butterfieldholidayshopping.com Open in urlscan Pro
2606:4700:20::681a:112  Public Scan

Submitted URL: http://butterfieldholidayshopping.com/
Effective URL: https://butterfieldholidayshopping.com/
Submission: On November 18 via api from US — Scanned from DE

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 29 HTTP transactions. The main IP is 2606:4700:20::681a:112, located in United States and belongs to CLOUDFLARENET, US. The main domain is butterfieldholidayshopping.com.
TLS certificate: Issued by WE1 on November 14th 2024. Valid for: 3 months.
This is the only time butterfieldholidayshopping.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
24 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
29 5
Apex Domain
Subdomains
Transfer
24 butterfieldholidayshopping.com
butterfieldholidayshopping.com
2 MB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
184 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 135
564 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 4108
0 google.de Failed
www.google.de Failed
29 5
Domain Requested by
24 butterfieldholidayshopping.com butterfieldholidayshopping.com
2 www.googletagmanager.com butterfieldholidayshopping.com
www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
0 www.google.de Failed butterfieldholidayshopping.com
29 5

This site contains links to these domains. Also see Links.

Domain
www.butterfieldgroup.com
Subject Issuer Validity Valid
butterfieldholidayshopping.com
WE1
2024-11-14 -
2025-02-12
3 months crt.sh
*.google-analytics.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.g.doubleclick.net
WR2
2024-10-21 -
2025-01-13
3 months crt.sh

This page contains 1 frames:

Primary Page: https://butterfieldholidayshopping.com/
Frame ID: EF2E2147249E0B3738D0478529C75804
Requests: 29 HTTP requests in this frame

Screenshot

Page Title

Home

Page URL History Show full URLs

  1. http://butterfieldholidayshopping.com/ HTTP 307
    https://butterfieldholidayshopping.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/vue(?:\.min)?\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

29
Requests

97 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

2017 kB
Transfer

2892 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://butterfieldholidayshopping.com/ HTTP 307
    https://butterfieldholidayshopping.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
butterfieldholidayshopping.com/
Redirect Chain
  • http://butterfieldholidayshopping.com/
  • https://butterfieldholidayshopping.com/
15 KB
6 KB
Document
General
Full URL
https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
324e275639363b97974bb2dca489ce8cd188a93775839a39c822945787958a8d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

cf-cache-status
DYNAMIC
cf-ray
8e47102e4d03038e-FRA
content-encoding
br
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
content-type
text/html; charset=utf-8
date
Mon, 18 Nov 2024 09:51:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
referrer-policy
strict-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7NpSLme5FP70OMZ02epp5Qhs%2Bx9WYaIuouU870mFsko6%2Bux84ubIlL667VaHf80aqymA4ql9%2FcI477Ek7fK4X0oLksyDSOLivxYJFM%2B2UWk3mVkMcqm%2B3fv1C9165LQ%2BWOstIkCWoracIykIlZw65zfPd7B3kHbHqmOlbg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=38732&sent=7&recv=11&lost=0&retrans=0&sent_bytes=4027&recv_bytes=2401&delivery_rate=99794&cwnd=253&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=293&x=0"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

