'https://consent.cookiebot.com/uc.js?cbid=84690ddd-0659-4241-b7b4-d1ba4f2aee4f&implementation=gtm&consentmode-dataredaction=dynamic' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to connect to 'https://apilb.gotolstoy.com/actions/accounts/03883bb2-f5a7-4941-ad0a-b9a1398b93ed?timestamp=1719431614643&url=https%3A%2F%2Fwww.icandyworld.com%2F&sessionCount=0&lastSeenAt=2024-06-26T19%3A53%3A34.643Z&firstSeenAt=null&tolstoySeenCounter=%7B%7D&isMobile=false&domain=www.icandyworld.com&appUrl=undefined' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to connect to 'https://apilb.gotolstoy.com/actions/accounts/03883bb2-f5a7-4941-ad0a-b9a1398b93ed?timestamp=1719431614643&url=https%3A%2F%2Fwww.icandyworld.com%2F&sessionCount=0&lastSeenAt=2024-06-26T19%3A53%3A34.643Z&firstSeenAt=null&tolstoySeenCounter=%7B%7D&isMobile=false&domain=www.icandyworld.com&appUrl=undefined' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://www.dwin1.com/33065.js
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://www.dwin1.com/33065.js
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://www.dwin1.com/33065.js
Message:
[Report Only] Refused to load the script 'https://lantern.roeyecdn.com/lantern_global_33065.min.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.icandyworld.com/(Line 151)
Message:
[Report Only] Refused to load the script 'https://cdn.ometria.com/tags/bff1f4731dc1fdaf.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/static/identify_ce1d8843.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/pixel' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/pixel' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the image 'https://lantern.roeye.com/track.php?fingerprint=8319dbf7-1797-4bfe-9e32-5ee3e2566dd9&referrer=&landingpage=https%3A%2F%2Fwww.icandyworld.com%2F&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F126.0.0.0%20Safari%2F537.36&site=33065' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://script.hotjar.com/modules.de6b9e294c29aa146ba1.js(Line 1)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://script.hotjar.com/modules.de6b9e294c29aa146ba1.js(Line 1)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://cdn.ometria.com/overlays/bff1f4731dc1fdaf/data.json' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://cdn.ometria.com/overlays/bff1f4731dc1fdaf/data.json' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the image 'https://trk.ometria.com/track/v3/bff1f4731dc1fdaf/event.gif?data=y29Ypvz5Dfq3CgDnnMX2rwTemfqMy2LKpuriCuHys1bsAtDYmxbymM4My25LDZ0XjMr0B3vJAd0WjMrZAxPLpte2mdb4mtiWmczLBMm9vvrgltGMC25LDZ0XjNrSyxn0pte3mtK0mZe2mtqMC2LKpwjMzMrHzJeYn0nxsueWDhmZm2j6oszUC2vZpteMB3n0CZ0XnZe5ndmXnJe0jMvJyw1Wpsz0AwrZpsz1CMW9Ahr0ChmLm0eLmKyLmKz3D3CUAwnHBMr5D29YBgqUy29TjtjgjNnPDgu9mYzUChy9mszKjtvcCNvYBcu1rd0Mzcu1qNr5CguLnuq9Ag9TzxbHz2uMDhLWzt1WywDLDMLLDYzJAgfUBMvSpxn5C3rLBq%3D%3D&rnd=RqCrue&enc=UTF-8' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://consent.cookiebot.com/
Message:
[Report Only] Refused to frame 'https://consentcdn.cookiebot.com/' because it violates the following Content Security Policy directive: "frame-src 'self' secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/monitor' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/pixel/act' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/pixel/act' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/Carousel.da67f341.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/Carousel.da67f341.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/widget.events.3ac3dc1f.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/widget.events.3ac3dc1f.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/Carousel.d4a7dc8d.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/Carousel.d4a7dc8d.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/CarouselLoader.48fdce06.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/CarouselLoader.48fdce06.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the stylesheet 'https://widget.gotolstoy.com/widget/Bubble.ce5c787e.css' because it violates the following Content Security Policy directive: "style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the stylesheet 'https://widget.gotolstoy.com/widget/Carousel.69e09bd6.css' because it violates the following Content Security Policy directive: "style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/bubble.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/bubble.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/widget.events.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to load the script 'https://widget.gotolstoy.com/widget/widget.events.js' because it violates the following Content Security Policy directive: "script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.attn.tv events.attentivemobile.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://apilb.gotolstoy.com/settings/widget/by-publish-id?widgetType=bubble&publishId=5rd0jnj0mu7kk' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://apilb.gotolstoy.com/settings/widget/by-publish-id?widgetType=bubble&publishId=5rd0jnj0mu7kk' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://api.gotolstoy.com/events/event' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://api.gotolstoy.com/events/event' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://widget.gotolstoy.com/widget/Carousel.d4a7dc8d.js
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://widget.gotolstoy.com/widget/bubble.js
Message:
[Report Only] Refused to load the image 'https://cdn.shopify.com/s/files/1/0556/5782/4305/files/preview_images/c3d8cc455d1d4cf695973537fb78ae60.thumbnail.0000000000.jpg?v=1713274581' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://widget.gotolstoy.com/widget/bubble.js
Message:
[Report Only] Refused to load the font 'https://assets.gotolstoy.com/public/assets/03883bb2-f5a7-4941-ad0a-b9a1398b93ed/custom-font.otf?1704715871695' because it violates the following Content Security Policy directive: "font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load media from 'https://cdn.shopify.com/videos/c/vp/c6ae81e210e64a949bfe8613abf33bc7/c6ae81e210e64a949bfe8613abf33bc7.SD-480p-0.9Mbps-27249758.mp4' because it violates the following Content Security Policy directive: "media-src 'self' 'unsafe-inline'".
