www.ordercarnaval.com Open in urlscan Pro
35.238.2.132 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ordercarnaval.com/
Effective URL:
https://www.ordercarnaval.com/
Submission Tags: suspect
Submission: On August 26 via api (August 26th 2024, 6:04:44 pm UTC) from BR — Scanned from CA

Summary HTTP 50 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 24 IPs in 2 countries across 18 domains to perform 50 HTTP transactions. The main IP is 35.238.2.132, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.ordercarnaval.com.
TLS certificate: Issued by R10 on August 23rd 2024. Valid for: 3 months.

This is the only time www.ordercarnaval.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.255.119.140 162.255.119.140	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	35.238.2.132 35.238.2.132	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2607:f8b0:400... 2607:f8b0:4006:80f::2008	15169 (GOOGLE) (GOOGLE)
6	2606:4700:20:... 2606:4700:20::681a:6ae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	108.139.29.70 108.139.29.70	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:80b::200a	15169 (GOOGLE) (GOOGLE)
3	104.18.13.54 104.18.13.54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:220... 2600:9000:2209:600:1b:4f00:3240:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
2	142.250.80.36 142.250.80.36	15169 (GOOGLE) (GOOGLE)
3	2600:141b:b00... 2600:141b:b000::1737:ebe9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	108.139.29.116 108.139.29.116	16509 (AMAZON-02) (AMAZON-02)
2	151.101.128.176 151.101.128.176	54113 (FASTLY) (FASTLY)
1	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
1	2600:1901:0:6... 2600:1901:0:68c9::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81f::2003	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
1	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
3	151.101.64.176 151.101.64.176	54113 (FASTLY) (FASTLY)
1	2607:f8b0:400... 2607:f8b0:4004:c06::54	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:49fd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	108.139.47.19 108.139.47.19	16509 (AMAZON-02) (AMAZON-02)
1	151.101.131.1 151.101.131.1	54113 (FASTLY) (FASTLY)
50	24

1 162.255.119.140 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

ordercarnaval.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.238.2.132 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.2.238.35.bc.googleusercontent.com

www.ordercarnaval.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80f::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:6ae (United States)

ASN13335 (CLOUDFLARENET, US)

stores-cdn.cloudwaitress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.139.29.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-70.jfk50.r.cloudfront.net

api.mapbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80b::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.13.54 (None, )

ASN13335 (CLOUDFLARENET, US)

jstest.authorize.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2209:600:1b:4f00:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.emergepay.chargeitpro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.36 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:141b:b000::1737:ebe9 (Newark, United States)

ASN20940 (AKAMAI-ASN1, NL)

ucarecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.139.29.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-116.jfk50.r.cloudfront.net

cdn.checkout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.128.176 (San Francisco, United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:68c9:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

geo-targetly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:824::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81f::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.64.176 (San Francisco, United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::54 (Washington, United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:49fd (United States)

ASN13335 (CLOUDFLARENET, US)

api.cloudwaitress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 108.139.47.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-19.jfk50.r.cloudfront.net

rest.ably.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.131.1 (San Francisco, United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cloudwaitress.com stores-cdn.cloudwaitress.com api.cloudwaitress.com	1 MB
7	ably.io rest.ably.io — Cisco Umbrella Rank: 37816	5 KB
5	stripe.com js.stripe.com — Cisco Umbrella Rank: 2856	157 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	274 KB
3	ucarecdn.com ucarecdn.com — Cisco Umbrella Rank: 28783	1 MB
3	google.com www.google.com — Cisco Umbrella Rank: 10 accounts.google.com — Cisco Umbrella Rank: 46	87 KB
3	authorize.net jstest.authorize.net — Cisco Umbrella Rank: 158353	6 KB
2	paypal.com www.paypal.com — Cisco Umbrella Rank: 3677 t.paypal.com — Cisco Umbrella Rank: 4582	7 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	2 KB
2	mapbox.com api.mapbox.com — Cisco Umbrella Rank: 4049	178 KB
2	ordercarnaval.com 1 redirects ordercarnaval.com www.ordercarnaval.com	166 KB
1	geo-targetly.com geo-targetly.com — Cisco Umbrella Rank: 200512	7 KB
1	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 3281	230 KB
1	checkout.com cdn.checkout.com — Cisco Umbrella Rank: 80485	31 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	31 KB
1	chargeitpro.com assets.emergepay.chargeitpro.com — Cisco Umbrella Rank: 409522	20 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	102 KB
50	18

	Domain	Requested by
7	rest.ably.io	stores-cdn.cloudwaitress.com
6	stores-cdn.cloudwaitress.com	www.ordercarnaval.com
5	js.stripe.com	www.ordercarnaval.com js.stripe.com
3	fonts.gstatic.com	fonts.googleapis.com
3	ucarecdn.com	www.ordercarnaval.com
3	jstest.authorize.net	www.ordercarnaval.com jstest.authorize.net
2	api.cloudwaitress.com	stores-cdn.cloudwaitress.com
2	www.google-analytics.com	www.googletagmanager.com stores-cdn.cloudwaitress.com
2	www.google.com	www.ordercarnaval.com www.gstatic.com
2	fonts.googleapis.com	www.ordercarnaval.com
2	api.mapbox.com	www.ordercarnaval.com
1	t.paypal.com	www.ordercarnaval.com
1	accounts.google.com	stores-cdn.cloudwaitress.com
1	www.paypal.com	www.paypalobjects.com
1	www.gstatic.com	www.google.com
1	geo-targetly.com	www.ordercarnaval.com
1	www.paypalobjects.com	www.ordercarnaval.com
1	cdn.checkout.com	www.ordercarnaval.com
1	code.jquery.com	www.ordercarnaval.com
1	assets.emergepay.chargeitpro.com	www.ordercarnaval.com
1	www.googletagmanager.com	www.ordercarnaval.com
1	www.ordercarnaval.com
1	ordercarnaval.com	1 redirects
50	23

This site contains links to these domains. Also see Links.

