urlscan.io logo urlscan.io
SecurityTrails logo

medinacandle.com Open in urlscan Pro
104.16.95.48  Public Scan

Go To Rescan Add Verdict Report
URL: https://medinacandle.com/
Submission: On December 17 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 68 HTTP transactions. The main IP is 104.16.95.48, located in and belongs to CLOUDFLARENET, US. The main domain is medinacandle.com.
TLS certificate: Issued by WR1 on December 13th 2024. Valid for: 3 months.
This is the only time medinacandle.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
28 104.16.95.48 13335 (CLOUDFLAR...)
32 104.16.96.48 13335 (CLOUDFLAR...)
1 104.18.7.76 13335 (CLOUDFLAR...)
1 172.217.197.95 15169 (GOOGLE)
2 157.240.229.1 32934 (FACEBOOK)
2 31.13.66.35 32934 (FACEBOOK)
2 172.253.63.94 15169 (GOOGLE)
68 7
28    104.16.95.48 (None, )

ASN13335 (CLOUDFLARENET, US)
medinacandle.com
32    104.16.96.48 (None, )

ASN13335 (CLOUDFLARENET, US)
api.svc.myshopyan.com
1    104.18.7.76 (None, )

ASN13335 (CLOUDFLARENET, US)
api.svc.shopyan.com
1    172.217.197.95 (United States)

ASN15169 (GOOGLE, US)
PTR: qa-in-f95.1e100.net
fonts.googleapis.com
2    157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net
connect.facebook.net
2    31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com
www.facebook.com
2    172.253.63.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f94.1e100.net
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
32 myshopyan.com
api.svc.myshopyan.com
798 KB
28 medinacandle.com
medinacandle.com
460 KB
2 gstatic.com
fonts.gstatic.com
36 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
216 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
75 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
1 shopyan.com
api.svc.shopyan.com
52 KB
68 7
Domain Requested by
32 api.svc.myshopyan.com medinacandle.com
28 medinacandle.com medinacandle.com
2 fonts.gstatic.com fonts.googleapis.com
2 www.facebook.com medinacandle.com
2 connect.facebook.net medinacandle.com
connect.facebook.net
1 fonts.googleapis.com medinacandle.com
1 api.svc.shopyan.com medinacandle.com
68 7

This site contains no links.

Subject Issuer Validity Valid
medinacandle.com
WR1		 2024-12-13 -
2025-03-13		 3 months crt.sh
*.svc.myshopyan.com
WR1		 2024-12-09 -
2025-03-09		 3 months crt.sh
*.svc.shopyan.com
WR1		 2024-12-08 -
2025-03-08		 3 months crt.sh
upload.video.google.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-09-25 -
2024-12-24		 3 months crt.sh
*.gstatic.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://medinacandle.com/
Frame ID: AC1589AE4BB715C18D07380E1D3176D2
Requests: 61 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Medina Candle

