urlscan.io logo urlscan.io
SecurityTrails logo

www.doterra.com Open in urlscan Pro
45.60.14.13  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.lightintuitive.com/
Effective URL: https://www.doterra.com/US/en/site//eve
Submission: On October 28 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 12 domains to perform 53 HTTP transactions. The main IP is 45.60.14.13, located in United States and belongs to INCAPSULA, US. The main domain is www.doterra.com. The Cisco Umbrella rank of the primary domain is 156935.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 25th 2022. Valid for: a year.
This is the only time www.doterra.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    67.223.118.63 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium262-1.web-hosting.com
www.lightintuitive.com
33    45.60.14.13 (United States)

ASN19551 (INCAPSULA, US)
www.mydoterra.com
my.doterra.com
www.doterra.com
1    2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
6    99.84.146.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-146-18.txl52.r.cloudfront.net
consent.trustarc.com
1    52.32.61.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-61-98.us-west-2.compute.amazonaws.com
mydoterra.queue-it.net
1    2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    151.101.65.21 (United States)

ASN54113 (FASTLY, US)
www.paypal.com
5    52.218.128.146 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-w.amazonaws.com
doterra-prod-media1.s3.amazonaws.com
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
t.paypal.com
1    2600:9000:2240:e600:1:fb61:2b80:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.levelaccess.net
1    2600:1f18:4457:4600:eeb7:e838:a394:4062 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
api.levelaccess.net
Apex Domain
Subdomains		 Transfer
30 doterra.com
my.doterra.com
www.doterra.com — Cisco Umbrella Rank: 156935
2 MB
6 trustarc.com
consent.trustarc.com — Cisco Umbrella Rank: 2985
39 KB
5 amazonaws.com
doterra-prod-media1.s3.amazonaws.com — Cisco Umbrella Rank: 351099
29 KB
3 gstatic.com
fonts.gstatic.com
www.gstatic.com
236 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 40
2 KB
3 mydoterra.com
www.mydoterra.com
1 KB
2 levelaccess.net
cdn.levelaccess.net — Cisco Umbrella Rank: 12990
api.levelaccess.net — Cisco Umbrella Rank: 13777
62 KB
2 paypal.com
www.paypal.com — Cisco Umbrella Rank: 2383
t.paypal.com — Cisco Umbrella Rank: 3098
6 KB
2 lightintuitive.com
www.lightintuitive.com
422 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 52
90 KB
1 queue-it.net
mydoterra.queue-it.net — Cisco Umbrella Rank: 334777
924 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
994 B
53 12
Domain Requested by
28 www.doterra.com www.mydoterra.com
www.doterra.com
cdn.levelaccess.net
6 consent.trustarc.com www.doterra.com
consent.trustarc.com
5 doterra-prod-media1.s3.amazonaws.com www.doterra.com
3 fonts.googleapis.com www.doterra.com
client
3 www.mydoterra.com 2 redirects
2 fonts.gstatic.com fonts.googleapis.com
2 my.doterra.com 2 redirects
2 www.lightintuitive.com 2 redirects
1 api.levelaccess.net cdn.levelaccess.net
1 cdn.levelaccess.net www.googletagmanager.com
1 t.paypal.com www.doterra.com
1 www.gstatic.com www.google.com
1 www.paypal.com www.doterra.com
1 www.googletagmanager.com www.doterra.com
1 mydoterra.queue-it.net www.doterra.com
1 www.google.com www.doterra.com
53 16
Subject Issuer Validity Valid
*.mydoterra.com
Go Daddy Secure Certificate Authority - G2		 2022-05-03 -
2023-05-21		 a year crt.sh
*.doterra.com
Go Daddy Secure Certificate Authority - G2		 2022-02-25 -
2023-03-29		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
*.trustarc.com
Amazon		 2022-05-17 -
2023-06-15		 a year crt.sh
*.queue-it.net
Amazon		 2022-09-22 -
2023-10-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2022-04-12 -
2023-04-12		 a year crt.sh
*.s3.amazonaws.com
Amazon		 2021-12-15 -
2022-12-03		 a year crt.sh
cdn.levelaccess.net
Amazon		 2022-01-30 -
2023-02-27		 a year crt.sh
api.levelaccess.net
Amazon		 2022-01-30 -
2023-02-28		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.doterra.com/US/en/site//eve
Frame ID: 224E9F9454A0AF42E89156C3CEDB6384
Requests: 52 HTTP requests in this frame

Frame: https://consent.trustarc.com/get?name=crossdomain.html&domain=doterra-cm1.com
Frame ID: 5F26FE548D42C293431F2AF1698975B9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Doterra US Site | dōTERRA Essential Oils

Page URL History Show full URLs

  1. http://www.lightintuitive.com/ HTTP 301
    https://www.lightintuitive.com/ HTTP 302
    http://www.mydoterra.com/eve HTTP 301
    https://www.mydoterra.com/eve HTTP 301
    https://www.mydoterra.com/eve/ Page URL
  2. http://my.doterra.com//eve HTTP 301
    https://my.doterra.com//eve HTTP 302
    https://www.doterra.com/US/en/site//eve Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+/(?:sys_master|hybr|_ui/(?:.*responsive/)?(?:desktop|common(?:/images|/img|/css|ico)?))/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • consent\.trustarc\.com
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

53
Requests

100 %
HTTPS

50 %
IPv6

12
Domains

16
Subdomains

13
IPs

2
Countries

2611 kB
Transfer

11326 kB
Size

22
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.lightintuitive.com/ HTTP 301
    https://www.lightintuitive.com/ HTTP 302
    http://www.mydoterra.com/eve HTTP 301
    https://www.mydoterra.com/eve HTTP 301
    https://www.mydoterra.com/eve/ Page URL
  2. http://my.doterra.com//eve HTTP 301
    https://my.doterra.com//eve HTTP 302
    https://www.doterra.com/US/en/site//eve Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.lightintuitive.com/ HTTP 301
  • https://www.lightintuitive.com/ HTTP 302
  • http://www.mydoterra.com/eve HTTP 301
  • https://www.mydoterra.com/eve HTTP 301
  • https://www.mydoterra.com/eve/

53 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.mydoterra.com/eve/
Redirect Chain
  • http://www.lightintuitive.com/
  • https://www.lightintuitive.com/
  • http://www.mydoterra.com/eve
  • https://www.mydoterra.com/eve
  • https://www.mydoterra.com/eve/
89 B
614 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.mydoterra.com/eve/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://shop.doterra.com;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
frame-ancestors 'self' https://shop.doterra.com;
content-type
text/html;charset=UTF-8
date
Fri, 28 Oct 2022 03:38:27 GMT
p3p
CP='PUB OTRo'
server
Apache
x-cdn
Imperva
x-iinfo
2-121731279-121731283 PNYN RT(1666928306130 651) q(0 0 0 -1) r(2 2) U12

Redirect headers

content-length
305
content-security-policy
frame-ancestors 'self' https://shop.doterra.com;
content-type
text/html; charset=iso-8859-1
date
Fri, 28 Oct 2022 03:38:27 GMT
location
https://www.mydoterra.com/eve/
server
Apache
x-cdn
Imperva
x-iinfo
2-121731279-121731283 NNNN CT(154 315 0) RT(1666928306130 16) q(0 0 5 0) r(6 6) U11
Primary Request eve
www.doterra.com/US/en/site//
Redirect Chain
  • http://my.doterra.com//eve
  • https://my.doterra.com//eve
  • https://www.doterra.com/US/en/site//eve
231 KB
233 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/US/en/site//eve
Requested by
Host: www.mydoterra.com
URL: https://www.mydoterra.com/eve/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
bffeee1bb0191d9da20982d288a1a78ed5443f29ab2db7213b57a29efadee131
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mydoterra.com/eve/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache no-store
content-language
en-US
content-type
text/html;charset=UTF-8
date
Fri, 28 Oct 2022 03:38:28 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
strict-transport-security
max-age=31536000 ; includeSubDomains
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
5-219188343-219039783 pNNN RT(1666928307078 348) q(0 0 0 -1) r(2 2) U12
x-xss-protection
1; mode=block

