HTTP/1.1 400 Bad Request
Date: Sat, 24 Jan 2026 02:57:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 406
Connection: close
access-control-allow-origin: *
etag: W/"196-HUCJKwlQurC5GNaaJnH0d+HOnRw"
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=LaPSB2VBvQ0mgMo9plVHH13XGfJxAF5vfbVLJnUKutg%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1769223468"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=LaPSB2VBvQ0mgMo9plVHH13XGfJxAF5vfbVLJnUKutg%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1769223468"
Server: cloudflare
via: 2.0 heroku-router
x-powered-by: Express
cf-cache-status: DYNAMIC
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=9,cfOrigin;dur=218
Strict-Transport-Security: max-age=2592000; includeSubDomains
CF-RAY: 9c2c43f4fe180a9d-SIN
alt-svc: h3=":443"; ma=86400


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST"}}]}

HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Jan 2026 02:57:47 GMT
Content-Length: 0
Connection: close
Location: https://api-staging.product.merthin.com/
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=I3Fu2MRmrFRqCZMZ2o21CKBKUBrnept2cGa7TVzaEVwpkA9JhyrdX3YCh1vNN3tl1EQTvgZcnxKJopXXOpNCN2u%2FdrFcgNO3ytviEOJML6KKwpZjseBLEB1KhQP%2FlGLILrBP4uO%2Bx5ab%2B9s%3D"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfEdge;dur=13,cfOrigin;dur=0
Server: cloudflare
CF-RAY: 9c2c43f0edff3d95-SIN
alt-svc: h3=":443"; ma=86400

HTTP/1.1 400 Bad Request
Date: Sat, 24 Jan 2026 02:57:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 406
Connection: close
access-control-allow-origin: *
etag: W/"196-HUCJKwlQurC5GNaaJnH0d+HOnRw"
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=LaPSB2VBvQ0mgMo9plVHH13XGfJxAF5vfbVLJnUKutg%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1769223468"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=LaPSB2VBvQ0mgMo9plVHH13XGfJxAF5vfbVLJnUKutg%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1769223468"
Server: cloudflare
via: 2.0 heroku-router
x-powered-by: Express
cf-cache-status: DYNAMIC
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=7,cfOrigin;dur=220
Strict-Transport-Security: max-age=2592000; includeSubDomains
CF-RAY: 9c2c43f4fbc0f8ec-SIN
alt-svc: h3=":443"; ma=86400


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST"}}]}

HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Jan 2026 02:57:47 GMT
Content-Length: 0
Connection: close
Location: https://api-staging.product.merthin.com/
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Hvrr6QY9Yl7H3VmL78Wqx%2FV3iCuXfrNAPStQT%2F8YXHvD4cJ3enk4SCaU2LgezwtV2wixg7f9%2BR0QQ1XVjoR8e7wXNgKn%2BcC1IHoDtGKvFjy5Twh82Am6UHk2mGYWc0e7LNpqugOoG3Ax1yE%3D"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfEdge;dur=9,cfOrigin;dur=0
Server: cloudflare
CF-RAY: 9c2c43f0fd25ca12-SIN
alt-svc: h3=":443"; ma=86400

HTTP/1.1 400 Bad Request
Date: Sat, 24 Jan 2026 02:57:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 406
Connection: close
access-control-allow-origin: *
etag: W/"196-HUCJKwlQurC5GNaaJnH0d+HOnRw"
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=LaPSB2VBvQ0mgMo9plVHH13XGfJxAF5vfbVLJnUKutg%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1769223468"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=LaPSB2VBvQ0mgMo9plVHH13XGfJxAF5vfbVLJnUKutg%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1769223468"
Server: cloudflare
via: 2.0 heroku-router
x-powered-by: Express
cf-cache-status: DYNAMIC
Server-Timing: cfCacheStatus;desc="DYNAMIC"
Server-Timing: cfEdge;dur=15,cfOrigin;dur=635
Strict-Transport-Security: max-age=2592000; includeSubDomains
CF-RAY: 9c2c43f48860cdfd-SIN
alt-svc: h3=":443"; ma=86400


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST"}}]}

HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Jan 2026 02:57:47 GMT
Content-Length: 0
Connection: close
Location: https://api-staging.product.merthin.com/
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=z%2FgckWkCSOvFtjm0nDY0ZKtWVhgj9mPINELMKqY%2BGHdB2WGvqOvHWNRC9VbGC457wUf%2BATL0v0J7o8sRp5rdJzKcH4NC9MYBxZDzwKRwH86pGzMVhQHD2XtYAOI3y%2BU%3D"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server-Timing: cfEdge;dur=10,cfOrigin;dur=0
Server: cloudflare
CF-RAY: 9c2c43f0eb68ce3d-SIN
alt-svc: h3=":443"; ma=86400

HTTP/1.1 400 Bad Request
Date: Fri, 23 Jan 2026 05:27:52 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 406
Connection: close
access-control-allow-origin: *
etag: W/"196-HUCJKwlQurC5GNaaJnH0d+HOnRw"
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=s%2BwDhR09BNOALM2o0wqXZX3pRRq%2Fam0Hy3fjZODdAWA%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1769146072"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=s%2BwDhR09BNOALM2o0wqXZX3pRRq%2Fam0Hy3fjZODdAWA%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1769146072"
Server: cloudflare
via: 2.0 heroku-router
x-powered-by: Express
cf-cache-status: DYNAMIC
Strict-Transport-Security: max-age=2592000; includeSubDomains
CF-RAY: 9c24e266a83d8c49-FRA
alt-svc: h3=":443"; ma=86400


{"errors":[{"message":"This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n","extensions":{"code":"BAD_REQUEST"}}]}