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load media from 'https://cdn.shopify.com/videos/c/vp/c6ae81e210e64a949bfe8613abf33bc7/c6ae81e210e64a949bfe8613abf33bc7.SD-480p-0.9Mbps-27249758.mp4' because it violates the following Content Security Policy directive: "media-src 'self' 'unsafe-inline'".
security error URL: https://widget.gotolstoy.com/
Message:
[Report Only] Refused to frame 'https://play.gotolstoy.com/' because it violates the following Content Security Policy directive: "frame-src 'self' secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://widget.gotolstoy.com/
Message:
[Report Only] Refused to frame 'https://play.gotolstoy.com/' because it violates the following Content Security Policy directive: "frame-src 'self' secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://www.icandyworld.com/
Message:
[Report Only] Refused to load the image 'https://imgsct.cookiebot.com/1.gif?dgi=84690ddd-0659-4241-b7b4-d1ba4f2aee4f' because it violates the following Content Security Policy directive: "img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'".
security error URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_302cdc2011
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_302cdc2011
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://cdn.attn.tv/
Message:
[Report Only] Refused to frame 'https://creatives.attn.tv/' because it violates the following Content Security Policy directive: "frame-src 'self' secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://cdn.attn.tv/
Message:
[Report Only] Refused to frame 'https://creatives.attn.tv/' because it violates the following Content Security Policy directive: "frame-src 'self' secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js(Line 49)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js(Line 83)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js(Line 83)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js(Line 215)
Message:
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to connect to 'https://apilb.gotolstoy.com/site-activity/site-activity' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".
security error URL: https://widget.gotolstoy.com/widget/widget.js
Message:
[Report Only] Refused to connect to 'https://apilb.gotolstoy.com/site-activity/site-activity' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.attn.tv events.attentivemobile.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

agbvkrrzbq.cloudimg.io
analytics.tiktok.com
api.gotolstoy.com
apilb.gotolstoy.com
cdn.attn.tv
cdn.ometria.com
cdn.shopify.com
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
creatives.attn.tv
events.attentivemobile.com
icandy-gb.attn.tv
imgsct.cookiebot.com
invitejs.trustpilot.com
lantern.roeye.com
lantern.roeyecdn.com
play.gotolstoy.com
polyfill.io
script.hotjar.com
settings.luckyorange.com
static.hotjar.com
tools.luckyorange.com
trk.ometria.com
widget.gotolstoy.com
widget.trustpilot.com
www.dwin1.com
www.facebook.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.icandyworld.com
100.24.234.123
104.18.39.221
108.138.26.55
13.32.27.19
142.250.185.132
149.86.96.251