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

68
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

2
Countries

1423 kB
Transfer

3188 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

68 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
medinacandle.com/ 		138 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ffc0c39c0d3f4ba19a2f4c30a3bfb9a3c60b82a957f4f87286f158048fdc740
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8f3790b85a69ac33-YYZ
content-encoding
br
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
content-type
text/html; charset=utf-8
date
Tue, 17 Dec 2024 14:22:27 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
675b036786f9f009ff972b56.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/675b036786f9f009ff972b56.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a99787c87d594b93c2ca390c684b2acc72377e2a02ccec5d490e97100fd1aa4c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79842
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Thu, 12 Dec 2024 15:38:16 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788836d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
20888
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
67558e257ee3ae2c3cee833f.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		65 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/67558e257ee3ae2c3cee833f.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
954920896e35524cda5ea16323cac17cbf5500ba12b49eeb5425a443dc84e8bc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79842
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 12:16:37 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788936d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
66996
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
67559a7e86f9f009ff9724e1.webp
api.svc.shopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		51 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.shopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/67559a7e86f9f009ff9724e1.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.7.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a04626000115b51df165d599140b778c88a81972812f73a8af5da1082ad26d0b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' https://client.crisp.chat 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://client.crisp.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://www.google.com https://store.shopyan.com https://auth.svc.shopyan.com https://youtube.com https://www.youtube.com https://shopyan.crisp.help; font-src 'self' https://fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://api.svc.shopyan.com https://api.svc.myshopyan.com https://auth.svc.shopyan.com wss://api.svc.shopyan.com wss://client.relay.crisp.chat https://googleads.g.doubleclick.net https://static.doubleclick.net https://client.crisp.chat https://storage.crisp.chat https://region1.google-analytics.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://seller.shopyan.com https://builder.shopyan.com https://auth.ishopyan.com;
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:29 GMT
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 13:09:18 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' https://client.crisp.chat 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://client.crisp.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://www.google.com https://store.shopyan.com https://auth.svc.shopyan.com https://youtube.com https://www.youtube.com https://shopyan.crisp.help; font-src 'self' https://fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://api.svc.shopyan.com https://api.svc.myshopyan.com https://auth.svc.shopyan.com wss://api.svc.shopyan.com wss://client.relay.crisp.chat https://googleads.g.doubleclick.net https://static.doubleclick.net https://client.crisp.chat https://storage.crisp.chat https://region1.google-analytics.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://seller.shopyan.com https://builder.shopyan.com https://auth.ishopyan.com;
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790cd0e08ab51-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
51916
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
67559c31919cde439df8e7e7.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/collection/medium/ 		46 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/collection/medium/67559c31919cde439df8e7e7.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
060caeb93d3d708e9310d308ab2a838aa9cccaacecdd754bba8c413343566c2d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79842
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 13:16:34 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788136d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
47572
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755a1d97ee3ae2c3cee835d.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/collection/medium/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/collection/medium/6755a1d97ee3ae2c3cee835d.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65b69b52df48d4da4f575a31bc2b2c227e1592fdcec7fb95546d8e12d434a21d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 13:40:41 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788636d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
41936
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755a1a97ee3ae2c3cee835c.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/collection/medium/ 		83 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/collection/medium/6755a1a97ee3ae2c3cee835c.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
732e24d6a22f62ec00714953c03dee5eea6b2beac7f9d3c476cbf63fe529e2b3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79842
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 13:39:53 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788536d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
84672
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755a16886f9f009ff9724e7.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/collection/medium/ 		90 KB
90 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/collection/medium/6755a16886f9f009ff9724e7.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e821dadaff3191d885d11651f14a9ea105df8e6ea4aa389b993d642538b8883
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79842
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 13:38:49 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7789636d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
91698
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755bd51919cde439df8e850.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/6755bd51919cde439df8e850.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cee40962b40c4442799a4c155635baf0ce152b520be93186b9ded0cab7c6061
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 15:37:53 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7789136d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
24376