Redirect headers

content-length
0
location
https://www.doterra.com/US/en/site//eve
server
BigIP
x-cdn
Imperva
x-iinfo
5-219188343-219039783 pNNN RT(1666928307078 23) q(0 1 1 96) r(2 2) U11
r-Lord-with-vpbrant-speake-to-to-sore-againe-at-
www.doterra.com/ 		161 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/r-Lord-with-vpbrant-speake-to-to-sore-againe-at-
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash
ccb892d496aebd26f364f11629392ff8ef3da5f7886b284797566e1f803ebfe7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
server
bon
x-cdn
Imperva
content-type
text/javascript
access-control-allow-origin
*
x-iinfo
5-219188343-219188408 NNNN CT(4 4 0) RT(1666928307078 640) q(0 0 0 -1) r(0 0) U2
cache-control
private, max-age=60
server-timing
bon, total;dur=0.15234999999999999
content-length
53282
slick-theme_1.8.1.min.css
www.doterra.com/_ui/desktop/common/css/ 		2 KB
968 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/css/slick-theme_1.8.1.min.css?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
528eb4900ccdd06e15447187e3b5e68f6563f7e4e4941cba627859b107441224

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:27 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:57:00 GMT
x-cdn
Imperva
etag
W/"2408-1666367820000"
content-type
text/css;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 637) q(0 -1 -1 -1) r(0 -1)
content-length
800
bootstrap-3-styles.css
www.doterra.com/_ui/desktop/common/css/ 		3 MB
320 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/css/bootstrap-3-styles.css?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
18b6ad51483f97258984e2e49e7401f6965af03eb2868f637126d34283178b18
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 16:00:01 GMT
x-cdn
Imperva
etag
W/"3243510-1666368001000"
x-frame-options
SAMEORIGIN
content-type
text/css;charset=UTF-8
x-iinfo
5-219188343-219188410 nNNN RT(1666928307078 641) q(0 0 3 -1) r(4 4) U9
accept-ranges
bytes
logo.svg
www.doterra.com/_ui/desktop/common/images/wqa/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.doterra.com/_ui/desktop/common/images/wqa/logo.svg
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
6258cb0d1a0e764d2759b94a5e2143ba7860850c4a9d2abc1583ea62936b66d9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma
public
date
Fri, 28 Oct 2022 03:38:29 GMT
last-modified
Tue, 16 Aug 2022 21:30:27 GMT
x-cdn
Imperva
etag
W/"20691-1660685427000"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml;charset=UTF-8
x-iinfo
5-219188343-219039783 pNNN RT(1666928307078 1174) q(0 0 0 -1) r(2 2) U2
cache-control
public,max-age=54321
accept-ranges
bytes
content-length
20691
expires
Thu, 01 Jan 1970 00:00:54 GMT
logo-small.svg
www.doterra.com/_ui/desktop/common/images/wqa/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.doterra.com/_ui/desktop/common/images/wqa/logo-small.svg
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5afbbb8d5abc6e27981c58b4462b8466e0186fb1130fae2b3eb6f4e158061689

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Tue, 16 Aug 2022 21:30:27 GMT
x-cdn
Imperva
etag
W/"4148-1660685427000"
content-type
image/svg+xml;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1365) q(0 -1 -1 -1) r(0 -1)
content-length
1956
LavenderDefaultProfilePicture.jpg
www.doterra.com/_ui/desktop/common/assets-doterra/images/replicated-site/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.doterra.com/_ui/desktop/common/assets-doterra/images/replicated-site/LavenderDefaultProfilePicture.jpg
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
9cebe70455a582abc5c41e22c2deca55d608ca704649176416b0cf567a8ce725

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

x-iinfo
5-219188343-0 0CNN RT(1666928307078 1378) q(0 -1 -1 -1) r(0 -1)
date
Fri, 28 Oct 2022 03:38:28 GMT
last-modified
Thu, 19 May 2022 22:12:06 GMT
x-cdn
Imperva
etag
W/"9648-1652998326000"
content-length
8577
content-type
image/jpeg;charset=UTF-8
ecomm-header-webui.js
www.doterra.com/_ui/desktop/common/dist/ 		1 MB
267 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/dist/ecomm-header-webui.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
217aef87859223681a64d4332accd94049a57127b4e8ab05fe6ab6b2d41bdf0a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:27 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:59:37 GMT
x-cdn
Imperva
etag
W/"1135488-1666367977000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 679) q(0 -1 -1 -1) r(0 -1)
content-length
272888
plugins.js
www.doterra.com/_ui/desktop/common/dist/ 		521 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/dist/plugins.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
020bf2e0ef448b05d18a16fcb68d21c6179b550f82c1b287c86e8fe48c9f40fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:27 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:59:36 GMT
x-cdn
Imperva
etag
W/"533264-1666367976000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 719) q(0 -1 -1 -1) r(1 -1)
content-length
151616
webApplicationInjector.js
www.doterra.com/_ui/addons/smarteditaddon/shared/common/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/addons/smarteditaddon/shared/common/js/webApplicationInjector.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
dc09c3fc4aab87e37e3b5c533526bdf8bd27c28db3573b641df2abd2b02abeb8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 16:08:50 GMT
x-cdn
Imperva
etag
W/"7912-1666368530000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1391) q(0 -1 -1 -1) r(0 -1)
content-length
3100
reprocessPage.js
www.doterra.com/_ui/addons/smarteditaddon/shared/common/js/ 		703 B
492 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/addons/smarteditaddon/shared/common/js/reprocessPage.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
7ab5367f0039773f77fb519cf799a69cb5c567b50d95d42f0fa89928d266ed70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 10 Jan 2020 01:04:26 GMT
x-cdn
Imperva
etag
W/"703-1578618266000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1403) q(0 -1 -1 -1) r(0 -1)
content-length
368
adjustComponentRenderingToSE.js
www.doterra.com/_ui/addons/smarteditaddon/shared/common/js/ 		2 KB
924 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/addons/smarteditaddon/shared/common/js/adjustComponentRenderingToSE.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5a1cf84f88664fc6171a5aef150838d2e63831334a17a03c972aca3c2519c32f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 10 Jan 2020 01:04:26 GMT
x-cdn
Imperva
etag
W/"1877-1578618266000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1415) q(0 -1 -1 -1) r(0 -1)
content-length
823
custom.js
www.doterra.com/_ui/desktop/common/dist/ 		65 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/dist/custom.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a886d1c31bb83e3edf3710b266124d954d455ddda222299c594aeedd7e49e393

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:59:36 GMT
x-cdn
Imperva
etag
W/"67002-1666367976000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1426) q(0 -1 -1 -1) r(0 -1)
content-length
14964
sharebuttons.js
www.doterra.com/_ui/desktop/common/js/custom/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/js/custom/sharebuttons.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1fd2538a8e53dddd545d7bb1644c8e8b85822858c7582bb6118e77487bc0f4ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:27 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:57:00 GMT
x-cdn
Imperva
etag
W/"10965-1666367820000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 761) q(0 -1 -1 -1) r(0 -1)
content-length
3258
field-mask.js
www.doterra.com/_ui/desktop/common/js/custom/ 		3 KB
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/js/custom/field-mask.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d8d492e9940ea13f04fd72121c1bcc1daf6db4b23c3e86fafd220d78633c9061

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:27 GMT
content-encoding
gzip
last-modified
Thu, 19 May 2022 22:12:06 GMT
x-cdn
Imperva
etag
W/"3009-1652998326000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 774) q(0 -1 -1 -1) r(0 -1)
content-length
591
global.js
www.doterra.com/_ui/desktop/common/js/custom/ 		224 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/js/custom/global.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
864b1840a476e29bf37c7346e90540087b072658047640289d2de9be2000e76e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:57:00 GMT
x-cdn
Imperva
etag
W/"228920-1666367820000"
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-219039783 pNNN RT(1666928307078 788) q(0 0 0 -1) r(2 2) U9
accept-ranges
bytes
minicart.js
www.doterra.com/_ui/desktop/common/js/custom/ 		26 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/js/custom/minicart.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3ab75b264cfdbd7a751abcea9b36e62e4a1c16f4701811e12e14a217b8eaa45d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:57:00 GMT
x-cdn
Imperva
etag
W/"26737-1666367820000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1007) q(0 -1 -1 -1) r(0 -1)
content-length
6063
lrp-datepicker.js
www.doterra.com/_ui/desktop/common/js/custom/ 		17 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/js/custom/lrp-datepicker.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
137605dd03c1740ff2cb5767a6b199b83643270174411d41a138d8e01d12ac25

