HTTP Header
0 :HTTP/1.1 301 Moved Permanently
Server :nginx/1.28.0
Date :Mon, 09 Feb 2026 17:48:43 GMT
Content-Type :text/html
Content-Length :169
Connection :close
Location :https://design-bestseller.de/
1 :HTTP/1.1 302 Found
Content-Security-Policy-Report-Only :font-src https://cdn.riverty.design/ https://ndgit-financing-platform-test.apps.ndgit.com https://nd
git-financing-platform-live.apps.ndgit.com https://ndgit.com http://localhost:1337 http://localhost:
4200 data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com
1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centin
elapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uc8.tv
*.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon
.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.
doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommer
ce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com
centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com
player.vimeo.com https://www.google.com/recaptcha/ uc8.tv https://documents.riverty.com/ *.amazon.co
m *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.paymen
ts-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon
.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.do
ubleclick.net secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com
https://ndgit-financing-platform-test.apps.ndgit.com https://ndgit-financing-platform-live.apps.ndg
it.com https://ndgit.com http://localhost:1337 http://localhost:4200 https://www.google-analytics.co
m https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com 'self
' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech
.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.
doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletag
manager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.
com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv
https://cdn.riverty.design/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6
e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfr
ont.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d1
3s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hk
a.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront
.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomic
xw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cl
oudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-image
s-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon
.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it
*.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.z
enaps.com *.wepowerconnections.com https://images.unsplash.com https://eprel.ec.europa.eu cdn.pay1.d
e x.klarnacdn.net *.cloudfront.net m.media-amazon.com https://ndgit-financing-platform-test.apps.ndg
it.com https://ndgit-financing-platform-live.apps.ndgit.com https://ndgit.com http://localhost:1337
http://localhost:4200 https://www.googletagmanager.com https://*.googletagmanager.com https://*.anal
ytics.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.
g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googlet
agmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.co
m geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestes
t.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com ww
w.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recapt
cha/ https://www.google.com/recaptcha/ uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.i
o/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.paym
ents-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.co
m *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com
https://maps.googleapis.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.n
et cdn.klarna.com jsctool.com d.payla.io *.tweakwise.com *.tweakwisenavigator.net https://ndgit-fina
ncing-platform-test.apps.ndgit.com https://consumer-financing-platform-test-api.apps.ndgit.com https
://consumer-financing-platform-prod-api.apps.ndgit.com https://consumer-financing-platform-live-api.
apps.ndgit.com https://ndgit-financing-platform-live.apps.ndgit.com https://ndgit.com http://localho
st:1337 http://localhost:4200 https://www.googletagmanager.com https://*.googletagmanager.com https:
//*.analytics.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com d
.payla.io dr.payla.io https://ndgit-financing-platform-test.apps.ndgit.com https://ndgit-financing-p
latform-live.apps.ndgit.com https://ndgit.com http://localhost:1337 http://localhost:4200 'self' 'un
safe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manif
est-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservi
ces.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-d
ata.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.co
m 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ww
w.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com uc8.tv https:
//cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.a
fterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowd
in.net/ https://api.crowdin.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it
*.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.
jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonserv
ices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.f
r mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecom
merce.com https://maps.googleapis.com https://player.vimeo.com payments.amazon.de payments-eu.amazon
.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.tweakwise.com *.tweakwisenavigator.net
https://ndgit-financing-platform-test.apps.ndgit.com https://consumer-financing-platform-test-api.ap
ps.ndgit.com https://consumer-financing-platform-prod-api.apps.ndgit.com https://consumer-financing-
platform-live-api.apps.ndgit.com https://ndgit-financing-platform-live.apps.ndgit.com https://ndgit.
com http://localhost:1337 http://localhost:4200 https://www.google-analytics.com https://*.google-an
alytics.com https://*.googletagmanager.com https://*.analytics.google.com 'self' 'unsafe-inline'; ch
ild-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsa
fe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
X-Content-Type-Options :nosniff
X-XSS-Protection :1; mode=block
X-Frame-Options :SAMEORIGIN
Set-Cookie :PHPSESSID=hfbu47lb0m04noarhk7rhb7gf3; expires=Thu, 12-Feb-2026 17:48:43 GMT; Max-Age=259200; path=/;
domain=.design-bestseller.de; secure; HttpOnly; SameSite=Lax
X-UA-Compatible :IE=edge
Vary :Accept-Encoding
Pragma :no-cache
Expires :-1
Cache-Control :no-store, no-cache, must-revalidate, max-age=0
2 :HTTP/1.1 200 OK
x-built-with :Hyva Themes
Link :; rel=preload; as=script, ; rel=preload; as=style, 