Domain
www.zippeats.com

Subject Issuer	Validity	Valid
www.ordercarnaval.com R10	`2024-08-23` - `2024-11-21`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
cloudwaitress.com WE1	`2024-08-22` - `2024-11-20`	3 months	crt.sh
api.mapbox.com Amazon RSA 2048 M03	`2023-11-06` - `2024-12-03`	a year	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
jstest.authorize.net Cloudflare Inc ECC CA-3	`2024-05-08` - `2024-12-31`	8 months	crt.sh
*.emergepay.chargeitpro.com Amazon RSA 2048 M03	`2024-07-30` - `2025-08-27`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
cps3.ucarecdn.com R10	`2024-08-19` - `2024-11-17`	3 months	crt.sh
*.checkout.com Amazon RSA 2048 M02	`2024-06-16` - `2025-07-15`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-07-23` - `2024-10-24`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-06-13` - `2025-06-12`	a year	crt.sh
geo-targetly.com WR3	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
accounts.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.realtime.ably.net Amazon RSA 2048 M03	`2023-12-08` - `2025-01-05`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-06-21` - `2025-06-20`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.ordercarnaval.com/
Frame ID: 1464F73E42E53DEAD051F82928D7FC46
Requests: 46 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html
Frame ID: 49D8EBBCA673DD5F2283B02DDBC3649F
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html
Frame ID: 76432DFCBCD67DE4DCA6E9871C4839CD
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 48ED672A5642635173F5047ED7B9E46D
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LftLlchAAAAADuqwP9LNFzKN7Bfrh6WVtB9B-B6&co=aHR0cHM6Ly93d3cub3JkZXJjYXJuYXZhbC5jb206NDQz&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=invisible&cb=xykbecywz8a8
Frame ID: 3CCE56BCDB5D3C2B00A799C66D409877
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Carnaval Restaurant & Bakery | 344 Morris Ave, Elizabeth, New Jersey 07208

Page URL History Show full URLs

http://ordercarnaval.com/ HTTP 307
https://ordercarnaval.com/ HTTP 307
http://ordercarnaval.com/ HTTP 302
http://www.ordercarnaval.com/ HTTP 307
https://www.ordercarnaval.com/ Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

Mapbox GL JS (Maps) Expand

Overall confidence: 100%
Detected patterns

mapbox-gl.js

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

50
Requests

96 %
HTTPS

50 %
IPv6

18
Domains

23
Subdomains

24
IPs

2
Countries

3748 kB
Transfer

9932 kB
Size

7
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.zippeats.com/
Title: Zippeats

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ordercarnaval.com/ HTTP 307
https://ordercarnaval.com/ HTTP 307
http://ordercarnaval.com/ HTTP 302
http://www.ordercarnaval.com/ HTTP 307
https://www.ordercarnaval.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.ordercarnaval.com/
Redirect Chain

http://ordercarnaval.com/
https://ordercarnaval.com/
http://ordercarnaval.com/
http://www.ordercarnaval.com/
https://www.ordercarnaval.com/

165 KB
166 KB

1472ms
1298ms

Document
text/html

35.238.2.132
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ordercarnaval.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.238.2.132 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

132.2.238.35.bc.googleusercontent.com

Software

Resource Hash

c5536d489c6329605483f55e9a0e026812e8dd4a1b9e3827d926fc13fbf3aed4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

connection: close
content-length: 169110
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:04:36 GMT
etag: "29496-F2lHdG7DkMfLT7onIrAK9hf2eXA"
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-xss-protection: 1; mode=block

Redirect headers

Location: https://www.ordercarnaval.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 308 KB
102 KB 148ms
69ms Script
application/javascript 2607:f8b0:4006:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2BYT335J12

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

36072bd5e9ce89d92157db5aa900e8c3f45ecd3b3369b1d27666d678ea52e2f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104394
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Aug 2024 18:04:36 GMT

GET
H2 200 reset.css
stores-cdn.cloudwaitress.com/ 987 B
874 B 150ms
40ms Stylesheet
text/css 2606:4700:20::681a:6ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stores-cdn.cloudwaitress.com/reset.css

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6ae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7aa182bdb9780810ae4b9a24763c5ac356eb54762e5d1020046669e84725574

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15547752
cf-polished: origSize=1317
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 26 Feb 2024 17:09:40 GMT
server: cloudflare
etag: W/"525-18de664c420"
x-download-options: noopen
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VdwfOevQQaof1ayAGF2ICWVfoRyemPB2ONULPU9Cdej6dwtpC9iZ%2FLXP7CaXV00p9Fh5H0T3szXYfcf77q2wcVX3iDQuGZgT0ZRVVn3Wzy0lC3GxjSReRAkf2nPNI6sDAe%2BlgPtOLc5yBeIfjtcQRmP%2FW0o8QvJneho%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 8b95bec9182336d0-YYZ

GET
H2 200 svg-with-js.css
stores-cdn.cloudwaitress.com/ 6 KB
2 KB 146ms
36ms Stylesheet
text/css 2606:4700:20::681a:6ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stores-cdn.cloudwaitress.com/svg-with-js.css

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6ae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcf8b8ea2fbabdfacf817651b14ccf31f522adcca1448eec2b10ec77e3ee94b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10293092
cf-polished: origSize=7455
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Sun, 28 Apr 2024 19:41:20 GMT
server: cloudflare
etag: W/"1d1f-18f2639e700"
x-download-options: noopen
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=40PJgwbYRr1VP8MlmjIefIB%2BzqXzVWwzdjkYgvHnjEMqtlHWhVyR3iNVZEvIVgrHyL9p2ObTnerPJvsN0NTBR7KaXEDFVpEUeo%2B7MnEQXz1xH8xWEA8jJN2bnIwevyI1SWVn%2Bao3WHqWAFNIawotD1aUYNtWmYwyZIw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 8b95bec9181f36d0-YYZ

GET
H2 200 main.da68a447459736f8ee55.css
stores-cdn.cloudwaitress.com/ 115 KB
15 KB 149ms
40ms Stylesheet
text/css 2606:4700:20::681a:6ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stores-cdn.cloudwaitress.com/main.da68a447459736f8ee55.css

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6ae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8d4d34aa72ac9712d0d9912c83f1ea1a8b0e263526ddda4dffaea07df077719

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9763453
cf-polished: origSize=117858
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Sun, 28 Apr 2024 19:43:19 GMT
server: cloudflare
etag: W/"1cc62-18f263bb7d8"
x-download-options: noopen
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I8kT%2BLBwSWSbhtlgmc%2F0uI3Vcko0LGHGOjQoXkKpjIZubrqLlcoeVv4OXgx%2FSzb7gOy8%2FRNYQQVjByMt%2FkR1yjwVNhTJQd9wVkm9rdqAVdDorBrdRuJsxykZkA5Jk2yzErWEkBd80WgZqioRnw8hxWKuyFN9pNvBETI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 8b95bec9182236d0-YYZ

GET
H2 200 mapbox-gl.css
api.mapbox.com/mapbox-gl-js/v0.54.0/ 31 KB
8 KB 100ms
26ms Stylesheet
text/css 108.139.29.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.mapbox.com/mapbox-gl-js/v0.54.0/mapbox-gl.css
Requested by: Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-70.jfk50.r.cloudfront.net
Software: / Express
Resource Hash: 024a355f20381b217f25a9d12d6be10d2f43334fb75b7a3750419267f44c0322

