accept-rangesbytes
access-control-allow-credentialsfalse
access-control-allow-headers*
access-control-allow-methodsGET,POST
access-control-allow-origin*
access-control-max-age86400
cache-controlmax-age=0
connectionclose
content-length13596
content-security-policyframe-ancestors 'self', default-src 'self' *.grubhub.com grubhub.com *.dine.online *.datadog.hq cdn.contentful.com *.forter.com maps.googleapis.com six.cdn-net.com www.cdn-net.com pinpad.paysecure.acculynk.net; frame-src 'self' *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com analytics.tiktok.com analytics.twitter.com analytics.churnzero.com apps.rokt.com apps.rokt-api.com apps-demo.rokt.com everestjs.net *.doubleclick.net accounts.google.com checkout.paypal.com googletagmanager.com www.googletagmanager.com insight.adsrvr.org match.adsrvr.org na.account.amazon.com prod.accdab.net six.cdn-net.com www.cdn-net.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com *.amazon-adsystem.com *.facebook.com *.kroger.com *.ispot.tv *.w55c.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.payments-amazon.com *.tags.tiqcdn.com redditstatic.com js.adsrvr.org *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com *.forter.com *.rokt.com *.rokt-api.com *.cookielaw.org *.everestjs.net six.cdn-net.com www.cdn-net.com https://cdn.prod.uidapi.com https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com analytics.churnzero.net analytics.tiktok.com analytics.twitter.com tags.tiqcdn.com www.google-analytics.com google-analytics.com *.forter.com *.cookielaw.org *.payments-amazon.com platform.twitter.com static.ads-twitter.com www.googletagmanager.com *.cdn-net.com apps.rokt.com apps.rokt-api.com apps-demo.rokt.com maps.googleapis.com cdn.branch.io www.googleadservices.com *.mountain.com app.link googleads.g.doubleclick.net connect.facebook.net assets.loginwithamazon.com accounts.google.com apis.google.com analytics.tiktok.com c.amazon-adsystem.com google-analytics.com google.com googleads.g.doubleclick.net googleadservices.com googletagmanager.com gstatic.com prod.accdab.net redditstatic.com s.pinimg.com everestjs.net d.impactradius-event.com tag.havasedge.com pixel.mathtag.com www.gstatic.com bat.bing.com px.airpr.com www.redditstatic.com js.adsrvr.org ext.chtbl.com www.google.com collector-21091.us.tvsquared.com innovid.com www.everestjs.net six.cdn-net.com www.cdn-net.com https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com analytics.tiktok.com bat.bing.com connect.facebook.net js.adsrvr.org sc-static.net www.redditstatic.com c.amazon-adsystem.com googleads.g.doubleclick.net platform.twitter.com; img-src 'self' *.cloudinary.com *.grubhub.com grubhub.com *.cloudfront.net *.instacart.com *.pinterest.com *.cookielaw.org cm.everesttech.net t.co www.google-analytics.com google-analytics.com analytics.twitter.com *.doubleclick.net maps.gstatic.com *.googleapis.com www.google.com data: www.facebook.com trkn.us event.havasedge.com grubhubimages-dev.s3.amazonaws.com tags.w55c.net data.adxcel-ec2.com b.videoamp.com ext.chtbl.com bat.bing.com px.airpr.com redditstatic.com js.adsrvr.org adservice.google.com alb.reddit.com b.videoamp.com www.googletagmanager.com insight.adsrvr.org s3.amazonaws.com collector-21091.us.tvsquared.com innovid.com analytics.tiktok.com pt.ispot.tv; style-src-elem 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.googleapis.com accounts.google.com pixel.mathtag.com; style-src 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.googleapis.com six.cdn-net.com www.cdn-net.com; font-src 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.gstatic.com static.rakuten.com; connect-src 'self' *.grubhub.com grubhub.com browser-intake-datadoghq.com *.px-cloud.net preview.connectful.com *.braze.com *.google-analytics.com www.google.com google.com google-analytics.com *.rokt.com *.rokt-api.com *.cookielaw.org *.forter.com wss://cdn0.forter.com analytics.tiktok.com geolocation.onetrust.com preview.contentful.com stats.g.doubleclick.net privacyportal.onetrust.com *.googleapis.com sentry.io api2.branch.io *.facebook.com facebook.com bat.bing.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com www.gstatic.com maps.gstatic.com data: cdn.contentful.com collect.tealiumiq.com b.px-cdn.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 prod.accdab.net trkn.us seamless.dcm9zy.net s3.amazonaws.com conversions-config.reddit.com pixel-config.reddit.com www.redditstatic.com web.chtbl.com grubhub.vdcy.net insight.adsrvr.org collector-21091.us.tvsquared.com innovid.com six.cdn-net.com www.cdn-net.com https://*.prod.uidapi.com https://prod.uidapi.com https://api.stripe.com https://maps.googleapis.com https://pinpad.paysecure.acculynk.net *.devcycle.com siteperformancetest.net *.doubleclick.net *.cloudfront.net ad.doubleclick.net;
content-typetext/html
dateFri, 24 Apr 2026 15:42:23 GMT
etag"69e63e3a-351c"
gh-request-id2fc64890-3ff4-11f1-8891-810e8d1b6e6a
last-modifiedMon, 20 Apr 2026 14:54:50 GMT
serveropenresty
set-cookievh-expiry=2026-04-24T15:42:27.130Z
strict-transport-securitymax-age=31536000
varyAccept-Encoding
via1.1 varnish
x-backend-name6DUGJzMo9uYmUHwU46uwZE--F_us_east_1
x-cacheMISS
x-cache-hits0
x-content-type-optionsnosniff
x-frame-optionsSAMEORIGIN
x-served-bycache-iad-kiad7000075-IAD
x-timerS1777045343.128550,VS0,VE7
x-xss-protection1; mode=block