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:57:00 GMT
x-cdn
Imperva
etag
W/"17778-1666367820000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1043) q(0 -1 -1 -1) r(0 -1)
content-length
3748
api.js
www.google.com/recaptcha/ 		909 B
994 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
06510d1bd971f56a42e8c4bacb7f02739e1c74f72279c32a4fc79c9c5cfeee76
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
581
x-xss-protection
1; mode=block
expires
Fri, 28 Oct 2022 03:38:29 GMT
doterraFormValidation.js
www.doterra.com/_ui/desktop/common/js/custom/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/js/custom/doterraFormValidation.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1293064ef09cefcc669468aa5b44c867b8d8a6ac2705d90c3add7c38e46d055e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:57:00 GMT
x-cdn
Imperva
etag
W/"14728-1666367820000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1062) q(0 -1 -1 -1) r(0 -1)
content-length
3949
replicated-cache-clear.js
www.doterra.com/_ui/desktop/common/js/custom/ 		2 KB
893 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/js/custom/replicated-cache-clear.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ffc74932e113b0da44e2ade790dcde73c071aa191c230ae370a09dbe57c62084

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Thu, 19 May 2022 22:12:06 GMT
x-cdn
Imperva
etag
W/"1578-1652998326000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1080) q(0 -1 -1 -1) r(0 -1)
content-length
792
ecomm-webui.js
www.doterra.com/_ui/desktop/common/dist/ 		4 MB
799 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/_ui/desktop/common/dist/ecomm-webui.js?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
450f8c6eea304dd5b9ff1d4777b27aa850e25f6d899cb541fe52b153f67b8025

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:28 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 15:59:33 GMT
x-cdn
Imperva
etag
W/"4258106-1666367973000"
content-type
application/javascript;charset=UTF-8
x-iinfo
5-219188343-219183497 2CNN RT(1666928307078 1097) q(0 0 0 -1) r(0 0)
content-length
817506
css
fonts.googleapis.com/ 		10 KB
715 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:300,400,600,700,800,900&display=swap
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/_ui/desktop/common/css/bootstrap-3-styles.css?1138979
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ea6028aa03c2eda8725a67ffaff79e8498b464975d8a1744f983d9809c6810e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 28 Oct 2022 03:38:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 28 Oct 2022 03:38:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 28 Oct 2022 03:38:29 GMT
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:300,400,600,700,900&display=swap
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/_ui/desktop/common/css/bootstrap-3-styles.css?1138979
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
62d8bcb2d3c1af908bcab20ee9fc251b16d4e65f99ced2bd8f95f64460532a03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 28 Oct 2022 03:38:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 28 Oct 2022 03:38:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 28 Oct 2022 03:38:29 GMT
notice
consent.trustarc.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/notice?domain=doterra-cm1.com&c=teconsent&noticeType=bb&js=nj&text=true&gtm=1&language=en_US
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.146.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-146-18.txl52.r.cloudfront.net
Software
nginx /
Resource Hash
eea753361d2516e02fce9087c51d8e0a66d5884a33f32e8d67cae0c2d99df55f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 8a8ce1b655547c1da36b64e17700f010.cloudfront.net (CloudFront)
x-amz-cf-pop
TXL52-C1
age
20
x-cache
Hit from cloudfront
cloudfront-viewer-country
DE
content-length
5200
x-xss-protection
1; mode=block
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding, Origin
content-type
text/javascript;charset=UTF-8
cache-control
max-age=3600
cloudfront-viewer-country-region
HE
timing-allow-origin
*
x-amz-cf-id
CTocMVojxYE-1zUdJvbd0LMCdILGkyN_YNMPgv-J9KiAOL7DBKgeJg==
expires
Fri, 28 Oct 2022 04:38:09 GMT
1666928309870
mydoterra.queue-it.net/javascriptqueue/mydoterra/hybbogofeb2019/ 		391 B
924 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mydoterra.queue-it.net/javascriptqueue/mydoterra/hybbogofeb2019/1666928309870?t=https%3A%2F%2Fwww.doterra.com%2FUS%2Fen%2Fsite%2F%2Feve&ver=js2.0.20
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.61.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-61-98.us-west-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e96abf97f2ad4ce7fac463a2527c17ad14f4e2635a69c8db68239b370a119ca0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Oct 2022 03:38:30 GMT
server
Kestrel
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
content-type
application/javascript
cache-control
no-store, no-cache
x-robots-tag
noindex
content-length
391
gtm.js
www.googletagmanager.com/ 		261 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PHX657
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
70b170127089ea5c83f2feb5ecc78a4a55eeb6fc3ea2db259bc24fff157d1fc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:29 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
91324
x-xss-protection
0
last-modified
Fri, 28 Oct 2022 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 28 Oct 2022 03:38:29 GMT
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v28/ 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:300,400,600,700,800,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.doterra.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 21:06:52 GMT
x-content-type-options
nosniff
age
282697
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46524
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:58:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Oct 2023 21:06:52 GMT
spinner.gif
www.doterra.com/_ui/desktop/common/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.doterra.com/_ui/desktop/common/images/spinner.gif
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d314e23674a93dcaa9bfb72041d7da79fdba406f2d042b416356da52dec4af55

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

x-iinfo
5-219188343-0 0CNN RT(1666928307078 1914) q(0 -1 -1 -1) r(0 -1)
date
Fri, 28 Oct 2022 03:38:28 GMT
last-modified
Thu, 19 May 2022 22:12:06 GMT
x-cdn
Imperva
etag
W/"3990-1652998326000"
content-length
3990
content-type
image/gif;charset=UTF-8
rwp-background.jpg
www.doterra.com/_ui/desktop/common/assets-doterra/images/replicated-site/ 		179 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.doterra.com/_ui/desktop/common/assets-doterra/images/replicated-site/rwp-background.jpg?1138979
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/_ui/desktop/common/css/bootstrap-3-styles.css?1138979
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
12341eed35b9a73515ecd76ca09f6b87de1dc3bc3e40476b0d259cea76246126

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/_ui/desktop/common/css/bootstrap-3-styles.css?1138979
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

x-iinfo
5-219188343-219187733 2CNN RT(1666928307078 1918) q(0 1 1 -1) r(1 1)
date
Fri, 28 Oct 2022 03:38:29 GMT
last-modified
Fri, 21 Oct 2022 15:57:00 GMT
x-cdn
Imperva
etag
W/"183732-1666367820000"
content-length
183693
content-type
image/jpeg;charset=UTF-8
icon-chevron-thin-down-blue-dark.svg
www.doterra.com/_ui/desktop/common/images/wqa/icons/ 		1 KB
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.doterra.com/_ui/desktop/common/images/wqa/icons/icon-chevron-thin-down-blue-dark.svg
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/_ui/desktop/common/css/bootstrap-3-styles.css?1138979
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
73e336238f841bb74b2f18ff731ca9e0b35f8432d39f5800c03beba526c18c07