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Wed, 31 Jul 2024 08:29:58 GMT
content-encoding: gzip
via: 1.1 06d42d2d80190e168b9494192458b51a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P2
age: 2280878
x-powered-by: Express
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu Apr 25 2019 15:32:24 GMT+0000 (Coordinated Universal Time)
etag: "190b2d4ca8040044e5497f789a7123d8"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: dfRECd27T6izvjFuN0xngOAfaGwrtaTUx5wks9aUncztdNq2Cw2Qmw==

GET
H2 200 css
fonts.googleapis.com/ 31 KB
1 KB 136ms
51ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100,200,300,regular,500,600,700,800,900,100italic,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6b114e7e4287ba48eb7a43ee5a0eb3c03d2cb30b2cbfa1602f8e090a9ce64079

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

strict-transport-security: max-age=31536000
date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Aug 2024 18:04:36 GMT

GET
H2 200 css
fonts.googleapis.com/ 7 KB
974 B 131ms
48ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

75aa68babf72f2bcf325634f9b35347e9b68dbcdf6ae1424d114aa7fdcd08e4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

strict-transport-security: max-age=31536000
date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Aug 2024 18:04:36 GMT

GET
H2 200 Accept.js Show response
jstest.authorize.net/v1/ 4 KB
3 KB 143ms
59ms Script
application/javascript 104.18.13.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jstest.authorize.net/v1/Accept.js

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.54 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20f5462b2ccec78d8749981a52df4f9739c6955f40a40008274f3d24218639ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5624
content-length: 2471
last-modified: Thu, 12 Sep 2019 19:45:18 GMT
server: cloudflare
etag: "c5db9ba269d51:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=432000
accept-ranges: bytes
cf-ray: 8b95bec8fbb154d3-YYZ
expires: Sat, 31 Aug 2024 18:04:36 GMT

GET
H2 200 cip-hosted-url.js Show response
assets.emergepay.chargeitpro.com/ 59 KB
20 KB 144ms
31ms Script
application/javascript 2600:9000:2209:600:1b:4f00:3240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.emergepay.chargeitpro.com/cip-hosted-url.js
Requested by: Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:600:1b:4f00:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45482de688352fb3b733be24113f41572e883ebeb065dc7328bb5bbc05b6a430

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 08:04:25 GMT
content-encoding: gzip
via: 1.1 2c7d387775f2e52dd268d2f49202b5d2.cloudfront.net (CloudFront)
last-modified: Tue, 23 Jul 2024 17:40:29 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
age: 36012
x-amz-server-side-encryption: AES256
etag: "628d3975d88bedbe4acd72e04f53ac7d"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
accept-ranges: bytes
content-length: 20578
x-amz-cf-id: _wg9vS2Jay3SuNAIBv0mmkD6Im1RAtXtKvvN5LBHEdkqaCBTdqtOAg==

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
31 KB 76ms
18ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2532186
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 30879
x-served-by: cache-lga21981-LGA, cache-yul1970043-YUL
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1724695477.604249,VS0,VE0
etag: W/"28feccc0-15d84"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 27315, 150949

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
659 B 113ms
48ms Script
text/javascript 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LftLlchAAAAADuqwP9LNFzKN7Bfrh6WVtB9B-B6

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

GSE /

Resource Hash

cac6d4b0cf4e89d1ae3a8bbeaeab5557d0ecf3a525dbad5786e9036c840a4646

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 26 Aug 2024 18:04:36 GMT

GET
H2 200 WhatsApp_Image_2024_08_22_at_11_15_25_PM.jpeg
ucarecdn.com/64561ea3-4cb6-44db-9257-414de7f0711d/-/resize/x50/-/progressive/yes/ 2 KB
2 KB 393ms
149ms Image
image/avif 2600:141b:b000::1737:ebe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ucarecdn.com/64561ea3-4cb6-44db-9257-414de7f0711d/-/resize/x50/-/progressive/yes/WhatsApp_Image_2024_08_22_at_11_15_25_PM.jpeg
Requested by: Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:b000::1737:ebe9 Newark, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Uploadcare /
Resource Hash: ba732c6ca6282f7bcc89ec2780861ca632560878050714a570679f1df0812139

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
x-image-width: 49
server: Uploadcare
etag: "94a8540d922ffeaed3e9c8f883e3a880"
vary: accept
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: image/avif
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Etag, X-Image-Width, X-Image-Height
cache-control: public, max-age=31244521
content-disposition: inline; filename=WhatsApp_Image_2024_08_22_at_11_15_25_PM.jpeg
x-image-height: 50
content-length: 1571

GET
H2 200 framesv2.min.js Show response
cdn.checkout.com/js/ 84 KB
31 KB 205ms
35ms Script
application/javascript 108.139.29.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.checkout.com/js/framesv2.min.js

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-139-29-116.jfk50.r.cloudfront.net

Software

nginx /

Resource Hash

fed900dec7b78c440469f6135fc16475080be12015a04dfa502a1614553b652b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' js.checkout.com; connect-src 'self' js.checkout.com api.checkout.com risk.checkout.com fpjs.checkout.com api.sandbox.checkout.com risk.sandbox.checkout.com fpjs.sandbox.checkout.com; script-src-elem 'self' 'unsafe-inline' js.checkout.com fpjsworker.checkout.com fpnpmcdn.net; report-uri https://payment-interfaces-security-reports.api.checkout.com/csp-report;

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

content-security-policy: default-src 'self' 'unsafe-inline' js.checkout.com; connect-src 'self' js.checkout.com api.checkout.com risk.checkout.com fpjs.checkout.com api.sandbox.checkout.com risk.sandbox.checkout.com fpjs.sandbox.checkout.com; script-src-elem 'self' 'unsafe-inline' js.checkout.com fpjsworker.checkout.com fpnpmcdn.net; report-uri https://payment-interfaces-security-reports.api.checkout.com/csp-report;
content-encoding: gzip
via: 1.1 b601959712c1f21193a489b5759f70ba.cloudfront.net (CloudFront)
date: Mon, 26 Aug 2024 07:37:45 GMT
server: nginx
x-amz-cf-pop: JFK50-P2
age: 37612
etag: W/"14ee8-HAsyuKH2XfiLM7wFtz4lVR0EhpM"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: PolffypVFMNazqzy8PpaIufj-OIP5UV7JNwZY0u_VZyND6PHvQIe8g==

GET
H2 200 / Show response
js.stripe.com/v3/ 647 KB
157 KB 103ms
17ms Script
text/javascript 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

fbe85154b0a64dc98fbcb645f30f97ee21441d65ff4928a96521feb7131c7cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 26 Aug 2024 18:04:36 GMT
via: 1.1 varnish
age: 5
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 160028
x-request-id: 26ca9f49-4cb4-4d04-8581-cd14ea8b66ac
x-served-by: cache-yul1970031-YUL
last-modified: Mon, 26 Aug 2024 18:00:33 GMT
server: Fastly
etag: "d5b38ce0fab3fdbd623659f3450b8854"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 6