172.64.144.121
172.67.184.69
18.66.102.51
2.21.20.12
2600:9000:2057:2000:2:85f7:af00:93a1
2600:9000:20eb:0:1f:af3f:8a40:93a1
2600:9000:211e:5c00:18:6c16:27c0:93a1
2600:9000:214f:600:f:8ce2:fb80:93a1
2600:9000:2156:7600:4:5b2f:f600:93a1
2600:9000:21f3:1600:1c:9484:cec0:93a1
2600:9000:225e:cc00:a:78b:4e00:93a1
2620:127:f00f:ff01::
2a00:1450:4001:830::2003
2a00:1450:4001:830::2008
2a02:26f0:3500:11::215:14d6
2a02:26f0:3500:18::1724:a29d
2a02:26f0:7100:8a0::f09
2a02:6ea0:c700::21
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
3.94.16.235
34.107.203.234
34.253.34.140
52.222.236.60
54.216.242.9
0043579690952cd59395cbeb7036b585ba6c272b249711032a508ea8757033e5
02e5bf47b2473c1da7a39a25b14f0f5d9857142842d33def047e492f9f610cb9
067a840158ea59ff112ee2b8a3a59a67b3d5fbacc526e8db4e0c7867b11987fb
06c8e2b61f65c226c99f010e3b0701377ed056710a9aba0029d08468f169d209
0ada097176c78f1ad5a21b8fb2fd001fbd4262e8688d412b1bec09294e74a801
0e8453696e1dad18a789837603e56e012f98a58ac78578fa2173dda9ba396881
0ef31f57056b7e93db8586a191ce714266a7e916cebe84b057a9a7df0ebb1675
142b5cf5159444b30b43bf78daccafead19a4c8dd4481c5c96a7d6c46b1013c8
17de128a2efb8bdccfa188617f96220c75487fc6d6b9a8942209a72c50c66457
18429b78aad640e9c7a4e7312b4e58d7f5a63656bd4f98feaec343b94d314feb
1a3904719a3fcd03ea299a7761118f92762212285697c893f75d92d033eb43a0
1aea165a1bb393798a8d20189157b0f7a799c6d7ae2d5c9b59a700e15acec14e
1b4b20c2c1c4e16d3a405694bb1b797b5abe1ba1f75e3e799033c9adadf89fd8
226b70e920a7f3dafd21200158520b7373fb97d3552fe40266dd17cefc191f34
24de1c4a19c43ad41b013f13dcd858c17b0daa7f33a53f19913e5b11366d1c2e
2b175a5076076c182fef3d3aecee76f9a8c0c048b87aa79e494160ecf0157206
3035b4494ab38d11c0a231a4ee349db1eb2882e86f747c068d6a26e3c5691629
3124f1637fba4270fffb020d9cd30558a8bf4890800357506f1a3596eccb0488
362289c13b4c4c8997eb58ce495d84d842c6826c11a402ce28a818e7456e5794
3733b318201a648c6718829f3e668728e2de9ac13abf2192ba323264f9194ec7
3f1655ddee2ed141d4fa587756e5e3ec3c1dc8f44951add94fc1ca00241d8f8c
3fb3e33be63958cb8774620945a6fbb05c45d024421565b5e69249d1ca81032b
4175db246aad8814e7089a5f0924c11b73e26ee5c2e2672e995a5fc84b1bc27f
46751a11a1c0d6b08dab6a2cc7fd065188f1cf59db43ff24f2cabc6da1e9e112
498cac7c0e972e071acb2c9284f41f1aa60368709cad6ccc188ab085c2f2b805
4b20abde9f7eb27dc344dbbb35f59aba01e4cc70262c07c260beadef9072f25e
50220fd8348cd7b34c20d32fd7d5f1b52eecec7b9ce96da61a907ca41027d812
5872e0912a0ed55ab74d0db1569c52a23ad10967d8d851e515f226ddbe47c22e
59c8fb22ddd56c719cb79171502b54556f6db1e81ef4e3954d0c7a7d3cdb24cc
5cb1732a10ce257d9c48435659b69fe68dd819579d42517d04cc0fae0b842741
5cb5cbf29fef11b91e3aa6bbf0e72a3c2cae2c46934854f2cec52776971d9c95
6091c2c2287eee8048a87d3a9732beaf90d4a75d39efc0b731ee0af10a0afe59
63c24d0f1f2bd1fd149b160de0ec09a1ed6354f0f95acf8534379e864203089c
6505f1c83d7fa7630159fed40bebdb3b0e46fa5e4a57c708bab1927f36d2a67f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2
743c4b93ab02f0ece15aa8bdb1f7b5d57e1753fe5ef6d320612ee0888e1196c6
79126f05e28737bf913135cf7b5185c93c12b9ee818c8c60916367aa29e8d6e8
7b96c8d87924a3e1faea005d7d169573e7ac670823376e02f6d41f19f5f638e9
7dda4b29507887a80d74c81a30e6ff5241e414a7381cc0a4f6eef32595ebadf3