Location
https://butterfieldholidayshopping.com/
Non-Authoritative-Reason
HttpsUpgrades
bootstrap.min.css
butterfieldholidayshopping.com/css/
227 KB
36 KB
Stylesheet
General
Full URL
https://butterfieldholidayshopping.com/css/bootstrap.min.css
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4c123551432f10a965b8a9f706d3a8f9ed36e1564620f520de64cdf5bfe6dc9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8ab68f9"
age
128
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5N9ZT1YErm1ujZuRyMpseB23uXeBkE5%2BHbHqDwD0338XbkD9wnEw2c%2BOPI%2Bx%2B2EICvmDnNp85db6z2VlzF8bPOXai57oKM%2BsgPJvn3Q6vU4DU0gqWt5e7idijpb7cU88MZxsS2OpdbJhfIYsErD8YVXs330cwv5O%2F4yh8A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=38759&sent=21&recv=21&lost=0&retrans=0&sent_bytes=10054&recv_bytes=2977&delivery_rate=263557&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=368&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
text/css
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710303e72038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
main.css
butterfieldholidayshopping.com/css/
44 KB
11 KB
Stylesheet
General
Full URL
https://butterfieldholidayshopping.com/css/main.css
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a5dced7f6ff983df1e485af7cef3349c3155ac9534c4cb50f6ffee033d37d72
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a84b7d"
age
128
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouNrcfFFeR3ZWBqDXKVBgZ7iKYe6z4m6fYLvq8CvHIx2a%2FCtwGaPagvBD5l4oBe5q8AdfcaZUjg5n4%2B4sHhSDjsuH53Kko5iLArd%2BS88cOGSO8QPu2zcoT80F0qQ%2FZcfM3hw38kdG9dPVufcO0OoYJtRquKKRifEY41itw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=38759&sent=26&recv=21&lost=0&retrans=0&sent_bytes=13453&recv_bytes=2977&delivery_rate=263557&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=369&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
text/css
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710303e74038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
swiper-bundle.min.css
butterfieldholidayshopping.com/css/vendor/
21 KB
8 KB
Stylesheet
General
Full URL
https://butterfieldholidayshopping.com/css/vendor/swiper-bundle.min.css
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44e46c4fdef6f1bad12b9a04657312506932a88dec1a3b2830f66ad26c607b07
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a8b6a6"
age
128
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2HOpa83F3kxAuUez0gnsWUXXf1UgKHuWgbrkZs6uHwJigf7uqDmxZj09sckT1BuRQ26Ph%2BaBg7ZvfdadY2hjRUWg4ZA8h%2F7vJWsM1UUNQ3qyXAZ4hZt%2F%2B9ZyYTT775EJDs1OtktfXyffoAiTpRIL63PdyCcuGKPBz2cpdA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=38759&sent=87&recv=21&lost=0&retrans=0&sent_bytes=74182&recv_bytes=2977&delivery_rate=263557&cwnd=257&unsent_bytes=32425&cid=bb86d28c4a130bc6&ts=379&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
text/css
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710303e78038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
vue.min.js
butterfieldholidayshopping.com/js/vendor/
91 KB
38 KB
Script
General
Full URL
https://butterfieldholidayshopping.com/js/vendor/vue.min.js
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a410460285968ae56f3748e57fd09c6da63c17934a9f59cc7f9a6542f5cf2d3b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a988eb"
age
128
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=90HBtxcXQz6gCtJfIJRX6UFDiDW3Wu0LcFfaWgGg18HjllDU2pPBhA4ZxCzOYeeVMmB0PiVEhcJg%2BxgntRncHVLQpZQqHKcyeglT3VORLwv7RqF1ey6dvNuv3THtFKEJTUmtQthlYC9X6CguUga2jeReV4mvLfXboSGdUg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=38759&sent=52&recv=21&lost=0&retrans=0&sent_bytes=34397&recv_bytes=2977&delivery_rate=263557&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=371&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710303e79038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
logo_mastercard_butterfield.svg
butterfieldholidayshopping.com/img/vector/
52 KB
40 KB
Image
General
Full URL
https://butterfieldholidayshopping.com/img/vector/logo_mastercard_butterfield.svg
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df69510676c2f2a7874753499d97de285991eae432dd7cf3c0281871661d745b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a834d5"
age
128
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N3YmgFF6iIpLtlT%2FAg0C6AJ8pYNWPpRSwQD6rFo56wQJeMlhOQzpg%2FBtZZmKdXjhPCNl%2FzmaNtdBP0VKi%2BZ%2FPZFmlQUD%2BuTHXcOOWKnjvJmdP%2FXcyvlhi6dJqm%2FDjpQC01p9j4qKl7g%2BOSkd4tTsvzrWU7XXDiGvkg%2Feyg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=38759&sent=31&recv=21&lost=0&retrans=0&sent_bytes=16848&recv_bytes=2977&delivery_rate=263557&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=370&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
image/svg+xml
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710303e7a038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
logo_mastercard_butterfieldM.png
butterfieldholidayshopping.com/img/vector/
3 KB
6 KB
Image
General
Full URL
https://butterfieldholidayshopping.com/img/vector/logo_mastercard_butterfieldM.png
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cac618443a07dab34ebe9ea03ebd2f5bb736d5fd42fc5ec61ab45f3a8027a833
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8a8ee03"
age
128
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DlafRxapqkgyrwgFX8dBxcXcMfYhOQHgj14jcUNhAJ%2BNS%2Blu5n7rSW3nAL3ZWqVkUS819PbOJOIhJEoohEZlfdVHmubHB%2FFthAdC0qUf008efw6o8NASQ8jj8JDR03qu2c%2Fuof8IlA0Y%2B3RgrR%2Ft2ITpq8CFbC6%2FmX8Oaw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=38759&sent=36&recv=21&lost=0&retrans=0&sent_bytes=20261&recv_bytes=2977&delivery_rate=263557&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=371&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
image/png