GET
H2 200 checkout.js Show response
www.paypalobjects.com/api/ 1 MB
230 KB 143ms
40ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/api/checkout.js

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D135) /

Resource Hash

2e227a920676415558e65f45af1b2f144fdb3461285f5a4363fe0e619793b48f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 47282750f6ca0
dc: ccg11-origin-www-1.paypal.com
content-length: 235319
last-modified: Tue, 06 Aug 2024 16:23:34 GMT
server: ECAcc (nyd/D135)
traceparent: 00-000000000000000000047282750f6ca0-9a55906c2fcc7e74-01
etag: W/"66b24e06-16d204"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Tue, 27 Aug 2024 18:04:36 GMT

GET
H2 200 mapbox-gl.js Show response
api.mapbox.com/mapbox-gl-js/v0.54.0/ 666 KB
170 KB 36ms
30ms Script
application/javascript 108.139.29.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.mapbox.com/mapbox-gl-js/v0.54.0/mapbox-gl.js
Requested by: Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-70.jfk50.r.cloudfront.net
Software: / Express
Resource Hash: 1e8d37aa129076389ff1ac3107cac72419ae0f4fb465eadb4d5d6079ee87c06d

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Fri, 19 Jul 2024 09:33:47 GMT
content-encoding: gzip
via: 1.1 06d42d2d80190e168b9494192458b51a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P2
age: 3313849
x-powered-by: Express
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu Apr 25 2019 15:20:28 GMT+0000 (Coordinated Universal Time)
etag: "8e9037b8c7bfeeab385f6330fa42a97f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
x-amz-cf-id: PWB5hsayc75FJPH9stEDPkKdMdqT07SflaXxYYs2bFQtbILUNjS14Q==

GET
H2 200 runtime.55b68d5bc9bb4ddb751a.js Show response
stores-cdn.cloudwaitress.com/ 1 KB
1 KB 41ms
36ms Script
application/javascript 2606:4700:20::681a:6ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stores-cdn.cloudwaitress.com/runtime.55b68d5bc9bb4ddb751a.js

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6ae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f11a4fa97ef5a8ebd26c594a5ab9ec881bdb7e183cb2147151a0deb1d9678d25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15543844
cf-polished: origSize=1556
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 26 Feb 2024 17:11:26 GMT
server: cloudflare
etag: W/"614-18de6666230"
x-download-options: noopen
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xHx97k80MvjJPRthZMPypRpRITV7tE%2FmNTu1ePs49Sy5dmfGXqN69vuhXWxpyGOvH9mvYC8H8sf%2BLX3wZzYspPbqk3aayaYmicHy5A7Dc8aRDn7jlPqRlH906Ekncf8Fj6M%2BSI%2FInpLSKL5g%2FDr7slPgLErGZ3abHmo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 8b95bec988ba36d0-YYZ

GET
H2 200 vendors.cf6e76060880e2fb646f.js Show response
stores-cdn.cloudwaitress.com/ 3 MB
1 MB 91ms
87ms Script
application/javascript 2606:4700:20::681a:6ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6ae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff75ed3c229c00fb7329336228a6cac64005739b378a7b9ba7b51ce9dff29a45

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5939780
cf-polished: origSize=3538738
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Wed, 12 Jun 2024 12:47:26 GMT
server: cloudflare
etag: W/"35ff32-1900c7d2330"
x-download-options: noopen
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XHAX4GRT6vFxb55veJVGUNzjQyYCHDycjMC3SYaAX2CfwZhMsr38wvo5DBXU%2FR9%2BQKEGbnrQ17WPAZqa0XmId9aiz9oyzgUoe8QbgIJdT67eDzBvfYSAsuxNr%2F60SxlWe5nqCxQJhS9BxPQnrB9lF7k3CmrC6FBDIvI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 8b95bec988bb36d0-YYZ

GET
H2 200 main.b1f1a2bdb8859eedf44d.js Show response
stores-cdn.cloudwaitress.com/ 749 KB
168 KB 74ms
70ms Script
application/javascript 2606:4700:20::681a:6ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stores-cdn.cloudwaitress.com/main.b1f1a2bdb8859eedf44d.js

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6ae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c441b27f6be9b34ac6b35bb2143990ef3642a28f7f694cadb77527c894363ebb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1769907
cf-polished: origSize=767199
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 06 Aug 2024 05:33:57 GMT
server: cloudflare
etag: W/"bb4df-191262e0988"
x-download-options: noopen
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xOh%2FJDyYaSKTgISO9tImHRqowdiN8LjEiaqM789SMGB8UVakqgTjsu1vqQ0aaFrPDdERdxnVOcAHjTZF%2B5RP0XCeKez19ukWgHfFfAlX2fBZNbeouqlIuy2g%2BbU6ItmrvUaL4ORoCvY9pl4dqo2OpYtzPFxrI%2B2cyXU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 8b95bec988bc36d0-YYZ

GET
H2 200 geolocation Show response
geo-targetly.com/ 6 KB
7 KB 113ms
36ms Script
application/javascript 2600:1901:0:68c9::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://geo-targetly.com/geolocation?id=-LmPAwNYDW-KdLZGoGKA
Requested by: Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:68c9:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: 2b5a028d2f45dce61dcb1cb4dc539f48f77016742207f6b1dff0c482049d0052

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
via: 1.1 google
server: Google Frontend
x-powered-by: Express
etag: W/"19e4-9VjLBSRUkt/qlnuGCORyICMdAnE"
content-type: application/javascript; charset=utf-8
x-cloud-trace-context: 96319276229897c1e81526ef7621b2a1
cache-control: private, no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6628

GET
H2 200 AcceptCore.js Show response
jstest.authorize.net/v1/ 9 KB
3 KB 73ms
70ms Script
application/javascript 104.18.13.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jstest.authorize.net/v1/AcceptCore.js

Requested by

Host: jstest.authorize.net
URL: https://jstest.authorize.net/v1/Accept.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.54 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79ec52f0ce86fb27c47d1f860ba62d34ad5fe6cd3778ee0952ac698f52096e81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4752
content-length: 3175
last-modified: Tue, 10 Sep 2019 23:26:44 GMT
server: cloudflare
etag: "092b352f68d51:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=432000
accept-ranges: bytes
cf-ray: 8b95bec98bf954d3-YYZ
expires: Sat, 31 Aug 2024 18:04:36 GMT