7e6ab3a3d974dddd63fe6faf70ba59378ffe5ddd3375dd402ad6dbd7f5d09258
7f4956b0be7b669741c27c05982c13cc40600b856746459f7efd8ba308537c0b
7ff394069bd7863181060c8a6fda7b448f6ea3f8fa1dcac3636342f457dfda8a
806edb1e76228618ef722569052bb66c54bdada3c870d367ca4e515e32a60fe9
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
8446f53674ec39d255c9b0fe8e7ec9a311628eaef41e930947e465ffaf718057
872113048282495cf16b00a835fa119341cf4c1eec0537b3d094a42400612d97
8946e70288a4c0c87ef1a916945058df6d775caeacd8f1264d7a998913314697
89e376227526c1dca26bcf7bdce37cca101266c89a8c2c01cb8af490c66853a6
9197c58197441035e92dff7ca0ed7c707e5b871957275b15d9ecc9aeb8353fa8
967c0c78eea5f5334dbb6b8c01753c51e7992cc0a77ee15dc807678d140c9f8b
99f01ea7d173c61fa3d5459845925f68fc9315dd69a891b416fc003d025993d9
9cdd71d919283dc8d80cd3cf87204169e763074316268f635d4359d34b75a87c
9e7d077bc4ed2b07c9d582064be1e9801b9eb967ea7582597a4f8ca8e08a3cbe
9eef404e1d34559d37639a78bce2729ee6fe142b8380f7ea713b2ace226ed7aa
a67433a238c99fadc9f0e6b3f8ca5636d5c84c15482c50d6f5d227f922842087
a71d87fc04f9f1da7702389aca7100337f73e5592e0e45b061de5fa2a7693437
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ae0fcbeeee52438c0ce5165431675621410578efa70d67fe21669b3a0262c480
aeaeab014462d2f82ac03c3ea32b709ffde068de53ed3fb755efa6b98b2a47f6
b08db662ae2c6c669d21f0a4e01f487e1f0ac2dc0f1e3dc061ad0f75a6622af5
b351454f3d8511331c0465ed16abef4689dc0989430805b0637f75254274f673
b56a789c70e85e65132f55ff43a08a276cf61c155f2fbafdf58b3a4e7b8fcf12
b65ca4a9adc591ed45918b52d06da90296044e2fb3702f809940a24b07d5a526
b7f56545b10baf0b509884678125dbf3aa6d8e47c7635bffa543b5fd7b728455
bb1004ef2071d4409cb15afa72254c6f3c984242115072fe318bb308d6a2d1e1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb4758d377b1af1e2e5da49748f7c48728d62dbdaa86e5e2b7293e87df16afe8
bc96e5797f55bc2b5b08948855c1f675dbafa9932653e15c142a1485ae9fb6e3
bcb97849ddf5c8f36c9a3bac2f72b13a7a7c1a85fccf1f9dca814cd87c68741f
bd2c199cdf883fcbf18150fe237c524ccdb9b37496997f78303121e0eb5a97ca
be8b51ffb37d864a2ba662d9de815277a243daac644b4f911cb648908c356a70
c92e962b23dc80f0d735694b27e7863681302f3d9645c39d613b0be7658d3798
cc3f0fe972b6149aea4b99efafff5bba85e93edc607e0d225dee49ff9ed2303f
ce1f3b164255ce3015655133d7def8cecf3d06186f3e25e72f247d21fbc6161f
cf66f06b92bbd5f692d231d5457bb023d45f36f06e60b40f4444375d6e4dad30
d159c485669a4e545a47ecd5fd7a705d04e450295f0d8649fe9b49b4e1916cb0
d206064353aa1d9b4e0e02aef3bcdbf9fc4dd274aaee45c8d9046ff0c44bdf23
d471de46201a3262c595e5347ca58c42c31984c5698cbb9fbf929dacf0d921a1
d6fe19d894fa069a9f5450f406f560635a2a1a7e8b99501f815dd1b088f666a7
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03
dcc03e67388fc47df733e0933ecb66bce3915b494a7ab920776ebbbfbebde84a
dda4d3f91400496413813585cbf16ab6737e90a885edc1359e46e804b21eb248
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e753f8d0bf9fcf0a7db44a8b0c324d3691bf223821e338cbcdf5762c7c132b16
e7c886604bb5afc8fc4a9c095b8db670a2add3b32acec6fcc4c7fe429d39e1e3
f1af3d8764c953e392d3f12b9645ac7f1826b19d9204534a08634761adc75b31
fb759f336d8732288a8fbe36d47a4130c59c175cddd1f4c516a29c377458dee1
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa