HTTP/1.1 200 OK
Connection: Keep-Alive
X-Powered-By: PHP/7.2.32
Pragma: cache
Cache-Control: max-age=86400, public, s-maxage=86400
Expires: Fri, 31 Jul 2020 16:13:56 GMT
X-Magento-Tags: store,cms_b,cat_c,cat_c_3094,cat_c_1898,cat_c_1896,cat_c_2605,cat_c_1897,cat_c_3391,cat_c_1906,cat_c_1899,cms_b_top4,cms_b_page4banners,cms_p_2,cms_b_athlete_cart_promotion,cms_b_97,cms_b_Pokemon_small_1,cms_b_101,cms_b_Magic_small_1,cms_b_105,cms_b_Yugioh_small_1,cms_b_194,cms_b_transformers_small_1,cms_b_241,cms_b_homeblock-1,cms_b_242,cms_b_homeblock-2,cms_b_243,cms_b_homeblock-3,cms_b_244,cms_b_homeblock-4,cms_b_245,cms_b_homeblock-5,cms_b_246,cms_b_homeblock-6,cms_b_247,cms_b_homeblock-7,cms_b_248,cms_b_homeblock-8,cms_b_249,cms_b_homeblock-9,cms_b_250,cms_b_homeblock-10,cms_b_251,cms_b_homeblock-11,cms_b_252,cms_b_homeblock-12,cms_b_253,cms_b_homeblock-13,cms_b_254,cms_b_homeblock-14,cms_b_255,cms_b_homeblock-15,cms_b_256,cms_b_homeblock-16,cat_p_90985,cat_p,cat_p_105960,cat_p_94300,cat_p_105962,cat_p_100465,cat_p_105959,cat_p_105961,cat_p_107723,cat_p_105958,cat_p_97647,cat_p_106608,cat_p_92826,cat_p_96286,cat_p_109955,cat_p_109971,cat_p_109987,cat_p_110003,cat_p_110020,cat_p_110036,cat_p_110053,cat_p_110069,cat_p_109945,cat_p_109964,cat_p_109980,cat_p_109996,cat_p_110013,cat_p_79809,cat_p_108576,cat_p_108680,cat_p_108551,cat_p_106501,cat_p_100169,mfb_p_0,mfb_p_1083,mfb_p_1081,mfb_p_1076,mfb_p_1077,cms_b_trustpilot1,cms_b_athlete2-footer-content
Content-Security-Policy-Report-Only: font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.icons8.com *.fontawesome.com *.hotjar.com *.zopim.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.zopim.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com platform.twitter.com *.twitter.com *.zopim.com *.trustpilot.com *.consensu.org *.hotjar.com *.sharethis.com *.google.com *.https://app.clickup.com/t/6gkgpw 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.google.com *.google.co.in *.zopim.com *.zopim.io *.sharethis.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.trustpilot.com *.sharethis.com *.hotjar.com chimpstatic.com *.zopim.com *.zdassets.com *.doubleclick.net *.google.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.icons8.com *.bootstrapcdn.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.zopim.com *.sharethis.com *.zdassets.com *.trustpilot.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: upgrade-insecure-requests;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Date: Thu, 30 Jul 2020 16:13:56 GMT
Server: LiteSpeed
X-UA-Compatible: IE=edge
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000