GET
H2 200 AcceptCore.js Show response
jstest.authorize.net/v1/ 9 KB
0 75ms
75ms XHR
application/javascript 104.18.13.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jstest.authorize.net/v1/AcceptCore.js

Requested by

Host: jstest.authorize.net
URL: https://jstest.authorize.net/v1/Accept.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.54 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79ec52f0ce86fb27c47d1f860ba62d34ad5fe6cd3778ee0952ac698f52096e81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4752
content-length: 3175
last-modified: Tue, 10 Sep 2019 23:26:44 GMT
server: cloudflare
etag: "092b352f68d51:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=432000
accept-ranges: bytes
cf-ray: 8b95bec98bf954d3-YYZ
expires: Sat, 31 Aug 2024 18:04:36 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/ 538 KB
213 KB 103ms
28ms Script
text/javascript 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LftLlchAAAAADuqwP9LNFzKN7Bfrh6WVtB9B-B6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ordercarnaval.com/
Origin: https://www.ordercarnaval.com
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 12:29:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 217366
x-xss-protection: 0
last-modified: Mon, 19 Aug 2024 04:00:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Aug 2025 12:29:27 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ 14 KB
14 KB 169ms
62ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ordercarnaval.com
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Fri, 23 Aug 2024 13:12:06 GMT
x-content-type-options: nosniff
age: 276750
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13980
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Aug 2025 13:12:06 GMT

GET
H2 200 Zippeats_Website_Templates___1_.jpg
ucarecdn.com/dca7fdcc-6335-46d3-9cd2-5f4181e6fdad/-/format/auto/-/progressive/yes/ 693 KB
694 KB 75ms
38ms Image
image/webp 2600:141b:b000::1737:ebe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ucarecdn.com/dca7fdcc-6335-46d3-9cd2-5f4181e6fdad/-/format/auto/-/progressive/yes/Zippeats_Website_Templates___1_.jpg
Requested by: Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:b000::1737:ebe9 Newark, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Uploadcare /
Resource Hash: b5826763eda56b38657d2911715fc2a6875a8e4b3f8c90cdcf34f5f429ef87ab

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:36 GMT
x-image-width: 3000
server: Uploadcare
etag: "125270110e91c5b4643a3f946ee0a98d"
vary: accept
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Etag, X-Image-Width, X-Image-Height
cache-control: public, max-age=31522727
content-disposition: inline; filename=Zippeats_Website_Templates___1_.jpg
x-image-height: 800
content-length: 709698

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v24/ 14 KB
14 KB 180ms
73ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ordercarnaval.com
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Fri, 23 Aug 2024 16:54:52 GMT
x-content-type-options: nosniff
age: 263384
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14168
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:29:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Aug 2025 16:54:52 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
33 KB 136ms
38ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,200,300,regular,500,600,700,800,900,100italic,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34208e63c50cc27f5c13b0c29629cf0561fa788f564a07f82cf877dc28e46b82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ordercarnaval.com
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Fri, 23 Aug 2024 02:10:05 GMT
x-content-type-options: nosniff
age: 316471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33148
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:39:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Aug 2025 02:10:05 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 129ms
50ms Fetch
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-2BYT335J12&gtm=45je48l0v9193732390za200&_p=1724695476567&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1100150409.1724695477&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1724695477&sct=1&seg=0&dl=https%3A%2F%2Fwww.ordercarnaval.com%2F&dt=Carnaval%20Restaurant%20%26%20Bakery%20%7C%20344%20Morris%20Ave%2C%20Elizabeth%2C%20New%20Jersey%2007208&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=5281
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2BYT335J12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:04:37 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ordercarnaval.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 12 KB
6 KB 251ms
204ms Script
application/x-javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.ordercarnaval.com&source=checkoutjs&t=xo&v=4.0.344

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

af5a8494d42185c1db478b778f48f7d86bd699c934c6b2b024c3082e81cbfcaf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-vjh2CzMyxrfpIPNiSrARQyVNgGZ4Cc/PoKRrO8DltfbfH4Zr' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-vjh2CzMyxrfpIPNiSrARQyVNgGZ4Cc/PoKRrO8DltfbfH4Zr' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Aug 2024 18:04:37 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 0
x-cache: HIT, MISS, MISS
paypal-debug-id: f831060a690cd
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4331
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200054-BUR, cache-yul1970049-YUL, cache-yul1970049-YUL
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f831060a690cd-34632ce6e843aef3-01
x-timer: S1724695478.655525,VS0,VE186
etag: W/"2f8d-d/4nnKHcaRhfuakaeYgjRXRJjY0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 3, 0, 0

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

Referer
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

Content-Type: image/webp

GET
H2 200 controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html
js.stripe.com/v3/ Frame 49D8 0
0 56ms
18ms Document
text/html 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ordercarnaval.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 54
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 403
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:04:38 GMT
etag: "2192bc635d8b55ea00400ca4fa5b0b92"
last-modified: Mon, 26 Aug 2024 17:21:25 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 19
x-content-type-options: nosniff
x-request-id: 1a0a6aee-81ca-4563-a2d6-3a11cc17ca40
x-served-by: cache-yul1970039-YUL

GET
H2 200 controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html
js.stripe.com/v3/ Frame 7643 0
0 51ms
51ms Document
text/html 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name

Value

Content-Security-Policy

base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report

X-Content-Type-Options

nosniff

Request headers

Referer: https://www.ordercarnaval.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 54
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 403
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:04:38 GMT
etag: "2192bc635d8b55ea00400ca4fa5b0b92"
last-modified: Mon, 26 Aug 2024 17:21:25 GMT
origin-agent-cluster: ?1
server: Fastly
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 19
x-content-type-options: nosniff
x-request-id: 1a0a6aee-81ca-4563-a2d6-3a11cc17ca40
x-served-by: cache-yul1970039-YUL

GET
H2 200 client Show response
accounts.google.com/gsi/ 226 KB
86 KB 195ms
75ms Script
application/javascript 2607:f8b0:4004:c06::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::54 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6ddd03a35bb2a0cee82416ea8788b1a09d04a1a163fb4b0cee25c20300dbf0c6

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-JsJBONZzqgEaF1z9_hNFsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:38 GMT
content-security-policy: script-src 'nonce-JsJBONZzqgEaF1z9_hNFsg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 26 Aug 2024 18:04:38 GMT

GET
H2 200 versions Show response
api.cloudwaitress.com/v1/service/ 155 B
592 B 143ms
141ms XHR
application/json 2606:4700:20::ac43:49fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cloudwaitress.com/v1/service/versions

Requested by

Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:49fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc2f432cfeb327261421f15ea99819abe3035478c2598622bbe4fa55b6f7df67

