HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 15 May 2024 05:36:34 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.iredcross.org/
HTTP/1.1 302 Found
Server: CloudWAF
Date: Wed, 15 May 2024 05:36:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=e5ebe73f27c7deff6e; path=/
Set-Cookie: HWWAFSESTIME=1715751395419; path=/
Location: https://www.iredcross.org/dpcredcrossbazaar
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Length,Content-Range
Content-Security-Policy: default-src 'self' ; frame-ancestors 'self' https://www.youtube.com https://www-cdn.iredcross.org ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: https://analytics.tiktok.com/ https://www.facebook.com/ https://stats.g.doubleclick.net/ *.clarity.ms/ https://www.google-analytics.com/ https://cdn.tiny.cloud/ https://graph.facebook.com/ https://web.facebook.com/ https://z-p3-graph.facebook.com/ https://ljsp.lwcdn.com/ https://pmi.flowplayer.com/ https://ihi.flowplayer.com/ https://www.googletagmanager.com/ https://paapayon.redcross365.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://wisimo-m.wisimo.com/ *.iredcross.org/; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://wisimo-m.wisimo.com/ ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://sp.tinymce.com/ https://www.facebook.com/ https://www.google-analytics.com/ *.redcross365.com/ https://i.ytimg.com/ https://www.google.com/ https://www.google.co.th/ https://web.facebook.com/ https://www.googletagmanager.com/ *.iredcross.org https://googleads.g.doubleclick.net/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.google-analytics.com/ https://www.clarity.ms/ https://www.googletagmanager.com/ https://apis.google.com/ https://cdn.tiny.cloud/ https://accounts.google.com/ https://googleads.g.doubleclick.net/ https://analytics.tiktok.com/ https://www.google.com/ https://www.gstatic.com/ https://www.googleadservices.com/; style-src 'self' 'unsafe-inline' https://cdn.tiny.cloud/ https://fonts.googleapis.com/ https://accounts.google.com/ *.iredcross.org/ ; font-src 'self' data: https://fonts.gstatic.com/; frame-src 'self' https://www.facebook.com/ https://www.youtube.com/ https://youtu.be/ https://accounts.google.com/ https://www.google.com/ https://www-cdn.iredcross.org/ ; object-src 'self' ;
X-Frame-Options: ALLOW-FROM https://admin.iredcross.org
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Cache-Control: public
Public-Key-Pins: pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000i
HTTP/1.1 200 OK
Server: CloudWAF
Date: Wed, 15 May 2024 05:36:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=e5ebe76f27c7deff6e; path=/
Set-Cookie: HWWAFSESTIME=1715751395419; path=/
Vary: Accept-Encoding
Set-Cookie: ci_session=dcsbvsr9md3ek2qbhfpan4q5d8dgk3mg; expires=Sat, 07 Sep 2024 23:23:14 GMT; Max-Age=9999999; path=/; HTTPOnly; Secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: no-store, max-age=0, no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Content-Length,Content-Range
Content-Security-Policy: default-src 'self' ; frame-ancestors 'self' https://www.youtube.com https://www-cdn.iredcross.org ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: https://analytics.tiktok.com/ https://www.facebook.com/ https://stats.g.doubleclick.net/ *.clarity.ms/ https://www.google-analytics.com/ https://cdn.tiny.cloud/ https://graph.facebook.com/ https://web.facebook.com/ https://z-p3-graph.facebook.com/ https://ljsp.lwcdn.com/ https://pmi.flowplayer.com/ https://ihi.flowplayer.com/ https://www.googletagmanager.com/ https://paapayon.redcross365.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://wisimo-m.wisimo.com/ *.iredcross.org/; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://wisimo-m.wisimo.com/ ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://sp.tinymce.com/ https://www.facebook.com/ https://www.google-analytics.com/ *.redcross365.com/ https://i.ytimg.com/ https://www.google.com/ https://www.google.co.th/ https://web.facebook.com/ https://www.googletagmanager.com/ *.iredcross.org https://googleads.g.doubleclick.net/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.google-analytics.com/ https://www.clarity.ms/ https://www.googletagmanager.com/ https://apis.google.com/ https://cdn.tiny.cloud/ https://accounts.google.com/ https://googleads.g.doubleclick.net/ https://analytics.tiktok.com/ https://www.google.com/ https://www.gstatic.com/ https://www.googleadservices.com/; style-src 'self' 'unsafe-inline' https://cdn.tiny.cloud/ https://fonts.googleapis.com/ https://accounts.google.com/ *.iredcross.org/ ; font-src 'self' data: https://fonts.gstatic.com/; frame-src 'self' https://www.facebook.com/ https://www.youtube.com/ https://youtu.be/ https://accounts.google.com/ https://www.google.com/ https://www-cdn.iredcross.org/ ; object-src 'self' ;
X-Frame-Options: ALLOW-FROM https://admin.iredcross.org
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Cache-Control: public
Public-Key-Pins: pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000i
|