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/_ui/desktop/common/css/bootstrap-3-styles.css?1138979
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:29 GMT
content-encoding
gzip
last-modified
Thu, 19 May 2022 22:12:06 GMT
x-cdn
Imperva
etag
W/"1269-1652998326000"
content-type
image/svg+xml;charset=UTF-8
x-iinfo
5-219188343-0 0CNN RT(1666928307078 1919) q(0 -1 -1 -1) r(1 -1)
content-length
634
1Ptug8zYS_SKggPNyCMIT5lu.woff2
fonts.gstatic.com/s/raleway/v28/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyCMIT5lu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:300,400,600,700,800,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ab47b8f50fe4195819b4af2ac0fffb2b3543502e11282d492d6cd73c124845cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.doterra.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 21:30:49 GMT
x-content-type-options
nosniff
age
281260
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30448
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 20:08:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Oct 2023 21:30:49 GMT
pptm.js
www.paypal.com/tagmanager/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.doterra.com&source=checkoutjs&t=xo&v=4.0.328
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/_ui/desktop/common/dist/ecomm-webui.js?1138979
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-/9E/ZdNqDLMG9tZMad7xB4FJ+8cOtZJOMyGXbFC4tCG5wqSe' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-/9E/ZdNqDLMG9tZMad7xB4FJ+8cOtZJOMyGXbFC4tCG5wqSe' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 28 Oct 2022 03:38:30 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
3090
x-cache
HIT
paypal-debug-id
f76045439e055
server-timing
"traceparent;desc="00-0000000000000000000f76045439e055-8562f0fa622d6554-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4299
x-xss-protection
1; mode=block
x-served-by
cache-hhn4083-HHN
traceparent
00-0000000000000000000f76045439e055-7509e70b2cbd8ce2-01
x-timer
S1666928310.081759,VS0,VE3
etag
W/"2f34-zQQ0FVqIlbkbuS4WgpPW/nUPXC4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600
accept-ranges
bytes
x-cache-hits
1
13192617918494.png
doterra-prod-media1.s3.amazonaws.com/ha4/hca/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://doterra-prod-media1.s3.amazonaws.com/ha4/hca/13192617918494.png
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.128.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
02bf0953172eb43ce25854e2c452fb15d21575ee597897a69f061309ad7238c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 03:38:31 GMT
x-amz-version-id
NeI9RfljbVXpCA_FWTETnX4e4eYw6w3e
x-amz-request-id
72M9PP52Z2Y1WB5A
x-amz-replication-status
REPLICA
x-amz-meta-file-mtime
1561277478000000000ns
x-amz-meta-file-atime
1657792563448552091ns
x-amz-meta-file-group
503
Content-Length
4199
x-amz-id-2
NKszE6QBn7IQctjKJyS+HRflKbqeLwiqXQgznyjnBXk6cxs2qvyjKKPVStWdtVhorPooiUiPyWw=
Last-Modified
Fri, 15 Jul 2022 16:07:58 GMT
Server
AmazonS3
x-amz-meta-file-permissions
100664
ETag
"5c59848e2f0721b91e242a8419fbf8df"
x-amz-meta-user-agent
aws-datasync
Content-Type
image/png
x-amz-meta-file-owner
503
Accept-Ranges
bytes
13192618082334.png
doterra-prod-media1.s3.amazonaws.com/hd2/h79/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://doterra-prod-media1.s3.amazonaws.com/hd2/h79/13192618082334.png
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.128.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
f066307d2ba5ed08fcb231085b174a3415d7e084b4956799f4b70cd328e8a8a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 03:38:31 GMT
x-amz-version-id
9c1Qo.co4BS.FE63dfkG5gtUTXJ_PRr8
x-amz-request-id
72MCE69YHPNRAB03
x-amz-replication-status
REPLICA
x-amz-meta-file-mtime
1561277478000000000ns
x-amz-meta-file-atime
1657792563335552330ns
x-amz-meta-file-group
503
Content-Length
7408
x-amz-id-2
MndJixxubjlQLPqWW52p9hrY0vuNvHTS2ChtD9pyYRg9KPoYZ4dur0C+6sXA9wSeo8SmQVoKLmI=
Last-Modified
Fri, 15 Jul 2022 06:10:28 GMT
Server
AmazonS3
x-amz-meta-file-permissions
100664
ETag
"2b2e0b02d7b51838ac2e3c02eccd9528"
x-amz-meta-user-agent
aws-datasync
Content-Type
image/png
x-amz-meta-file-owner
503
Accept-Ranges
bytes
13192618016798.png
doterra-prod-media1.s3.amazonaws.com/h95/h65/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://doterra-prod-media1.s3.amazonaws.com/h95/h65/13192618016798.png
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.128.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e63be68d6cb16804453b518b8391225dc0e96a3e3fe816dba65bc072fb3a26a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 03:38:31 GMT
x-amz-version-id
Sh87tasW3rxVWyJrOWatdf0AcLy3gB.E
x-amz-request-id
72MFFWT2TJFSNSHT
x-amz-replication-status
REPLICA
x-amz-meta-file-mtime
1561277478000000000ns
x-amz-meta-file-atime
1657826333104728326ns
x-amz-meta-file-group
503
Content-Length
6264
x-amz-id-2
THRTwY7XptDp4Jnjxdb9/NVD9x0MQcjBIVgQUovim+Z2D/mXfZqvHzfPdTHn8GfNUvR5mwvT4zM=
Last-Modified
Fri, 15 Jul 2022 12:54:01 GMT
Server
AmazonS3
x-amz-meta-file-permissions
100664
ETag
"7b162a1ccde26c7296bace5b09f32197"
x-amz-meta-user-agent
aws-datasync
Content-Type
image/png
x-amz-meta-file-owner
503
Accept-Ranges
bytes
13192617787422.png
doterra-prod-media1.s3.amazonaws.com/h5e/h2d/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://doterra-prod-media1.s3.amazonaws.com/h5e/h2d/13192617787422.png
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.128.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
82b851f9ae974acecd4494a1728c434bec91e750b240015d3b311e327056bd84