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.ordercarnaval.com/
Authorization-Store: 9R-tTPQnKBBKDe9_Rl2gk
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-dns-prefetch-control: off
x-xss-protection: 1; mode=block
server: cloudflare
etag: W/"9b-7fRwBdcfTj/xb6sU1L1ADnLycKw"
x-download-options: noopen
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=meSIHDjRrqIlE%2BOD55MHq8n1pkEDUKRyi09jiouQ%2F9dTrdMwjDBihyoh%2BGqNWVALzFcsQMF8K5mrOt%2FtFkvfYwtdIzVe5ESKe%2FqUsemGleki2kENIZGShbUeWCu0SqV2QjJaXqWmb%2BE6oQzpByf1W6bmEw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 8b95bed5cb31ab4c-YYZ

OPTIONS
H2 204 versions
api.cloudwaitress.com/v1/service/ Frame 0
0 196ms
114ms Preflight 2606:4700:20::ac43:49fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.cloudwaitress.com/v1/service/versions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization-store
Access-Control-Request-Method: GET
Origin: https://www.ordercarnaval.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization-store
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 8b95bed50a6dab4c-YYZ
content-length: 0
date: Mon, 26 Aug 2024 18:04:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NO3nCHk%2BJ%2FEeknfLVJB43MObBJ26VYEfEg18xqnQ3TOvFWkT1ppL0v4ua3yQrgH9JajtFZOWrC1WIw5WBWECgVVbD9eBmsqVkffQfAETEcjSShg3Lpbupj5%2F%2BVCZUF8tg66I%2FbhDdK1Bg7EcWtZ1Qm82hA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Access-Control-Request-Headers
x-powered-by: Express

GET
H2 200 connect Show response
rest.ably.io/comet/ 500 B
1 KB 151ms
41ms XHR
application/json 108.139.47.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/connect?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.14%20browser&rnd=8639899040490566
Requested by: Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-19.jfk50.r.cloudfront.net
Software: /
Resource Hash: a5d7549aaa9e4a4516e037c81fb6fcdd1b5d9015abf6d763c446a91ced6ae5e5

Request headers

accept: application/json
Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:38 GMT
via: 1.1 1d2861d9b6c0fd303c8b7539b394c190.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: JFK50-P1
vary: Origin
x-ably-serverid: frontend.bf3c.2.us-east-1-A.i-093ed97ad052cce62.e7dh9kQsABfelE
content-type: application/json
access-control-allow-origin: https://www.ordercarnaval.com
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 500
x-amz-cf-id: M1m6Sg-JFjfrNI-L_sUXR0Nt8BAVCzclXzxefdDaWOXWWS4CeIa52g==

GET
H2 200 connect Show response
rest.ably.io/comet/ 502 B
1 KB 147ms
38ms XHR
application/json 108.139.47.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/connect?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&stream=false&heartbeats=true&v=1.2&agent=ably-js%2F1.2.14%20browser&rnd=28453108331943455
Requested by: Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-19.jfk50.r.cloudfront.net
Software: /
Resource Hash: eaef9ceb6c88cecafe1b0f5a747685b447c97a028c2b351f6be338689e489e5b

Request headers

accept: application/json
Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:38 GMT
via: 1.1 1d2861d9b6c0fd303c8b7539b394c190.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: JFK50-P1
vary: Origin
x-ably-serverid: frontend.1325.1.us-east-1-A.i-0950a980e0f0c94c1.e7dXhKjXQBfY09
content-type: application/json
access-control-allow-origin: https://www.ordercarnaval.com
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 502
x-amz-cf-id: l3j8MpSsZ0zor7aOnP-4RfEL0ESYPzQdr3UWncFmFHSfy7jlHFvO9g==

GET
H3 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 48ED 0
0 21ms
20ms Document
text/html 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ordercarnaval.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2791333
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=31536000
content-encoding: br
content-length: 122
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:04:38 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Wed, 24 Jul 2024 20:03:32 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 922863
x-content-type-options: nosniff
x-request-id: 7da55775-2648-4a14-9326-46f843520663
x-served-by: cache-yul1970033-YUL

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 3CCE 0
0 120ms
53ms Document
text/html 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LftLlchAAAAADuqwP9LNFzKN7Bfrh6WVtB9B-B6&co=aHR0cHM6Ly93d3cub3JkZXJjYXJuYXZhbC5jb206NDQz&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=invisible&cb=xykbecywz8a8

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-aDZBchl_qaL1vDzNyzPOgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ordercarnaval.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'nonce-aDZBchl_qaL1vDzNyzPOgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 26 Aug 2024 18:04:38 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 ts
t.paypal.com/ 42 B
907 B 190ms
113ms Image
image/gif 151.101.131.1
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Carnaval%20Restaurant%20%26%20Bakery%20%7C%20344%20Morris%20Ave%2C%20Elizabeth%2C%20New%20Jersey%2007208&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1724695478687&g=420&completeurl=https%3A%2F%2Fwww.ordercarnaval.com%2F&ru=https%3A%2F%2Fwww.ordercarnaval.com%2F&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D

Requested by

Host: www.ordercarnaval.com
URL: https://www.ordercarnaval.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

expires: Mon, 26 Aug 2024 18:04:38 GMT
date: Mon, 26 Aug 2024 18:04:38 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 7653b764d5943
server-timing: "traceparent;desc="00-00000000000000000007653b764d5943-c121bd162a553d59-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200075-BUR, cache-yul1970041-YUL
pragma: no-cache
correlation-id: 7653b764d5943
traceparent: 00-00000000000000000007653b764d5943-3235632c492003c0-01
x-timer: S1724695479.769954,VS0,VE95
vary: Accept-Encoding
content-type: image/gif
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 0

GET
H2 200 connect Show response
rest.ably.io/comet/ 597 B
1 KB 46ms
46ms XHR
application/json 108.139.47.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rest.ably.io/comet/connect?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&upgrade=e7dXhKjXQBfY09!Qpz_eJgh2YkhnLPh-15f5db&heartbeats=true&v=1.2&agent=ably-js%2F1.2.14%20browser&rnd=1621025673752563

Requested by

Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.47.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-139-47-19.jfk50.r.cloudfront.net

Software

Resource Hash

8d15686d5c72716be510d2939fa39fa6cc5a7229ca6ab1ae84a157641cb15305

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:38 GMT
via: 1.1 1d2861d9b6c0fd303c8b7539b394c190.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-ably-cluster: production
x-amz-cf-pop: JFK50-P1
vary: Origin
x-ably-serverid: frontend.1325.1.us-east-1-A.i-0950a980e0f0c94c1.e7dXhKjXQBfY09
content-type: application/json
access-control-allow-origin: https://www.ordercarnaval.com
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: 2WI8N1S3DZvm1BfKQI8PZvruwFD3WKaA9d2hTC8dbvce9LloNsj2hQ==