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755c6e086f9f009ff97253b.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/6755c6e086f9f009ff97253b.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e213a7d778e3d5024646bc18a941999af088307c936b0e7de8a0cb56ae5e29a9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 16:18:40 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7789736d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
14032
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755c4f97ee3ae2c3cee83d5.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/6755c4f97ee3ae2c3cee83d5.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f98a04c7fe6640e7c8332a5d8ade0b57492a46a6c01f9f9447c6f83b00681cc8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 16:10:33 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788a36d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
31888
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755c5797ee3ae2c3cee83da.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/6755c5797ee3ae2c3cee83da.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d0c4c75111a7398e3f4223e6719a6f95bd2cd95b7fe840c69225c86836b94d4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 16:12:41 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7789536d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
25252
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755c6f87ee3ae2c3cee83e0.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/product/medium/6755c6f87ee3ae2c3cee83e0.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e58b6a14cd0fff186ee329a3076395d98251a35e4cff4850f13e273a3d0db924
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 16:19:04 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7789836d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
15748
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755a807919cde439df8e7f3.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/6755a807919cde439df8e7f3.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9ebe2fbb7bc0b46e1e5addd1f44535a75e05f64adde4b984d5e93b5cb59a5c0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 14:07:03 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788f36d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
94216
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755a96686f9f009ff9724ef.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/6755a96686f9f009ff9724ef.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
534f84a7faf2ef61d8b81c6442672424448f92afb5decf178c9613a86318be72
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 14:12:54 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7789336d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
77250
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755aa10919cde439df8e7f6.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/6755aa10919cde439df8e7f6.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f729c4fb16904859e69c9aad27372e37cbe7f70fffb012955034a7ed9b346a5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 14:15:44 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7789436d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
57544
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755aa20919cde439df8e7f7.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/6755aa20919cde439df8e7f7.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7364ea3578e0ef9d2159761e871c2e4d377543417445b8aaf9c69ea6e163df0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 14:16:00 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7789236d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
25138
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
6755aa2f919cde439df8e7f8.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/6755aa2f919cde439df8e7f8.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5383dd9d89b325b494e6bc49d016ab2b1a513457117644899052c57b0146b351
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Sun, 08 Dec 2024 14:16:15 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788d36d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
42692
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
67538cb97ee3ae2c3cee81c1.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/original/67538cb97ee3ae2c3cee81c1.webp
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
edea65dd709329375ff3bdb101d560d2379ad41034b304321931987e1dfb5ff8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
age
79841
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:31 GMT
date
Tue, 17 Dec 2024 14:22:31 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Fri, 06 Dec 2024 23:46:01 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d7788e36d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
40972
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
runtime.5e645e32e1cdf97c.js
medinacandle.com/ 		1 KB
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://medinacandle.com/runtime.5e645e32e1cdf97c.js
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82fa157155d6a2df4a1295db7fee1df7ab18002912f183c2a452b0b78566e03e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://medinacandle.com
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"443-1938d2937c8"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 03 Dec 2024 15:35:09 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c38ac9ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
polyfills.a833e1fb27659877.js
medinacandle.com/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://medinacandle.com/polyfills.a833e1fb27659877.js
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ae52684246bcb0d55dee7814801953fec5dfb22314d499bd25e8ab70bd1fb26
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://medinacandle.com
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"8455-1938d2937c8"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 03 Dec 2024 15:35:09 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c39acaac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
scripts.0e5b01af3f8fe401.js
medinacandle.com/ 		126 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://medinacandle.com/scripts.0e5b01af3f8fe401.js
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44152fd2ce9dedf42da6530a7bb384cf15dd27eab9dcb7eda870f480a94d5041
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1f936-1938d2937c8"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 03 Dec 2024 15:35:09 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3bae5ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
main.7c7258ef98c60ea3.js
medinacandle.com/ 		2 MB
356 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://medinacandle.com/main.7c7258ef98c60ea3.js
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd680651d5373268bba54ef52590c98b36683e04b478b0944a7d3e63150e902b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://medinacandle.com
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"188b20-1938d2937c8"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 03 Dec 2024 15:35:09 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c39accac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
styles.f26d96be7d72f113.css
medinacandle.com/ 		104 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://medinacandle.com/styles.f26d96be7d72f113.css
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e4ec94e6dcedf1f68d0d5cf55f662a38291dd5bc2ee9aec0f3051e170ddf658
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1a1cf-1938d2937c8"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:29 GMT
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
text/css; charset=UTF-8
last-modified
Tue, 03 Dec 2024 15:35:09 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3bae6ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
top.svg
medinacandle.com/assets/img/ 		588 B
395 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/top.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c0fbe0af5144146b0c17160932d63194d6071d9de5d902ddb6b2ae379455644
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"24c-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3bae8ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-search_.svg
medinacandle.com/assets/img/ 		2 KB
895 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-search_.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fece65f315c69f02e28002380085413c39f4fad38694961ef14008c69a7a0ae8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"657-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3baecac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-heart_.svg
medinacandle.com/assets/img/ 		618 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-heart_.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55addeecef7521eb9b14d7dd5406080ffcfd466c84e8ba592131cf65b83b6f27
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"26a-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3baeeac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-cart_.svg
medinacandle.com/assets/img/ 		962 B
523 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-cart_.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffcbdb7bad1fed2c2f83087b48804d15090559a0a4864cd76ea49d6be5fe5e2e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"3c2-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3baefac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-account_.svg
medinacandle.com/assets/img/ 		649 B
444 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-account_.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa0fb2f30b9e7ef80d5d73039878238e4f2cd30f1c33f2bbd6c230ba05bfdeea
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"289-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3baf2ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-close.svg
medinacandle.com/assets/img/ 		465 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-close.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f09aa2dd96442eb97d0abecd5479c3b269fc9cc70b67f36bf00405a6e206164
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1d1-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3baf3ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-search.svg
medinacandle.com/assets/img/ 		781 B
460 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-search.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5986616d90e4d8a88091a2326b43d51fecbb591828693cdc8a21f0e498608b06
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"30d-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3baf4ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-picture.svg
medinacandle.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-picture.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7df5b104b2e0e6c292498e402e71ba65edbb90d5a0d7f891df24c8500eba6eec
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"9f9-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3baf6ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-love.svg
medinacandle.com/assets/img/ 		763 B
471 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-love.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d172393479e2aa5f6e33a68926c19226fcca5cb845e121bb858ae57614d2d1b3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"2fb-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c3db08ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-line.svg
medinacandle.com/assets/img/ 		402 B
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-line.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
434551fb02596289fffdd2c95cc63d92c00b04cec218085a21ec9916bb520147
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"192-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b41ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-right-arrow.svg
medinacandle.com/assets/img/ 		245 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-right-arrow.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
781854daeb79dee900ea2c9a9d5811d83ae29c3fd9d7a346e02faa7b1f99e1c0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"f5-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b42ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-facebook.svg
medinacandle.com/assets/img/ 		352 B
321 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-facebook.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1e30e9e96d4f76523d88945167431b0dfbab2a260fb8547a784f37bb9db46d4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"160-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b44ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-instagram.svg
medinacandle.com/assets/img/ 		1 KB
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-instagram.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b920fd83bf43df916dbc6898aac27868e23d9bcb9dc66f1b9750fd13f2448c81
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"592-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b45ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-pinterest.svg
medinacandle.com/assets/img/ 		2 KB
947 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-pinterest.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85ce6f1cb71c82104e71cd148134644ca80cfe44a3b7bd7e988e45659008fff9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"688-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b46ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-snapchat.svg
medinacandle.com/assets/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-snapchat.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd5ee5b5b8e9d49e2c4c03a2d82e26a23499e6335da6ee4d98139259ab4caad3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"b0f-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b48ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-youtube.svg
medinacandle.com/assets/img/ 		571 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-youtube.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e27fea4ef6fb8dd65b654fd28c8f231357b4193c4b534d556864a2d49561caf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"23b-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b49ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-tiktok.svg
medinacandle.com/assets/img/ 		401 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-tiktok.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd05c15a8e4f9914fb4f0624ed44bf597205673af4d96c245298678b66aab7ba
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"191-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b4aac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-twitter.svg