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710303e7b038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
2819
x-xss-protection
1; mode=block
server
cloudflare
img-landing-card.png
butterfieldholidayshopping.com/img/brand/
9 KB
13 KB
Image
General
Full URL
https://butterfieldholidayshopping.com/img/brand/img-landing-card.png
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75607416aa60dfb8d358b29d4b7629fb1a5074a354e9f9a58f5bb471a0c02b9c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8a8c1e7"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WtxJ%2FfhFAdXRQ38QdoowBW%2B7S9GGop8R1x%2FnlxRT1Q5%2Fa7QNFLp4Ji9mhDiaonUFQYENP8pKzc2w0s1F16SF6RoQVraepz1Fz7W2TAVuUThLpyEmc4labvPpEaUmiU2OwN56MW6GxvhJVLBU9xdZRPX6mrKdfEOkf1Sx8A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=39809&sent=147&recv=37&lost=0&retrans=0&sent_bytes=146630&recv_bytes=3050&delivery_rate=1940812&cwnd=257&unsent_bytes=6372&cid=bb86d28c4a130bc6&ts=427&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
image/png
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710309eba038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
9447
x-xss-protection
1; mode=block
server
cloudflare
img-landing-card-1.png
butterfieldholidayshopping.com/img/brand/
3 KB
6 KB
Image
General
Full URL
https://butterfieldholidayshopping.com/img/brand/img-landing-card-1.png
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3290deee18a4ec2edab9f629b57bbb4063baa38cbe964f99c8ef4405a3a8610d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8a8ee39"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZmBwBdzJQkj8NkNzDDBXvyMYFzgZcGUbL8Str4GhT%2FEj%2F4GxqQCWvm9HpDGcmKLPrG%2FhC2vYEn0AvNGWLxTPjhdLjNdFG8kdSTlKIAYDDu0InuufJHupHUvC9D0637S3ICrOWfq%2F8%2FVs2CqgR4wf9PId4lNnFdyz3okyYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=39439&sent=163&recv=67&lost=0&retrans=0&sent_bytes=165926&recv_bytes=3124&delivery_rate=1675343&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=460&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
image/png
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e471030ced9038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
2873
x-xss-protection
1; mode=block
server
cloudflare
img-landing-card-2.png
butterfieldholidayshopping.com/img/brand/
4 KB
7 KB
Image
General
Full URL
https://butterfieldholidayshopping.com/img/brand/img-landing-card-2.png
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1671f705e135b881a75a5a0840bdd9f6034774e6db6d646c8b4c8d839fc9b174
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8a8eac5"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bBiddoiaTGG%2FylWjfkwZVG%2Bpx1MVO5w7vgCVJpkvk8A%2Bt6TPx3HsBAzTRVDBFGFy5MOXi8akHl5Jcx2hYJsbzXkM13rsbl%2FawP4oHPPLy91DwT1FXMc57UDwwaVF37st4kqQdHqvsjMduoCqS970NcF1CboTgkqh199TOA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=175&recv=90&lost=0&retrans=0&sent_bytes=173374&recv_bytes=4007&delivery_rate=2221882&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=502&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
image/png
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710310f0a038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
4037
x-xss-protection
1; mode=block
server
cloudflare
close-circle.svg
butterfieldholidayshopping.com/img/vector/
545 B
3 KB
Image
General
Full URL
https://butterfieldholidayshopping.com/img/vector/close-circle.svg
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1df56af66680348c91da9b075e09b0a3f3939383c39ae5afaa04d0e9c1b886a2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a8e721"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M7g5jLJ5Pnt%2Fq0p4734ge3HCfakX5IEXpmr6uSxndSItp12B3z00Fot3%2BlO%2BcGqsd0SoSCdDSA7UBX58mRk01uH4YphMbtr%2B3hsoQgSZ9xYD1wMcaPOtOTWMUOeXggAtV%2BxOH9HVFlJIMKeSDZRMqjEtlq3s2yia8TREzw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=197&recv=91&lost=0&retrans=0&sent_bytes=194510&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=507&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
image/svg+xml
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710310f15038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
gtm.js
www.googletagmanager.com/
213 KB
76 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M4GVTXT5
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
482abbb9a93e8bdfd21f56816745f5a22977191100b628e0ab760721f8b34e37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Mon, 18 Nov 2024 09:51:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 18 Nov 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
77108
x-xss-protection
0
server
Google Tag Manager
loading.gif
butterfieldholidayshopping.com/img/vector/
61 KB
64 KB
Image
General
Full URL
https://butterfieldholidayshopping.com/img/vector/loading.gif
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5db74e78c2a94e4d5688344197d46f1e06dde57bb98f5e1d8e983537ec610ef9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8a81170"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eWhw7Qx50J4nWCx%2FfIZBJikOvRl0TQzPBbVoGyKNoLJzOsDkUOgWc2Qm7uOqSB39X677Q%2FGlZeLZsh9ttLTj7MUzVOqezBhBAsadBBpj8EuboHcbtJePxL9Ln43bSpQvE00YaMONJhiaftolQuE0kPV7eYLxKgUgQgQX%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=211&recv=91&lost=0&retrans=0&sent_bytes=206931&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=509&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
image/gif
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710311f16038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
62576
x-xss-protection
1; mode=block
server
cloudflare
email-decode.min.js
butterfieldholidayshopping.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
1 KB
Script
General
Full URL
https://butterfieldholidayshopping.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