GET recv
rest.ably.io/comet/e7dXhKjXQBfY09!Qpz_eJgh2YkhnLPh-15f5db/ 0
0

GET
H2 200 connect
rest.ably.io/comet/ 595 B
0 51ms
51ms XHR
application/json 108.139.47.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rest.ably.io/comet/connect?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&upgrade=e7dh9kQsABfelE!PV9ghTRSEFNWhXJ9-26b28&heartbeats=true&v=1.2&agent=ably-js%2F1.2.14%20browser&rnd=8920150202276178

Requested by

Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.47.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-139-47-19.jfk50.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:38 GMT
via: 1.1 1d2861d9b6c0fd303c8b7539b394c190.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-ably-cluster: production
x-amz-cf-pop: JFK50-P1
vary: Origin
x-ably-serverid: frontend.bf3c.2.us-east-1-A.i-093ed97ad052cce62.e7dh9kQsABfelE
content-type: application/json
access-control-allow-origin: https://www.ordercarnaval.com
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: yLlUq3XlePehgi4v1nLz1P0T00AjasEiac45pKPrG4981XYK1YEYkg==

GET recv
rest.ably.io/comet/e7dh9kQsABfelE!PV9ghTRSEFNWhXJ9-26b28/ 0
0

GET
H2 204 disconnect Show response
rest.ably.io/comet/e7dXhKjXQBfY09!Qpz_eJgh2YkhnLPh-15f5db/ 0
490 B 39ms
37ms XHR
text/plain 108.139.47.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/e7dXhKjXQBfY09!Qpz_eJgh2YkhnLPh-15f5db/disconnect?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&rnd=49820791747833004
Requested by: Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-19.jfk50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:38 GMT
via: 1.1 1d2861d9b6c0fd303c8b7539b394c190.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: JFK50-P1
vary: Origin
x-ably-serverid: frontend.1325.1.us-east-1-A.i-0950a980e0f0c94c1.e7dXhKjXQBfY09
x-cache: Miss from cloudfront
access-control-allow-origin: https://www.ordercarnaval.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: dAbipel9hjkov5GJcn20Q2joPXIvv9vnP1kKLE37TYeAQVdjRvjyTg==

GET
H2 204 disconnect Show response
rest.ably.io/comet/e7dXhKjXQBfY09!Qpz_eJgh2YkhnLPh-15f5dd/ 0
490 B 36ms
35ms XHR
text/plain 108.139.47.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/e7dXhKjXQBfY09!Qpz_eJgh2YkhnLPh-15f5dd/disconnect?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&rnd=23941030586881307
Requested by: Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-19.jfk50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:38 GMT
via: 1.1 1d2861d9b6c0fd303c8b7539b394c190.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: JFK50-P1
vary: Origin
x-ably-serverid: frontend.1325.1.us-east-1-A.i-0950a980e0f0c94c1.e7dXhKjXQBfY09
x-cache: Miss from cloudfront
access-control-allow-origin: https://www.ordercarnaval.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: u1f7oyeENPg4YUQekhVE_GVE_kW6PWzQ_wOmTEf8p2zwlvKDtYgtoA==

GET
H2 204 disconnect Show response
rest.ably.io/comet/e7dh9kQsABfelE!PV9ghTRSEFNWhXJ9-26b28/ 0
489 B 56ms
54ms XHR
text/plain 108.139.47.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rest.ably.io/comet/e7dh9kQsABfelE!PV9ghTRSEFNWhXJ9-26b28/disconnect?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&rnd=7657805116785128
Requested by: Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-19.jfk50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:39 GMT
via: 1.1 1d2861d9b6c0fd303c8b7539b394c190.cloudfront.net (CloudFront)
x-ably-cluster: production
x-amz-cf-pop: JFK50-P1
vary: Origin
x-ably-serverid: frontend.bf3c.2.us-east-1-A.i-093ed97ad052cce62.e7dh9kQsABfelE
x-cache: Miss from cloudfront
access-control-allow-origin: https://www.ordercarnaval.com
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: TcBijJPemyW7hcGUxzXPdoCtgl-pgRq-MoEwS1pIWv3K8MSxGvwGrg==

GET
H2 200 WhatsApp_Image_2024_08_22_at_11_15_25_PM.jpeg
ucarecdn.com/25451c57-f74c-421a-88ab-b41d577b62fa/-/format/png/-/progressive/yes/ 496 KB
497 KB 49ms
49ms Other
image/png 2600:141b:b000::1737:ebe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ucarecdn.com/25451c57-f74c-421a-88ab-b41d577b62fa/-/format/png/-/progressive/yes/WhatsApp_Image_2024_08_22_at_11_15_25_PM.jpeg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:b000::1737:ebe9 Newark, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Uploadcare /
Resource Hash: de163d97b71fc257d32933ce7eb3e9e20a31c63e876704bde8b6a19639ce8881

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

date: Mon, 26 Aug 2024 18:04:39 GMT
x-image-width: 785
server: Uploadcare
etag: "ec694ea53f9b57e44474870ed2b320b1"
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Etag, X-Image-Width, X-Image-Height
cache-control: public, max-age=31244417
content-disposition: inline; filename=WhatsApp_Image_2024_08_22_at_11_15_25_PM.jpeg
x-image-height: 793
content-length: 508415

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 49ms
48ms Fetch
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-2BYT335J12&gtm=45je48l0v9193732390za200&_p=1724695476567&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1100150409.1724695477&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1724695477&sct=1&seg=0&dl=https%3A%2F%2Fwww.ordercarnaval.com%2F&dt=Carnaval%20Restaurant%20%26%20Bakery%20%7C%20344%20Morris%20Ave%2C%20Elizabeth%2C%20New%20Jersey%2007208&en=scroll&epn.percent_scrolled=90&_et=63&tfd=10358
Requested by: Host: stores-cdn.cloudwaitress.com
URL: https://stores-cdn.cloudwaitress.com/vendors.cf6e76060880e2fb646f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:04:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ordercarnaval.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js Show response
js.stripe.com/v3/fingerprinted/js/ 176 B
295 B 18ms
17ms Script
text/javascript 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ordercarnaval.com/
User-Agent: Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 26 Aug 2024 18:04:44 GMT
via: 1.1 varnish
age: 1155171
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 123
x-request-id: ed6d5cfd-7fee-4fb1-87ee-6cbad20d575f
x-served-by: cache-yul1970031-YUL
last-modified: Mon, 12 Aug 2024 17:10:20 GMT
server: Fastly
etag: "96f5b26d366f47393b3ff36fe7471474"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 63734