medinacandle.com/assets/img/ 		560 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-twitter.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d9df0300bab2846125dc518a4a26df4640b9530df89eeb26f00e0c04c414ac6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"230-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b4bac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
neo-link.svg
medinacandle.com/assets/img/ 		290 B
275 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/neo-link.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dcffa1de04bc6e27a386b70880f4a99f0b04c0cb82bfa850b433058ac9438cdb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"122-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:28 GMT
date
Tue, 17 Dec 2024 14:22:28 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c43b4cac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
pixels
api.svc.myshopyan.com/store/applications/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/applications/pixels?origin=medinacandle.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1 ; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://medinacandle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,POST,GET,PUT,POST,OPTIONS,PATCH,DELETE
access-control-allow-origin
*
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f3790c7fab539ea-YYZ
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Tue, 17 Dec 2024 14:22:29 GMT
expires
0
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
no-referrer same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1 ; mode=block 1; mode=block
visit
api.svc.myshopyan.com/store/events/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/events/visit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1 ; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,storeid
Access-Control-Request-Method
POST
Origin
https://medinacandle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type, storeid
access-control-allow-methods
GET,HEAD,POST,GET,PUT,POST,OPTIONS,PATCH,DELETE
access-control-allow-origin
*
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f3790c7faba39ea-YYZ
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Tue, 17 Dec 2024 14:22:29 GMT
expires
0
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
no-referrer same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1 ; mode=block 1; mode=block
page-view
api.svc.myshopyan.com/store/conversion-api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/conversion-api/page-view?origin=https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1 ; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,storeid
Access-Control-Request-Method
GET
Origin
https://medinacandle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type, storeid
access-control-allow-methods
GET,HEAD,POST,GET,PUT,POST,OPTIONS,PATCH,DELETE
access-control-allow-origin
*
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f3790c7fabf39ea-YYZ
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Tue, 17 Dec 2024 14:22:29 GMT
expires
0
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
no-referrer same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1 ; mode=block 1; mode=block
SALES_POP
api.svc.myshopyan.com/store/applications/application-data/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/applications/application-data/SALES_POP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1 ; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,storeid
Access-Control-Request-Method
GET
Origin
https://medinacandle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type, storeid
access-control-allow-methods
GET,HEAD,POST,GET,PUT,POST,OPTIONS,PATCH,DELETE
access-control-allow-origin
*
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f3790c7fabc39ea-YYZ
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Tue, 17 Dec 2024 14:22:29 GMT
expires
0
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
no-referrer same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1 ; mode=block 1; mode=block
WHATSAPP
api.svc.myshopyan.com/store/applications/application-data/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/applications/application-data/WHATSAPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1 ; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,storeid
Access-Control-Request-Method
GET
Origin
https://medinacandle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type, storeid
access-control-allow-methods
GET,HEAD,POST,GET,PUT,POST,OPTIONS,PATCH,DELETE
access-control-allow-origin
*
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f3790c7fabb39ea-YYZ
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Tue, 17 Dec 2024 14:22:29 GMT
expires
0
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
no-referrer same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1 ; mode=block 1; mode=block
667496d5ded6c454dc3e76ae
api.svc.myshopyan.com/store/menus/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/menus/667496d5ded6c454dc3e76ae
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1 ; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,storeid
Access-Control-Request-Method
GET
Origin
https://medinacandle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type, storeid
access-control-allow-methods
GET,HEAD,POST,GET,PUT,POST,OPTIONS,PATCH,DELETE
access-control-allow-origin
*
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f3790c7fab839ea-YYZ
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Tue, 17 Dec 2024 14:22:29 GMT
expires
0
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
no-referrer same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1 ; mode=block 1; mode=block
products
api.svc.myshopyan.com/discounts/discounts/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/discounts/discounts/products
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1 ; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,storeid
Access-Control-Request-Method
POST
Origin
https://medinacandle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type, storeid
access-control-allow-methods
GET,HEAD,POST,GET,PUT,POST,OPTIONS,PATCH,DELETE
access-control-allow-origin
*
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f3790c83b0339ea-YYZ
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Tue, 17 Dec 2024 14:22:29 GMT
expires
0
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
pragma
no-cache
referrer-policy
no-referrer same-origin
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
DENY SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1 ; mode=block 1; mode=block
pixels
api.svc.myshopyan.com/store/applications/ 		153 B
180 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/applications/pixels?origin=medinacandle.com
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/polyfills.a833e1fb27659877.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
223182d314835e6ff001576f9a460edbf6edc7cf40cd9a5e93df1830538f754c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Accept-Language
fr
Accept
application/json, text/plain, */*
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