x-frame-options
DENY
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"673379cd-4d7"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ovMyu15Eqr%2Fd8Yerb3bBuR4XdYtBeNRCZwDeC46%2FjOJVzNYt2XzMNo0W%2BFTimUyKoq0ubAQaNyRdgNkjXzQjyvG1gOWBKM8ZkqTgYc1OaDky8LXq0Nr9kDoExyRzolo%2BoCfdqDomiCdwDQTS0F1TwfS94pKtgBxNsQb%2BxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8e4710310f0d038e-FRA
expires
Wed, 20 Nov 2024 09:51:39 GMT
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript
last-modified
Tue, 12 Nov 2024 15:52:45 GMT
server
cloudflare
vary
Accept-Encoding
axios.min.js
butterfieldholidayshopping.com/js/vendor/
13 KB
8 KB
Script
General
Full URL
https://butterfieldholidayshopping.com/js/vendor/axios.min.js
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b849e3f5952daf2c7404f61140ed4b275c1e3f01d9cbe6839d276a0a1f1ff94
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a8d795"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqdSQdhnucd1VvzhJfHkzWXhhnDpfy6PzXUxIQChOf%2FnjmrgBVBoKbIvWljZKqUPAhYUopO7zmzFkqpdtFQOGTz49VA9e4nxSE6hcHy8lltcTzG99QMI0zrbPTIzp6DW0kWn6iAxlQiMqmDlpCISZn4VIhLyIL9jFlGyXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=270&recv=91&lost=0&retrans=0&sent_bytes=281616&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=8735&cid=bb86d28c4a130bc6&ts=510&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710310f0e038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
swiper-bundle.min.js
butterfieldholidayshopping.com/js/vendor/
257 KB
57 KB
Script
General
Full URL
https://butterfieldholidayshopping.com/js/vendor/swiper-bundle.min.js
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
899db03a9409a45b4988c60e65b8c08d4c6936d6dda1363d86a5a1298109023e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8ace08f"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e7bWSa90fXfDrB2jBCPFDPXdOxk4X0clQ1MBfq6J6AC8DsRl0cRriqP6gLr5s%2Few32AukIAHXZg9q2k3OaPsFsNIg%2B1zuBs51GkkRyfP%2BfTsaIsnjfqQulWNbPWA9D%2FdcZaaUrongnEmnGQHYKpDe%2BXMys92lRXkRLM2%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=360&recv=91&lost=0&retrans=0&sent_bytes=395271&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=64850&cid=bb86d28c4a130bc6&ts=514&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710310f0f038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
popper.min.js
butterfieldholidayshopping.com/js/vendor/
20 KB
11 KB
Script
General
Full URL
https://butterfieldholidayshopping.com/js/vendor/popper.min.js
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41d59b04452edce75331c4416ff9435de714df5f1183e4e620d259d54874f9af
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a8ab9e"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c8wXpewk4Fhfiob%2F4YY5Xk67mwR2oxomX7hQbZHzosKVfNbgr53Ar79927ClQ9ilOq34ymujh2OXa8mdrNkzzqICyJ1sgplg6hPFqnWzz3ttlgo7Gg0oVDuNn8cW7mY7rj15wnpQci7i1UX3zZT2kSfk0pFelfnXgbwtUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=183&recv=91&lost=0&retrans=0&sent_bytes=180810&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=506&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710310f10038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
bootstrap.min.js
butterfieldholidayshopping.com/js/vendor/
59 KB
20 KB
Script
General
Full URL
https://butterfieldholidayshopping.com/js/vendor/bootstrap.min.js
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb1e9574b097e7e8c86577ea959e36220e65553c96369fc15e98ba6414982e84
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a809a7"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2FLaJPsOBoEYd1mKH3GVKVCvPu7W29sK1wq%2BOiTTsRyW8HDRUUiwEMdx62YXRgW9D71XGcdHUz1Cp%2BmFca1Q4LBplNG%2B0rE79mtCE2LJ3IdUxLwQQhoEU8eJ83mqUyTNXQKq41yWyBmHITi7M%2B46I97icz9EoUwjjzQN9w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=189&recv=91&lost=0&retrans=0&sent_bytes=187539&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=507&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710310f11038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