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rest.ably.io
URL: https://rest.ably.io/comet/e7dXhKjXQBfY09!Qpz_eJgh2YkhnLPh-15f5db/recv?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&rnd=5959665611794227

Domain: rest.ably.io
URL: https://rest.ably.io/comet/e7dh9kQsABfelE!PV9ghTRSEFNWhXJ9-26b28/recv?key=sUrayQ.ZmIILA%3AQ3autCYxiTdFRJY4&rnd=4678860954245987

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.authorize.net/	1969-12-31 23:59:59	Name: __cfruid Value: 6c3270491f4b9cbfc504535bb89fa5c88f397811-1724695476
.authorize.net/	1969-12-31 23:59:59	Name: _cfuvid Value: mVsRjq5I_61JveGx1I.1TCA4gPRLLwCz0CyVxHY2CHM-1724695476662-0.0.1.1-604800000
.ordercarnaval.com/	1970-01-21 08:40:55	Name: _ga Value: GA1.1.1100150409.1724695477
.ordercarnaval.com/	1970-01-21 08:40:55	Name: _ga_2BYT335J12 Value: GS1.1.1724695477.1.0.1724695477.0.0.0
m.stripe.com/	1970-01-21 08:40:55	Name: m Value: 9e815da0-2607-4515-bb8d-0bd73b5337275168c3
.www.ordercarnaval.com/	1970-01-21 07:50:31	Name: __stripe_mid Value: d2134e41-3587-46b2-8e56-508ca8c9f519324be8
.www.ordercarnaval.com/	1970-01-20 23:04:57	Name: __stripe_sid Value: 347a2b0c-40e8-49e5-b05f-c97dbd1c295ce1a68d

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://www.ordercarnaval.com/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
api.cloudwaitress.com
api.mapbox.com
assets.emergepay.chargeitpro.com
cdn.checkout.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
geo-targetly.com
js.stripe.com
jstest.authorize.net
ordercarnaval.com
rest.ably.io
stores-cdn.cloudwaitress.com
t.paypal.com
ucarecdn.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.ordercarnaval.com
www.paypal.com
www.paypalobjects.com
rest.ably.io
104.18.13.54
108.139.29.116
108.139.29.70
108.139.47.19
142.250.80.36
151.101.128.176
151.101.131.1
151.101.64.176
151.101.65.21
162.255.119.140
192.229.210.155
2001:4860:4802:34::178
2600:141b:b000::1737:ebe9
2600:1901:0:68c9::
2600:9000:2209:600:1b:4f00:3240:93a1
2606:4700:20::681a:6ae
2606:4700:20::ac43:49fd
2607:f8b0:4004:c06::54
2607:f8b0:4006:80b::200a
2607:f8b0:4006:80f::2008
2607:f8b0:4006:81f::2003
2607:f8b0:4006:824::2003
2a04:4e42:600::649
35.238.2.132
024a355f20381b217f25a9d12d6be10d2f43334fb75b7a3750419267f44c0322
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b
1e8d37aa129076389ff1ac3107cac72419ae0f4fb465eadb4d5d6079ee87c06d
20f5462b2ccec78d8749981a52df4f9739c6955f40a40008274f3d24218639ab
2b5a028d2f45dce61dcb1cb4dc539f48f77016742207f6b1dff0c482049d0052
2e227a920676415558e65f45af1b2f144fdb3461285f5a4363fe0e619793b48f
34208e63c50cc27f5c13b0c29629cf0561fa788f564a07f82cf877dc28e46b82
36072bd5e9ce89d92157db5aa900e8c3f45ecd3b3369b1d27666d678ea52e2f1
45482de688352fb3b733be24113f41572e883ebeb065dc7328bb5bbc05b6a430
6b114e7e4287ba48eb7a43ee5a0eb3c03d2cb30b2cbfa1602f8e090a9ce64079
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6ddd03a35bb2a0cee82416ea8788b1a09d04a1a163fb4b0cee25c20300dbf0c6
75aa68babf72f2bcf325634f9b35347e9b68dbcdf6ae1424d114aa7fdcd08e4b
79ec52f0ce86fb27c47d1f860ba62d34ad5fe6cd3778ee0952ac698f52096e81
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
8d15686d5c72716be510d2939fa39fa6cc5a7229ca6ab1ae84a157641cb15305
a5d7549aaa9e4a4516e037c81fb6fcdd1b5d9015abf6d763c446a91ced6ae5e5
af5a8494d42185c1db478b778f48f7d86bd699c934c6b2b024c3082e81cbfcaf
b5826763eda56b38657d2911715fc2a6875a8e4b3f8c90cdcf34f5f429ef87ab
ba732c6ca6282f7bcc89ec2780861ca632560878050714a570679f1df0812139
bc2f432cfeb327261421f15ea99819abe3035478c2598622bbe4fa55b6f7df67
c441b27f6be9b34ac6b35bb2143990ef3642a28f7f694cadb77527c894363ebb
c5536d489c6329605483f55e9a0e026812e8dd4a1b9e3827d926fc13fbf3aed4
cac6d4b0cf4e89d1ae3a8bbeaeab5557d0ecf3a525dbad5786e9036c840a4646
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
d7aa182bdb9780810ae4b9a24763c5ac356eb54762e5d1020046669e84725574
d8d4d34aa72ac9712d0d9912c83f1ea1a8b0e263526ddda4dffaea07df077719
dcf8b8ea2fbabdfacf817651b14ccf31f522adcca1448eec2b10ec77e3ee94b2
de163d97b71fc257d32933ce7eb3e9e20a31c63e876704bde8b6a19639ce8881
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaef9ceb6c88cecafe1b0f5a747685b447c97a028c2b351f6be338689e489e5b
f11a4fa97ef5a8ebd26c594a5ab9ec881bdb7e183cb2147151a0deb1d9678d25
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fbe85154b0a64dc98fbcb645f30f97ee21441d65ff4928a96521feb7131c7cc7
fed900dec7b78c440469f6135fc16475080be12015a04dfa502a1614553b652b
ff75ed3c229c00fb7329336228a6cac64005739b378a7b9ba7b51ce9dff29a45

www.ordercarnaval.com Open in urlscan Pro 35.238.2.132 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

50 Requests

96 %HTTPS

50 %IPv6

18 Domains

23 Subdomains

24 IPs

2 Countries

3748 kBTransfer

9932 kBSize

7 Cookies

1 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ordercarnaval.com Open in urlscan Pro
35.238.2.132 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

96 %
HTTPS

50 %
IPv6

18
Domains

23
Subdomains

24
IPs

2
Countries

3748 kB
Transfer

9932 kB
Size

7
Cookies

50 HTTP transactions
1 data transactions