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 03:38:31 GMT
x-amz-version-id
hobcbegZatCbIOk2f3ygxZfWlGPF2Rfm
x-amz-request-id
72M12M0W9KJPAX3C
x-amz-replication-status
REPLICA
x-amz-meta-file-mtime
1561277478000000000ns
x-amz-meta-file-atime
1657792563544551889ns
x-amz-meta-file-group
503
Content-Length
3819
x-amz-id-2
wxTtst70veKrNvItWUjpzgJC9ksjPNeKXL4fEscZO5e7iIoej15Bu9iVjPHTZbiJ7FBbyumXUwU=
Last-Modified
Fri, 15 Jul 2022 20:38:31 GMT
Server
AmazonS3
x-amz-meta-file-permissions
100664
ETag
"48a4f69553feed4bf26b2872c3766ec4"
x-amz-meta-user-agent
aws-datasync
Content-Type
image/png
x-amz-meta-file-owner
503
Accept-Ranges
bytes
13192618803230.png
doterra-prod-media1.s3.amazonaws.com/hfd/h13/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://doterra-prod-media1.s3.amazonaws.com/hfd/h13/13192618803230.png
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.128.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
5aa199ee93adca02f93e6e2fe8af17ac8ea17ebe91a03af8c145b837efea28c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Date
Fri, 28 Oct 2022 03:38:31 GMT
x-amz-version-id
bWZPWLSCUrhZIUbYSU2QOSM6VyBNS1Kw
x-amz-request-id
72MEQ51JW72EVRDQ
x-amz-replication-status
REPLICA
x-amz-meta-file-mtime
1561277479000000000ns
x-amz-meta-file-atime
1657792563621551727ns
x-amz-meta-file-group
503
Content-Length
4174
x-amz-id-2
7+ayYSvTBFKe2CS0xy92KlH6Ues6hy8hv4kWGSOZOTP5ghsD+LmroEB/htQq+NBd+0b0top8KuU=
Last-Modified
Fri, 15 Jul 2022 15:18:08 GMT
Server
AmazonS3
x-amz-meta-file-permissions
100664
ETag
"059b86c34fc8bb9b0f9b9c62b858a1c5"
x-amz-meta-user-agent
aws-datasync
Content-Type
image/png
x-amz-meta-file-owner
503
Accept-Ranges
bytes
recaptcha__de.js
www.gstatic.com/recaptcha/releases/NJPGLzpIZgjszqyOymHUP0XR/ 		400 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/NJPGLzpIZgjszqyOymHUP0XR/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8850c59b00380af79a60472b2d9db31db1f9abe5bbb3b3771eabb12780653688
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.doterra.com/
Origin
https://www.doterra.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Thu, 27 Oct 2022 21:55:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20556
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
163140
x-xss-protection
0
last-modified
Mon, 24 Oct 2022 04:01:21 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 27 Oct 2023 21:55:54 GMT
get
consent.trustarc.com/ Frame 5F26 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/get?name=crossdomain.html&domain=doterra-cm1.com
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=doterra-cm1.com&c=teconsent&noticeType=bb&js=nj&text=true&gtm=1&language=en_US
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.146.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-146-18.txl52.r.cloudfront.net
Software
nginx /
Resource Hash
7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.doterra.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
302
cache-control
max-age=2592000
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Fri, 28 Oct 2022 03:33:28 GMT
expires
Sun, 27 Nov 2022 03:33:28 GMT
pragma
public
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
timing-allow-origin
*
vary
Accept-Encoding Origin
via
1.1 8a8ce1b655547c1da36b64e17700f010.cloudfront.net (CloudFront)
x-amz-cf-id
OiAJmi8-5elYnygGt9FaOK26DJzias4ZW0Irb-rF6oLbdrAqPQBPSw==
x-amz-cf-pop
TXL52-C1
x-cache
Hit from cloudfront
v1.7-9931
consent.trustarc.com/asset/notice.js/v/ 		76 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/asset/notice.js/v/v1.7-9931
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=doterra-cm1.com&c=teconsent&noticeType=bb&js=nj&text=true&gtm=1&language=en_US
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.146.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-146-18.txl52.r.cloudfront.net
Software
nginx /
Resource Hash
a2287bb22f8ed8285baec2e9b8cfd84ea46d0a142884bea029c7c396fa3a0d9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.doterra.com/
Origin
https://www.doterra.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 02:45:37 GMT
content-encoding
gzip
via
1.1 46d8c022a630614463bdb0576f6829a8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TXL52-C1
age
3173
x-cache
Hit from cloudfront
pragma
public
last-modified
Thu, 20 Oct 2022 05:43:25 GMT
server
nginx
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
Bo1vyPOnHHNj_0628MvPEYkgNtwVdT9EGXYGg7jN-zcp-NBrmpQ80w==
expires
Sun, 27 Nov 2022 02:45:37 GMT
log
consent.trustarc.com/ 		43 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/log?domain=doterra-cm1.com&country=de&state=&behavior=implied&c=00d6
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.146.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-146-18.txl52.r.cloudfront.net
Software
nginx /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Oct 2022 03:38:30 GMT
via
1.1 8a8ce1b655547c1da36b64e17700f010.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-amz-cf-pop
TXL52-C1
vary
Origin
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
x-amz-cf-id
Kx0wtLCi1Rt8HJZNqR-3v2SZvrFFX9HVQ3qYLML98iP0vgLHtZ7D-w==
expires
Mon, 26 Jul 1997 05:00:00 GMT
getBannerDetails
www.doterra.com/US/en/ 		143 B
689 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/US/en/getBannerDetails
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
0d9c820b8513f379548801f1acab020d1a365b2274d5609c36dbd6a704ae21a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://www.doterra.com/US/en/site//eve
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000 ; includeSubDomains
date
Fri, 28 Oct 2022 03:38:30 GMT
x-content-type-options
nosniff
x-cdn
Imperva
adrum_0
g:2da3a25f-bd4a-46eb-98da-837aec7f7611
x-frame-options
SAMEORIGIN
adrum_1
n:DoterraInternationalLLC436_74b2e163-6eaf-417e-b636-3cfd27438bfa
content-type
application/json;charset=UTF-8
adrum_2
i:5152094
x-iinfo
5-219188343-219188410 pNNN RT(1666928307078 2086) q(0 0 0 -1) r(2 2) U2
adrum_3
e:6
cache-control
no-cache, no-store
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
ts
t.paypal.com/ 		42 B
746 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Doterra%20US%20Site%20%7C%20d%C5%8DTERRA%20Essential%20Oils&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1666928310196&g=0&completeurl=https%3A%2F%2Fwww.doterra.com%2FUS%2Fen%2Fsite%2F%2Feve&ru=https%3A%2F%2Fwww.doterra.com%2FUS%2Fen%2Fsite%2F%2Feve&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CCE) /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 28 Oct 2022 03:38:30 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
ECAcc (frc/4CCE)
traceparent
00-0000000000000000000b3aa0c8e506b7-53d207f5938a37b0-01
content-type
image/gif
paypal-debug-id
b3aa0c8e506b7
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=173
timing-allow-origin
*
content-length
42
expires
Fri, 28 Oct 2022 03:38:30 GMT
notice
consent.trustarc.com/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/notice?domain=doterra-cm1.com&country=de&js=nj2&c=teconsent&noticeType=bb&text=true&gtm=1&language=en_US
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=doterra-cm1.com&c=teconsent&noticeType=bb&js=nj&text=true&gtm=1&language=en_US
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.146.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-146-18.txl52.r.cloudfront.net
Software
nginx /
Resource Hash
515632e52edcbd9f99e2fb155e84ea1df1c919a35a4aef7378ed2ac6d92338a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.doterra.com/
Origin
https://www.doterra.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 46d8c022a630614463bdb0576f6829a8.cloudfront.net (CloudFront)
x-amz-cf-pop
TXL52-C1
age
21
x-cache
Hit from cloudfront
cloudfront-viewer-country
DE
content-length
4921
x-xss-protection
1; mode=block
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=3600
cloudfront-viewer-country-region
HE
timing-allow-origin
*
x-amz-cf-id
fEx_9bmU6l29A_aFmaGyYstrIrjTrUbR3ovrXJLD7tGbRYBtkUKanQ==
expires
Fri, 28 Oct 2022 04:38:09 GMT
css
fonts.googleapis.com/ 		3 KB
654 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:500,700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
51e330afdb5f4f87a40694f93d403f9b7dc7039ee8cefe3fc5c6f9d9dc75386a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 28 Oct 2022 03:38:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 28 Oct 2022 03:38:30 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 28 Oct 2022 03:38:30 GMT
bannermsg
consent.trustarc.com/ 		43 B
468 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/bannermsg?action=views&domain=doterra-cm1.com&behavior=implied&country=de&language=en&rand=0.7743113892087898
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/US/en/site//eve
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.146.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-146-18.txl52.r.cloudfront.net
Software
nginx /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date
Fri, 28 Oct 2022 03:38:30 GMT
via
1.1 8a8ce1b655547c1da36b64e17700f010.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
server
nginx
x-frame-options
SAMEORIGIN
vary
Origin
content-type
image/gif
cache-control
no-cache
x-amz-cf-id
I2y1I_ZaHR7epssiIwWNA3DJm56gJYYJCNgRScDnfQ-XcL8K1zj6og==
expires
Fri, 28 Oct 2022 03:38:29 GMT
r-Lord-with-vpbrant-speake-to-to-sore-againe-at-
www.doterra.com/ 		691 B
930 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.doterra.com/r-Lord-with-vpbrant-speake-to-to-sore-againe-at-?d=www.doterra.com
Requested by
Host: www.doterra.com
URL: https://www.doterra.com/r-Lord-with-vpbrant-speake-to-to-sore-againe-at-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash
606964c816c3666d045c93a426001879c27da7cbf6d373c4f8ea24706e3d4767

Request headers

Accept
application/json; charset=utf-8
Referer
https://www.doterra.com/US/en/site//eve
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type
text/plain; charset=utf-8

Response headers

date
Fri, 28 Oct 2022 03:38:29 GMT
server
bon
x-cdn
Imperva
content-type
application/json
access-control-allow-origin
*
x-iinfo
5-219188343-219188408 PNNN RT(1666928307078 2260) q(0 0 0 -1) r(0 0) U6
cache-control
no-cache, no-store
server-timing
bon, total;dur=12.693128999999999
content-length
691
access.js
cdn.levelaccess.net/accessjs/YW1wMTI2OTg/ 		461 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.levelaccess.net/accessjs/YW1wMTI2OTg/access.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHX657
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:e600:1:fb61:2b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
86fee5a19bf98f6b4469c85479eecfceec6add5b6e1aa45a1edf065d26661520