main.js
butterfieldholidayshopping.com/js/
3 KB
4 KB
Script
General
Full URL
https://butterfieldholidayshopping.com/js/main.js
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9d74de704895fbf015da64d019e976c6aaf53d24bb7ce5e636de12d818cfd14
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a8ee9e"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEHkBTQXn5%2Fz1LLm6RbubXPFDoAsjpo%2FuAbqK4QlbYEi9YYNxVCRQMBXXb%2FH3A4McTbbnhze698OBggO3TNOQzLisInBTFmGHJm%2F1vZUBrJtm5kJJmk5Oa%2BPP522%2F6BZdejBrAHxUnKupuL5b1ulamQbfr2yzi3BRzBGoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=194&recv=91&lost=0&retrans=0&sent_bytes=191141&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=507&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710310f12038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
site.js
butterfieldholidayshopping.com/js/
230 B
3 KB
Script
General
Full URL
https://butterfieldholidayshopping.com/js/site.js?v=4q1jwFhaPaZgr8WAUSrux6hAuh0XDg9kPS3xIVq36I0
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33f35692fd57e7407f9a7a650fcc5cc12b828824f44f8f2c4d133323d87b3c11
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1db3807c8a8e5e6"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rgJeRNc%2Bl%2BVJUH%2B8rwg4o7EYyzREeoHU6Ekxv2R0eyeGT0xucF1hMTC%2BP6cQj3pHUYmtuYWHl%2BvIFHa6VTp%2F%2FRuUehJeyj4%2FlTyk4Z2t93vK9eFlynmm0cG%2FHwUVYMcLRpXSemBkbx2J4OmDgPZAmTvNdnFTRdTA3ulOvw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=186&recv=91&lost=0&retrans=0&sent_bytes=184167&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=507&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710310f13038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
bg-landing.png
butterfieldholidayshopping.com/img/brand/
1002 KB
1006 KB
Image
General
Full URL
https://butterfieldholidayshopping.com/img/brand/bg-landing.png
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8e4eca40b6c5cff975c70edb3e8c2a2dbe4dc231aebe2b3e904f448b1c9e88b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8a743ed"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3o7B5jXpFWNZ5FgJWM7Xq3q4AMAFa0xiDXBElU0uqRfItAF36gyzmCHb5VrAs7GOF7%2BvVeC%2FSlq0dixaET8d2Rs8uj8pwKLdQ74rMCpdRs2FByl%2Bjd5TIkc8v2GBDifNZu%2B0VOsTh%2BRdmTXtIbw5UE5EQWNAMajAzcLM%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=40408&sent=284&recv=91&lost=0&retrans=0&sent_bytes=298530&recv_bytes=4043&delivery_rate=2221882&cwnd=257&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=513&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
image/png
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710311f17038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
1025773
x-xss-protection
1; mode=block
server
cloudflare
Poppins-Bold.ttf
butterfieldholidayshopping.com/fonts/
150 KB
154 KB
Font
General
Full URL
https://butterfieldholidayshopping.com/fonts/Poppins-Bold.ttf
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7219547ee25334cbac0fe4b3acf0bf631e48ebb622c71af038edaaa652c60875
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin
https://butterfieldholidayshopping.com
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8aabc58"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xlp%2BQxW3qd6rntdFA1gNs0loQ7W58dJelusGwDTyLizaLl37ufCBz0DrbA40s%2Fl99uc1Pf6hRMhYKyn44QbfrrSAnKZc1FLBrcp210iqlwLZl62sBPMG1co%2FelW%2BOZRRg2V0gRKy1ynDJrhSTRd3c9KmKsURUXe0x4vXig%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=41371&sent=829&recv=199&lost=0&retrans=0&sent_bytes=1000171&recv_bytes=4296&delivery_rate=5302727&cwnd=410&unsent_bytes=64850&cid=bb86d28c4a130bc6&ts=573&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/x-font-ttf
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710314f41038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
153944
x-xss-protection
1; mode=block
server
cloudflare