application/json
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
referrer-policy
no-referrer, same-origin
cf-ray
8f3790c9fc9f39ea-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
access-control-allow-origin
*
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
css2
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/main.7c7258ef98c60ea3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.197.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qa-in-f95.1e100.net
Software
ESF /
Resource Hash
c3e3d7e0bce6022ae66381d04eb4742252d577ba15c5f9cceb49cb14c9eb90b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 17 Dec 2024 14:22:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 17 Dec 2024 14:22:30 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Tue, 17 Dec 2024 14:21:34 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
visit
api.svc.myshopyan.com/store/events/ 		24 B
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/events/visit
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/polyfills.a833e1fb27659877.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e27c31ca2689db9537482e997fa0a1b81934e09d49cb666e9204acebf233bceb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Accept-Language
fr
Accept
application/json, text/plain, */*
storeId
667496d4ded6c454dc3e76ab
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
application/json
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
referrer-policy
no-referrer, same-origin
cf-ray
8f3790c9fca239ea-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
access-control-allow-origin
*
content-length
24
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
page-view
api.svc.myshopyan.com/store/conversion-api/ 		0
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/conversion-api/page-view?origin=https://medinacandle.com/
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/polyfills.a833e1fb27659877.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Accept-Language
fr
Accept
application/json, text/plain, */*
storeId
667496d4ded6c454dc3e76ab
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Tue, 17 Dec 2024 14:22:29 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
referrer-policy
no-referrer, same-origin
cf-ray
8f3790ca0cae39ea-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
access-control-allow-origin
*
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
SALES_POP
api.svc.myshopyan.com/store/applications/application-data/ 		0
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/applications/application-data/SALES_POP
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/polyfills.a833e1fb27659877.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Accept-Language
fr
Accept
application/json, text/plain, */*
storeId
667496d4ded6c454dc3e76ab
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Tue, 17 Dec 2024 14:22:29 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
referrer-policy
no-referrer, same-origin
cf-ray
8f3790c9fca439ea-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
access-control-allow-origin
*
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
WHATSAPP
api.svc.myshopyan.com/store/applications/application-data/ 		2 B
99 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/applications/application-data/WHATSAPP
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/polyfills.a833e1fb27659877.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Accept-Language
fr
Accept
application/json, text/plain, */*
storeId
667496d4ded6c454dc3e76ab
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
application/json
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
referrer-policy
no-referrer, same-origin
cf-ray
8f3790c9fca739ea-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
access-control-allow-origin
*
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
667496d5ded6c454dc3e76ae
api.svc.myshopyan.com/store/menus/ 		368 B
235 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/store/menus/667496d5ded6c454dc3e76ae
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/polyfills.a833e1fb27659877.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f4a8beecf6be69182bf411e0f8ee901494eda3170e8fa0dae673f81d7571883
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Accept-Language
fr
Accept
application/json, text/plain, */*
storeId
667496d4ded6c454dc3e76ab
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
application/json
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
referrer-policy
no-referrer, same-origin
cf-ray
8f3790c9fc9b39ea-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
access-control-allow-origin
*
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
globe_.svg
medinacandle.com/assets/img/ 		1 KB
770 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/globe_.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b65767de15434bade604a2cbd1b4783a57334a900d2f2551c64a5888922f0308
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"5ad-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:29 GMT
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c82e6fac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
fr.svg
medinacandle.com/assets/img/flag/ 		267 B
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://medinacandle.com/assets/img/flag/fr.svg
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0850234f0a8492ed7f33fb1d5c6fc705576234ce75ef6b31eef9115c8e1f13ee
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://medinacandle.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"10b-1938d294380"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:29 GMT
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
image/svg+xml
last-modified
Tue, 03 Dec 2024 15:35:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790c82e70ac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-xss-protection
1; mode=block
server
cloudflare
products
api.svc.myshopyan.com/discounts/discounts/ 		521 B
214 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/discounts/discounts/products
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/polyfills.a833e1fb27659877.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed672be35ebb46c11aeb50cabd6805c5367ff127d80c565138e09c676cb912e1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Accept-Language
fr
Accept
application/json, text/plain, */*
storeId
667496d4ded6c454dc3e76ab
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
0
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
application/json
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
referrer-policy
no-referrer, same-origin
cf-ray
8f3790ca3cf939ea-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
access-control-allow-origin
*
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
slick.653a4cbba6e1a2b3.woff
medinacandle.com/ 		1 KB
1 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://medinacandle.com/slick.653a4cbba6e1a2b3.woff
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/styles.f26d96be7d72f113.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://medinacandle.com
Referer
https://medinacandle.com/styles.f26d96be7d72f113.css