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

x-amz-version-id
McnYpkADT5dYr7NArl4N_7CaAv9W58cA
Content-Encoding
gzip
Via
1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
Date
Fri, 28 Oct 2022 03:35:34 GMT
X-Amz-Cf-Pop
FRA60-P1
Age
275
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
62472
Last-Modified
Tue, 28 Jun 2022 06:03:16 GMT
Server
AmazonS3
ETag
"df49b3daa9dc7b6005e11b643965df38"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Accept-Ranges
bytes
X-Amz-Cf-Id
aVD1KuHABvNGELaUmq7KWyuXkBZwmaO1g6dv_JCWl-JT1CGE490f1Q==
LavenderDefaultProfilePicture.jpg
www.doterra.com/_ui/desktop/common/assets-doterra/images/replicated-site/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.doterra.com/_ui/desktop/common/assets-doterra/images/replicated-site/LavenderDefaultProfilePicture.jpg
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTI2OTg/access.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
9cebe70455a582abc5c41e22c2deca55d608ca704649176416b0cf567a8ce725

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

x-iinfo
5-219188343-0 0CNN RT(1666928307078 4359) q(0 -1 -1 -1) r(0 -1)
date
Fri, 28 Oct 2022 03:38:31 GMT
last-modified
Thu, 19 May 2022 22:12:06 GMT
x-cdn
Imperva
etag
W/"9648-1652998326000"
content-length
8577
content-type
image/jpeg;charset=UTF-8
LavenderDefaultProfilePicture.jpg
www.doterra.com/_ui/desktop/common/assets-doterra/images/replicated-site/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.doterra.com/_ui/desktop/common/assets-doterra/images/replicated-site/LavenderDefaultProfilePicture.jpg
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTI2OTg/access.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.13 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
9cebe70455a582abc5c41e22c2deca55d608ca704649176416b0cf567a8ce725

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.doterra.com/US/en/site//eve
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

x-iinfo
5-219188343-0 0CNN RT(1666928307078 4463) q(0 -1 -1 -1) r(0 -1)
date
Fri, 28 Oct 2022 03:38:31 GMT
last-modified
Thu, 19 May 2022 22:12:06 GMT
x-cdn
Imperva
etag
W/"9648-1652998326000"
content-length
8577
content-type
image/jpeg;charset=UTF-8
results
api.levelaccess.net/analytics/3.0/ 		0
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.levelaccess.net/analytics/3.0/results
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTI2OTg/access.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4457:4600:eeb7:e838:a394:4062 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.doterra.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 28 Oct 2022 03:38:33 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers

Verdicts & Comments Add Verdict or Comment

472 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| appKey undefined| adrumScript number| adrum-start-time object| adrum-config object| a0_0x463a function| a0_0x4cbe object| reese84 function| reese84interrogator function| initializeProtection function| protectionSubmitCaptcha object| mediator function| $ function| jQuery object| scriptElem string| MY_DOMAIN boolean| REQUIRE_USER_EXPRESSED_PERMISSION object| _STATE function| wrapCMSParagraphVideos function| processRunOnce function| processResponse function| runOnce function| getBehavior function| handleAPIResponse function| activateElement object| QueueIt function| queueClient object| myQueueClient object| queueit object| dataLayer number| totalItemsMiniCart string| cartDataSite object| ACC object| trackingMethod object| csrfTokenInputElements boolean| isProductMappingEnabled boolean| browserCloseLogoutFlag boolean| HAS_SESSION_CART boolean| IS_ANONYMOUS_USER string| abandonCartText string| abandonLrpCartText object| localText string| countryName string| mockCardTokenization string| paymetricSourceUrl string| mysteryProductSku string| apiKey number| showModalGreenPopUpTimeout number| showModalGreenPopUpWait object| doUpdatesMarketList object| supportedEnrollmentMarkets object| bankroutingPattern object| billingZipPattern object| govIdMaxlength object| billingMobilePhonePattern object| billingMobilePhonePlaceholder object| billingMobileMaskPattern object| govIdPattern object| billingZipRegex object| billingZipMask string| contextPath string| baseURL string| currencySymbol string| commonResourcePath string| siteId string| bannerEnabled string| globalNavigationHideCountryList string| needToResetPassword string| passwordResetDaysLeft string| aromaCheck string| isAgentLoggedIn string| dotUserId string| accountType boolean| queueItEnabled string| stateCode string| stateName string| postalCode string| countryCode string| isGigyaEnabledGlobally boolean| setPrimaryEmail boolean| showPortalModal object| regexEmail string| CCTServerAddress string| CCTPreChatSurvey string| CCTAccountManagementPreChatSurvey string| CCTTokenEx boolean| isAnonymousUser string| addressline1 string| addressline2 string| city object| lazySizesConfig object| $jscomp object| bootstrap object| bootbox function| moment function| Cookies object| lazySizes undefined| shareButtons function| shareButtonService function| downloadPDF function| shareButtonInit string| pattern string| placeholder function| fieldMaskInit function| setupFieldMask function| phoneMaskInit function| setPhonePattern function| dateMaskInit function| setDatePattern object| CARD_STATUS string| currentTabID string| isEnrollmentPage string| hasEnrollmentCartEntries number| currentEpochTime boolean| hideRegionBanner boolean| unsavedChanges undefined| forcedTargetUrl undefined| cartType object| wellnessResubscribedStatus string| WELLNESS_RESCUBSCRIBED_CLICKED string| WELLNESS_RESCUBSCRIBED_RESUMED string| MSG_ERROR_CLASS_NAME string| MSG_INFORMATIONAL_CLASS_NAME string| MSG_HELPER_CLASS_NAME string| MSG_DIRECTIONAL_CLASS_NAME string| MSG_WARNING_CLASS_NAME string| MSG_SUCCESS_CLASS_NAME string| MSG_SPECIAL_CLASS_NAME string| NON_MSM_CLASS_NAME string| MODAL_GRAY_CLASS_NAME function| showGlobalErrorMessage function| showGlobalInfoMessage function| showGlobalHelperMessage function| showGlobalDirectionalMessage function| showGlobalWarningMessage function| showGlobalSuccessMessage function| showGlobalSpecialMessage function| showGlobalBasicMessage function| showModalNonMessage function| showModalGray string| loading string| RENDERED_BS_SELECT string| addErrorConstant string| quantityMessage string| loyaltyOrder string| onetimeOrder string| enrollmentOrder undefined| addressFormEcomm function| lsTest object| formForRecaptcha undefined| formidForRecaptcha function| onloadCallback function| setStorage function| getStorage function| removeStorage object| bcTempTitle function| updateBreadcrumb undefined| FTLModal undefined| FTLModal2 undefined| FTLMessage undefined| FTLMessage2 undefined| FTLOptions undefined| FTLOptions2 undefined| FTLTitle string| firstTimeLoggedIn function| createInputElement function| showLoadingSpinner function| hideLoadingSpinner object| baseSelectOptions function| redirectToPage function| updateReferralCustomerPopUpValue function| addLoadingSpinnerAndSubmit function| checkHomepageSlider function| showShopFirstLoginPopup function| showEnrollNewMemberPopUpMessage string| enrollerFields function| disableEnrollerFields string| json boolean| addr_flag function| validateAddress function| onCloseAddressVerifyModal function| enableNoRecommendationTab function| enableRecommendationTab function| refactorAddress function| refactorPRAddress function| refactorPRUrbanizedAddress function| refactorPRRuralRouteAddress function| removeDisabled function| submitForm function| saveAddress function| updatePasswordPrompt function| stopUpdatePasswordPrompt function| redirectToMyCart function| enableCartCopMiniCart function| launchCartCop function| initBtnSelect string| userAgent boolean| isAndroid function| showFeedbackModal function| validateFeedbackModal object| ytElements object| videoModal function| ytRichSnippets function| videoRichSnippets undefined| tag undefined| firstScriptTag undefined| ytPlayer undefined| ytPlayed function| getVideoID function| initVideoAWS object| vimeoElements function| vimeoRichSnippets function| initVimeo function| getLabel function| initAnchors function| gaEvent function| passwordRequirements function| toggleShowHide function| toggleShowHideOnKeyDown function| isNumberKey function| isDouble function| limitVal function| showRemoveMessage function| removeProductMessaging function| removeProductMessagingHelp function| showGlobalBootboxMessage function| showModal function| swapNumber function| setPhoneNumber function| setPhoneType function| callOtpVerification function| callAuthyVerification function| formatPhoneNumber function| mergeLrpOrder function| mergeCart function| toggleHiddenSection function| aromaCheckLoginPopup function| siteLogoClick function| abandonCartMsg function| updateCreditBalanceSection function| toggleSSNChars function| addConventionProductOnly function| showProductCustomizeModal function| launchParentChildModal function| getProductCustomizeModalData function| renderProductCustomizeModal function| initProductQuantity function| showLTOLimitReached function| showExceedMaxPromotionLimit function| checkCustomizeQty function| verifyQuantityInput function| addParentItemOnly function| SimpleCustomizeParentProduct function| SimpleCustomizeChildProduct undefined| scrollPosition function| readSession function| getValOnly function| updateUser function| createTabID function| chkUserLoggedIn function| logoutFromBackend function| createSession function| generateUID function| changeKit function| calculateCardExpiryDate function| isEnrollToLRPValid function| enrollToLRPMinumumPVModal function| pvPromotionCheck function| upgradeAndRedirectToEnroll function| abandonCart function| checkOnloadModals function| checkTGNotificationModal function| setShowAgainFlag function| checkQuickGuideModal function| guidedTourInit function| setStorageForRetailCartLogin function| showRoutingModal function| setFullStoryEvent function| checkProductRows function| adjustRowsHeight function| resetProductRowHeight function| showAddressVerificationModal function| showAddressCompareModal function| populateFields function| backToEditAddress function| enteredAddressSelected function| recommendedAddressSelected function| compareFieldValues function| personalEnteredAddressSelected function| personalRecommendedAddressSelected function| ecommRecommendedAddressSelected function| compareInitialValues function| isValidEmailAddress function| promptForPrimaryEmail function| saveEmailSubmit function| showUniqueEmailModal function| checkUniqueEmailAddress function| saveEmailAddress function| skipUniqueEmailCheck function| showPortalPreviewModal function| checkProp65Warning function| showProp65WarningMessage function| copyToClipboard function| updateRegionList function| checkCardTypeAndRegionList function| wareHouseSwitcherChangeAction function| setDatePicker function| setNfrOtgContext function| warehouseToggleOnload function| updateSelectWithData function| updateSelectWithCardData function| updateZipWithMask function| zipCodeFormatter function| validatePostalCode function| checkCartContext function| setNFRTooltip function| setSelectorValue function| changeSwitcherInputFlagOnLoad function| changeSwitcherInputFlag function| showDefaultMarketBanner function| updateBannerData function| handleSelectChangeMarket function| editLRPTemplate function| closeRegionBanner function| marketChangeAction function| getDHyCSTempID function| updateDhyCSEnrollerInfo function| handleAddToCartResponse function| recommendedProductsDisplay function| showProductOverlay function| resetLanguage function| completeExpressBodsModal function| checkBodsRequired function| resumeWellnessProgramModal function| showShippingDelayModal function| showShippingDelayModalGeneratedByBanner function| productMappingModal function| setnfrOtgFlagVal function| getDisplayedAccountType function| showMismatchedCartAndSiteSalesOrgsBox function| showNewAccountAuthPopup function| determineMarketMismatchContext function| copyTextToClipboard function| copyText function| setAriaExpandedValue object| alertQueue function| adaAlert function| processAlert function| enableDisableCrmTracker undefined| ytPlay function| onYouTubeIframeAPIReady function| initMinicart function| updateMiniCartContent function| renderProductRow function| updateMiniCartContentOld function| clearMiniCart function| updateMiniCartIcon function| miniCartClicked function| miniCartLoginPopup function| handleRemoveAlert function| removeProductFromMinicart function| removeProductFromMinicartWithEntryNumber function| removeProductFromMinicartAjaxCall function| showMinicartSpinner function| hideMinicartSpinner function| checkForActiveCart function| verifyAddEnrollmentKit boolean| quickGuideHasBeenClicked function| saveLRPDateFlow object| forms object| widgets function| formValidationService function| toggleRequiredGroup function| checkExpirationDate function| checkRequiredGroup function| formInit string| OrderContextInformationModal object| pathArray object| siteLogo function| showEnrollNewMemberPopUpMessageReplicatedSite object| __postRobot__ object| __zoid__ function| onLegacyPaymentAuthorize function| watchForLegacyFallback function| onLegacyFallback string| LOG_LEVEL function| __pptmLoadedWithNoContent object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| smartedit object| searchResultsObject object| searchContentType object| searchSortType number| resultsPerPage boolean| filterOpened boolean| loadAjax function| resetLazyLoadObject function| renderFullResults function| renderFilterSortFullResults function| renderRecentSearch function| decodeURIComponentSafe function| checkLazyLoad function| getURLParameter function| filterCall function| getFilterList function| toggleNav function| shiftOffCanvasMenu string| globalGridClasses function| initiateSelectYourRegionPage function| sortByOrderNum function| sortByName function| findByCode function| extractLanguage function| validateLanguage function| extractRegion function| validateRegion string| IDLE_TIMEOUT number| TIMEOUT_CHECK_INVERVAL number| _idleMinutesCounter number| idleTime function| startTimeCheck function| checkIdleTime function| showIdleMessage function| formatTime object| AOS string| LANGUAGE_COOKIE string| DEFAULT_LANGUAGE object| LANGUAGES object| EMAIL_TEMPLATE_LANGUAGES string| REGION_COOKIE string| DEFAULT_REGION string| DEFAULT_PRIVACY_POLICY_LINK string| DEFAULT_TERMS_OF_USE_LINK object| REGIONS object| ZONES object| truste function| shouldRepop function| shouldResolveConsent object| $temp_box_overlay object| $temp_closebtn_style object| $temp_inner_iframe string| aName string| bName object| regionMap object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| paypalDDL function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG object| recaptcha function| $jscomp$lookupPolyfilledValue object| LevelAccess_AccessJS_AccessEngine object| LevelAccess_AccessJS_FixPackage object| LevelAccess_AccessJS_OrgDetails object| LevelAccess_AccessJS string| AccNamePrototypeNameSpace object| LevelAccess_CalcNames