Poppins-Regular.ttf
butterfieldholidayshopping.com/fonts/
155 KB
158 KB
Font
General
Full URL
https://butterfieldholidayshopping.com/fonts/Poppins-Regular.ttf
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin
https://butterfieldholidayshopping.com
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8aa8f20"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wNx4DhwLIxu44s23HJCiS2aKb830ht9neXSDV0qE%2B65XApksj6%2BQ98UZDefmCIBwg6XVxUhxz5bJKJTHbXQ%2B4sKwAlIHX8vopfF3%2BVbL8j%2BkntvdgU%2F%2BsJRBc4e76kO6oS4%2F5p7Mawyp3lShEWKs8b8BQi5Qh1Sejo0l3A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=39373&sent=445&recv=108&lost=0&retrans=0&sent_bytes=503408&recv_bytes=4296&delivery_rate=2221882&cwnd=257&unsent_bytes=32293&cid=bb86d28c4a130bc6&ts=546&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/x-font-ttf
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710314f43038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
158240
x-xss-protection
1; mode=block
server
cloudflare
Poppins-SemiBold.ttf
butterfieldholidayshopping.com/fonts/
152 KB
155 KB
Font
General
Full URL
https://butterfieldholidayshopping.com/fonts/Poppins-SemiBold.ttf
Requested by
Host: butterfieldholidayshopping.com
URL: https://butterfieldholidayshopping.com/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin
https://butterfieldholidayshopping.com
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8aabb60"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZG6%2BJx9o7Tsk1yRNo92JfDO6hvjZSal8gxbNxYOR4Slt0KrCv%2BeLQxq4XmnOar%2Bry6affeL8GqeadYyhPFeN8ZdVduZhxLd3wy8g0tIqi9yhFT2Clm1QTyMnn55LoL4Qf681TjojkxFjS3kCNJLVZsvwjhd%2BgvzhWgN0Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=41371&sent=742&recv=199&lost=0&retrans=0&sent_bytes=887332&recv_bytes=4296&delivery_rate=5302727&cwnd=410&unsent_bytes=86899&cid=bb86d28c4a130bc6&ts=560&x=0"
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/x-font-ttf
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e4710314f45038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
155232
x-xss-protection
1; mode=block
server
cloudflare
js
www.googletagmanager.com/gtag/
323 KB
108 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FKZR04EPRM&l=dataLayer&cx=c&gtm=45He4bc0v9189857042za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4GVTXT5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8251dfb2b07b443734a76d553d470859089aca81390024811840da7c031c2cc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 18 Nov 2024 09:51:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 09:51:39 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109798
x-xss-protection
0
server
Google Tag Manager
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-FKZR04EPRM&gtm=45je4bc0v9189867276z89189857042za200zb9189857042&_p=1731923499542&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855&cid=1892095095.1731923500&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1731923500&sct=1&seg=0&dl=https%3A%2F%2Fbutterfieldholidayshopping.com%2F&dt=Home&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1000
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FKZR04EPRM&l=dataLayer&cx=c&gtm=45He4bc0v9189857042za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://butterfieldholidayshopping.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 09:51:40 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
564 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FKZR04EPRM&cid=1892095095.1731923500&gtm=45je4bc0v9189867276z89189857042za200zb9189857042&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102077855
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FKZR04EPRM&l=dataLayer&cx=c&gtm=45He4bc0v9189857042za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://butterfieldholidayshopping.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 09:51:40 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.de/ads/
0
0

