{"version":"6.1.4.0","modified":"3/13/2026","securityHeaders":["Content-Security-Policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https:; object-src 'self' https:; frame-ancestors 'self' https:; frame-src 'self' https: *.hcaptcha.com *.google.com; worker-src 'self' https:; base-uri 'self' https:;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default","Strict-Transport-Security: max-age=31536000; includeSubDomains; preload","Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api","Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD","Access-Control-Allow-Origin: *","Access-Control-Max-Age: 86400","Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()","X-Frame-Options: SAMEORIGIN","X-Xss-Protection: 1; mode=block; report=https://reports.emoney.com/sh/xss","Referrer-Policy: strict-origin","Expect-CT: max-age=604800, report-uri=\"https://reports.emoney.com/sh/ct\"","NEL: {\"report_to\":\"default\",\"max_age\":10886400}","Report-To: {\"group\":\"default\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://reports.emoney.com/sh/rt\"}],\"include_subdomains\":true}","X-Content-Type-Options: nosniff","Set-Cookie: AspxAutoDetectCookieSupport=1; path=/; secure; HttpOnly"],"dbCanConnect":true,"useVault":true}