22 Cookies

Domain/Path Name / Value
.mydoterra.com/ Name: visid_incap_660953
Value: 5FTq7mhFTTa9RqdkdpFyIrJOW2MAAAAAQUIPAAAAAAAPDVWGb6gTluShhA1/nywH
.mydoterra.com/ Name: incap_ses_536_660953
Value: IeaUdYGwmRrkUjW65UFwB7JOW2MAAAAAky81266tcMo7a6evDwPxvQ==
.mydoterra.com/ Name: cfid
Value: e9435049-3c49-4ece-a3d1-10d2aac43f9c
.mydoterra.com/ Name: cftoken
Value: 0
www.mydoterra.com/ Name: cfid
Value: e9435049-3c49-4ece-a3d1-10d2aac43f9c
www.mydoterra.com/ Name: cftoken
Value: 0
www.mydoterra.com/ Name: SKIN
Value: default
www.mydoterra.com/ Name: LANGUAGE
Value: en_dot
.doterra.com/ Name: nlbi_661002
Value: ydQbc2UVRw4F5gZ5yFxrGQAAAADYLo0VBLl+YegW7AZr4sIf
.doterra.com/ Name: visid_incap_661002
Value: MFXsHxc1TtiUk9RmYzmREbNOW2MAAAAAQUIPAAAAAACoge0Wjb/vcSeEVWChNUxw
.doterra.com/ Name: incap_ses_536_661002
Value: P8xYPAemdh7YUzW65UFwB7NOW2MAAAAA8N5vnjg/0bf9GfyzM6ZlGA==
www.doterra.com/ Name: JSESSIONID
Value: 6F99C64C796EB06D003E77952C84C4B9
www.doterra.com/ Name: JSESSIONID-B2BACC
Value: Y27-30afa50a-3d11-4846-aa5f-96e08136d3cc
www.doterra.com/ Name: DOTERRAF5
Value: 2909036644.10787.0000
.doterra.com/ Name: notice_behavior
Value: implied,eu
.doterra.com/ Name: nlbi_661002_2147483392
Value: AWP7BMxXBFP3JyQUyFxrGQAAAABFlp6kvPpFcao430FhSjLM
.www.doterra.com/ Name: reese84
Value: 3:I1YZtQtYgyHnH5ivGbLyFw==:RMIcxHmDLiojtKb83mG744fageTbbttPt4se0xwCFHIlcrMgqlBG/fBfOcttbw1lh29UiR8H4gNNbEWyHWYZdw2xfcWe/Sq6dv4o9xfsLyDw8IVlJQKMaH9qWTG2QfPVSEnKVGfvnau1P/70ofHGKGIL9+ovzvP6RAx7wig2LxLtuj/HNJ3oXGKieownQfSfy4NWV+BL7ITnM27XwK3B3ie19E9yXN4JBhlUEdU4FVfTOJiu3+fHvqyBXV4A2HI9NQPRFuUbW7HcRvmYls0VwvJuXtnZ/5CWPU46hgSHjMCzaOIxq95XFFcPrbZ5qDmTFkAPu4D3OwWjOJXGwcZMew++ut/P4aDrd0Me9GPRvP6NcMxl82LGCIZ+45KX2PlLIrDsvg8lfjyMpfPsaRNcxmwFX5gCmUwt+/OW5/TR3fvioPPxE1WiwyI4JfdzLjIYjRaqA2n3Rr8J0J+K0smJFRAlQ5EWow1mQk9RvFHRGmaJL0ve3zYaXgnZYLq5QQt8xDY0xsclQI7DWo392oXmL21v4YpOSXv6meL70Pe9BtQ=:EGGv2M4QGrURcuqG6A1pwc2M+RDJmZhmb3i7HPgNxxQ=
mydoterra.queue-it.net/ Name: Queue-it-1fd8d0f2-d916-4d72-a1ff-610983adb35a
Value: WasRedirected=false&i=638025251103123636
.queue-it.net/ Name: Queue-it
Value: u=5e0ea070-3ee0-4b9f-9320-55c6915d5f8d
www.doterra.com/ Name: QueueITAccepted-SDFrts345E-V3_hybbogofeb2019
Value: EventId%3Dhybbogofeb2019%26QueueId%3D1fd8d0f2-d916-4d72-a1ff-610983adb35a%26RedirectType%3Dsafetynet%26IssueTime%3D1666928310%26Hash%3D58c0a4df699b52d700dcb9d4569ecf9edc3d047a02ec26694e6b4a26832c22f3
.paypal.com/ Name: ts
Value: vreXpYrS%3D1761622710%26vteXpYrS%3D1666930110%26vr%3D1cab785c1840a983e0126b69ffffffff%26vt%3D1cab785c1840a983e0126b69fffffffe
.paypal.com/ Name: ts_c
Value: vr%3D1cab785c1840a983e0126b69ffffffff%26vt%3D1cab785c1840a983e0126b69fffffffe

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://shop.doterra.com;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.levelaccess.net
cdn.levelaccess.net
consent.trustarc.com
doterra-prod-media1.s3.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
my.doterra.com
mydoterra.queue-it.net
t.paypal.com
www.doterra.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.lightintuitive.com
www.mydoterra.com
www.paypal.com
151.101.65.21
192.229.221.25
2600:1f18:4457:4600:eeb7:e838:a394:4062
2600:9000:2240:e600:1:fb61:2b80:93a1
2a00:1450:4001:803::2003
2a00:1450:4001:809::2008
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2003
45.60.14.13
52.218.128.146
52.32.61.98
67.223.118.63
99.84.146.18
020bf2e0ef448b05d18a16fcb68d21c6179b550f82c1b287c86e8fe48c9f40fd
02bf0953172eb43ce25854e2c452fb15d21575ee597897a69f061309ad7238c5
06510d1bd971f56a42e8c4bacb7f02739e1c74f72279c32a4fc79c9c5cfeee76
0d9c820b8513f379548801f1acab020d1a365b2274d5609c36dbd6a704ae21a4
12341eed35b9a73515ecd76ca09f6b87de1dc3bc3e40476b0d259cea76246126
1293064ef09cefcc669468aa5b44c867b8d8a6ac2705d90c3add7c38e46d055e
137605dd03c1740ff2cb5767a6b199b83643270174411d41a138d8e01d12ac25
18b6ad51483f97258984e2e49e7401f6965af03eb2868f637126d34283178b18
1fd2538a8e53dddd545d7bb1644c8e8b85822858c7582bb6118e77487bc0f4ab
217aef87859223681a64d4332accd94049a57127b4e8ab05fe6ab6b2d41bdf0a
25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655
3ab75b264cfdbd7a751abcea9b36e62e4a1c16f4701811e12e14a217b8eaa45d
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
450f8c6eea304dd5b9ff1d4777b27aa850e25f6d899cb541fe52b153f67b8025
515632e52edcbd9f99e2fb155e84ea1df1c919a35a4aef7378ed2ac6d92338a2
51e330afdb5f4f87a40694f93d403f9b7dc7039ee8cefe3fc5c6f9d9dc75386a
528eb4900ccdd06e15447187e3b5e68f6563f7e4e4941cba627859b107441224
5a1cf84f88664fc6171a5aef150838d2e63831334a17a03c972aca3c2519c32f
5aa199ee93adca02f93e6e2fe8af17ac8ea17ebe91a03af8c145b837efea28c6
5afbbb8d5abc6e27981c58b4462b8466e0186fb1130fae2b3eb6f4e158061689
606964c816c3666d045c93a426001879c27da7cbf6d373c4f8ea24706e3d4767
6258cb0d1a0e764d2759b94a5e2143ba7860850c4a9d2abc1583ea62936b66d9
62d8bcb2d3c1af908bcab20ee9fc251b16d4e65f99ced2bd8f95f64460532a03
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
70b170127089ea5c83f2feb5ecc78a4a55eeb6fc3ea2db259bc24fff157d1fc1
73e336238f841bb74b2f18ff731ca9e0b35f8432d39f5800c03beba526c18c07
7ab5367f0039773f77fb519cf799a69cb5c567b50d95d42f0fa89928d266ed70
7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732
82b851f9ae974acecd4494a1728c434bec91e750b240015d3b311e327056bd84
864b1840a476e29bf37c7346e90540087b072658047640289d2de9be2000e76e
86fee5a19bf98f6b4469c85479eecfceec6add5b6e1aa45a1edf065d26661520
8850c59b00380af79a60472b2d9db31db1f9abe5bbb3b3771eabb12780653688
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9cebe70455a582abc5c41e22c2deca55d608ca704649176416b0cf567a8ce725
a2287bb22f8ed8285baec2e9b8cfd84ea46d0a142884bea029c7c396fa3a0d9f
a886d1c31bb83e3edf3710b266124d954d455ddda222299c594aeedd7e49e393
ab47b8f50fe4195819b4af2ac0fffb2b3543502e11282d492d6cd73c124845cf
bffeee1bb0191d9da20982d288a1a78ed5443f29ab2db7213b57a29efadee131
ccb892d496aebd26f364f11629392ff8ef3da5f7886b284797566e1f803ebfe7
d314e23674a93dcaa9bfb72041d7da79fdba406f2d042b416356da52dec4af55
d8d492e9940ea13f04fd72121c1bcc1daf6db4b23c3e86fafd220d78633c9061
dc09c3fc4aab87e37e3b5c533526bdf8bd27c28db3573b641df2abd2b02abeb8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e63be68d6cb16804453b518b8391225dc0e96a3e3fe816dba65bc072fb3a26a3
e96abf97f2ad4ce7fac463a2527c17ad14f4e2635a69c8db68239b370a119ca0
ea6028aa03c2eda8725a67ffaff79e8498b464975d8a1744f983d9809c6810e5
eea753361d2516e02fce9087c51d8e0a66d5884a33f32e8d67cae0c2d99df55f
f066307d2ba5ed08fcb231085b174a3415d7e084b4956799f4b70cd328e8a8a0
ffc74932e113b0da44e2ade790dcde73c071aa191c230ae370a09dbe57c62084