favicon.png
butterfieldholidayshopping.com/img/
14 KB
17 KB
Other
General
Full URL
https://butterfieldholidayshopping.com/img/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:112 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4a34cbf498055e7264cbcc61eac51e4671a46483733044de80cd61916d561dd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://butterfieldholidayshopping.com/

Response headers

cf-cache-status
HIT
etag
"1db3807c8a8d252"
age
127
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qGlJfDnfNXgpopL44n7uammov1%2FEACOypnC415w0I%2BUzyoJmUizYuH5kxpLzFpA9pcH5f8ndYp%2FA8H0I6IWPIqycuuCNbus%2BKPTRPADOnr7gOS8emA1zNEmyQ6x6MZyx3gYidMss3GelIQ8Zx2MHE76hcMy5AOtEGQBEkg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=59704&sent=1499&recv=690&lost=0&retrans=0&sent_bytes=1868444&recv_bytes=4430&delivery_rate=13145733&cwnd=1490&unsent_bytes=0&cid=bb86d28c4a130bc6&ts=950&x=0"
date
Mon, 18 Nov 2024 09:51:40 GMT
content-type
image/png
last-modified
Sat, 16 Nov 2024 09:13:22 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8e471033d976038e-FRA
permissions-policy
geolocation=(self "https://useyourdebittowin.com"), microphone=()
accept-ranges
bytes
content-length
14162
x-xss-protection
1; mode=block
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FKZR04EPRM&cid=1892095095.1731923500&gtm=45je4bc0v9189867276z89189857042za200zb9189857042&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102077855&tag_exp=101925629~102067555~102067808~102077855&z=1112573120

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer function| Vue function| axios function| Swiper object| Popper number| uidEvent object| bootstrap object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal

2 Cookies

Domain/Path Name / Value
.butterfieldholidayshopping.com/ Name: _ga
Value: GA1.1.1892095095.1731923500
.butterfieldholidayshopping.com/ Name: _ga_FKZR04EPRM
Value: GS1.1.1731923500.1.0.1731923500.60.0.0

1 Console Messages

Source Level URL
Text
security error URL: https://butterfieldholidayshopping.com/
Message:
Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FKZR04EPRM&cid=1892095095.1731923500&gtm=45je4bc0v9189867276z89189857042za200zb9189857042&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102077855&tag_exp=101925629~102067555~102067808~102077855&z=1112573120' because it violates the following Content Security Policy directive: "img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://useyourdebittowin.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

butterfieldholidayshopping.com
region1.analytics.google.com
stats.g.doubleclick.net
www.google.de
www.googletagmanager.com
www.google.de
2001:4860:4802:34::36
2606:4700:20::681a:112
2a00:1450:4001:827::2008
2a00:1450:400c:c0d::9d
1671f705e135b881a75a5a0840bdd9f6034774e6db6d646c8b4c8d839fc9b174
1df56af66680348c91da9b075e09b0a3f3939383c39ae5afaa04d0e9c1b886a2
248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
324e275639363b97974bb2dca489ce8cd188a93775839a39c822945787958a8d
3290deee18a4ec2edab9f629b57bbb4063baa38cbe964f99c8ef4405a3a8610d
33f35692fd57e7407f9a7a650fcc5cc12b828824f44f8f2c4d133323d87b3c11
41d59b04452edce75331c4416ff9435de714df5f1183e4e620d259d54874f9af
44e46c4fdef6f1bad12b9a04657312506932a88dec1a3b2830f66ad26c607b07
482abbb9a93e8bdfd21f56816745f5a22977191100b628e0ab760721f8b34e37
4a5dced7f6ff983df1e485af7cef3349c3155ac9534c4cb50f6ffee033d37d72
5db74e78c2a94e4d5688344197d46f1e06dde57bb98f5e1d8e983537ec610ef9
707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a
7219547ee25334cbac0fe4b3acf0bf631e48ebb622c71af038edaaa652c60875
75607416aa60dfb8d358b29d4b7629fb1a5074a354e9f9a58f5bb471a0c02b9c
8251dfb2b07b443734a76d553d470859089aca81390024811840da7c031c2cc1
899db03a9409a45b4988c60e65b8c08d4c6936d6dda1363d86a5a1298109023e
8b849e3f5952daf2c7404f61140ed4b275c1e3f01d9cbe6839d276a0a1f1ff94
a410460285968ae56f3748e57fd09c6da63c17934a9f59cc7f9a6542f5cf2d3b
a4a34cbf498055e7264cbcc61eac51e4671a46483733044de80cd61916d561dd
a4c123551432f10a965b8a9f706d3a8f9ed36e1564620f520de64cdf5bfe6dc9
b8e4eca40b6c5cff975c70edb3e8c2a2dbe4dc231aebe2b3e904f448b1c9e88b
cac618443a07dab34ebe9ea03ebd2f5bb736d5fd42fc5ec61ab45f3a8027a833
d9d74de704895fbf015da64d019e976c6aaf53d24bb7ce5e636de12d818cfd14
df69510676c2f2a7874753499d97de285991eae432dd7cf3c0281871661d745b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fb1e9574b097e7e8c86577ea959e36220e65553c96369fc15e98ba6414982e84