Response headers

cf-cache-status
HIT
etag
W/"564-1938d2937c8"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Wed, 17 Dec 2025 14:22:29 GMT
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
font/woff
last-modified
Tue, 03 Dec 2024 15:35:09 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=31536000
referrer-policy
same-origin
cf-ray
8f3790cb58eaac33-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
1380
x-xss-protection
1; mode=block
server
cloudflare
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-iad3.fbcdn.net
Software
/
Resource Hash
240355f4e85792fb5c1e46a942e6d797a078d39f8717dfbab666e4e80cb4dd8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-w85IQzf1' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 17 Dec 2024 14:22:29 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-w85IQzf1' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=40, rtx=0, c=23, mss=1232, tbw=4484, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
KiM2qN2/y/61HF5BMt2vetEdwzi/P6PqSsZANZz69stR6Kvt0qYemV2po8tyvZ16ux/u3ifJo/xg8veRf2KDag==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62283
x-xss-protection
0
origin-agent-cluster
?1
1554601915166212
connect.facebook.net/signals/config/ 		69 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1554601915166212?v=2.9.179&r=stable&domain=medinacandle.com&hme=b8122d5d96cd6f542162ba4f497489972d1ebe228d24c39d34f560e30ae932ce&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-iad3.fbcdn.net
Software
/
Resource Hash
920d03e97a994efe602c035a276983b415d75f5417f92b5f8430cfdf784cf2b9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-MDiaq6Zm' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 17 Dec 2024 14:22:30 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-MDiaq6Zm' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=44, rtx=6, c=78, mss=1232, tbw=78126, tp=76, tpl=6, uplat=145, ullat=0
pragma
public
x-fb-debug
etPjAD+zK49L/4vwV1CMeKAn5aJ1irIgb8ZxMpk5nlBFcKrWroaBuwcoheIx0gJER/6YrbwFZ0D6fCdgjL793A==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1554601915166212&ev=PageView&dl=https%3A%2F%2Fmedinacandle.com%2F&rl=&if=false&ts=1734445350196&sw=1600&sh=1200&v=2.9.179&r=stable&ec=0&o=4126&fbp=fb.1.1734445350193.258932176431163874&ler=empty&cdl=API_unavailable&it=1734445349972&coo=false&rqm=GET
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=49, rtx=0, c=23, mss=1232, tbw=4665, tp=12, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Tue, 17 Dec 2024 14:22:30 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1554601915166212&ev=PageView&dl=https%3A%2F%2Fmedinacandle.com%2F&rl=&if=false&ts=1734445350196&sw=1600&sh=1200&v=2.9.179&r=stable&ec=0&o=4126&fbp=fb.1.1734445350193.258932176431163874&ler=empty&cdl=API_unavailable&it=1734445349972&coo=false&rqm=FGET
Requested by
Host: medinacandle.com
URL: https://medinacandle.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7449386055428751685"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 17 Dec 2024 14:22:30 GMT
content-type
image/png
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7449386055428751685", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-debug
SHItWM7aybHeHEeB9D9mpysyDrDxQtI9JkqrwoKtZzzNvqHYM+6HTtDm9/TmskKkdLnUuLQ2B+/ZhRBdJhTj+g==
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=45, rtx=0, c=23, mss=1232, tbw=5033, tp=15, tpl=0, uplat=68, ullat=0
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f94.1e100.net
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://medinacandle.com
Referer
https://fonts.googleapis.com/

Response headers

age
239250
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 14 Dec 2025 19:55:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 14 Dec 2024 19:55:00 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f94.1e100.net
Software
sffe /
Resource Hash
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://medinacandle.com
Referer
https://fonts.googleapis.com/

Response headers

age
239251
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 14 Dec 2025 19:54:59 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 14 Dec 2024 19:54:59 GMT
last-modified
Thu, 01 Aug 2024 20:41:21 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18596
x-xss-protection
0
server
sffe
675b0352919cde439df8edc9.webp
api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/small/ 		9 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://api.svc.myshopyan.com/products/media/667496d4ded6c454dc3e76ab/store/small/675b0352919cde439df8edc9.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1af909393259656c685c179f85806c99222b0b403cf6453995752c5c4cbe6f88
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Tue, 24 Dec 2024 14:22:32 GMT
date
Tue, 17 Dec 2024 14:22:32 GMT
content-type
image/webp
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Thu, 12 Dec 2024 15:37:54 GMT
x-frame-options
DENY, SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
cache-control
public, max-age=604800
referrer-policy
no-referrer, same-origin
cf-ray
8f3790d9dab536d8-YYZ
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
content-length
9128
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare

Verdicts & Comments Add Verdict or Comment

163 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkshopyan_store function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononpageswappatched boolean| __zone_symbol__ononpagerevealpatched boolean| __zone_symbol__ononscrollendpatched boolean| __zone_symbol__ononscrollsnapchangepatched boolean| __zone_symbol__ononscrollsnapchangingpatched function| $ function| jQuery object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__messagefalse object| __zone_symbol__scrollfalse object| __zone_symbol__focusfalse object| __zone_symbol__loadfalse function| fbq function| _fbq object| __zone_symbol__pagehidefalse object| __zone_symbol__pageshowfalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener function| eventListeners function| removeAllListeners

1 Cookies

Domain/Path Name / Value
.medinacandle.com/ Name: _fbp
Value: fb.1.1734445350193.258932176431163874

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr.snapchat.com https://www.googletagmanager.com; object-src 'none'; frame-src 'self' https://youtube.com https://www.youtube.com https://js.stripe.com https://tr.snapchat.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.svc.myshopyan.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://analytics.tiktok.com https://ads.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.pangle-ads.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.svc.myshopyan.com
api.svc.shopyan.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
medinacandle.com
www.facebook.com
104.16.95.48
104.16.96.48
104.18.7.76
157.240.229.1
172.217.197.95
172.253.63.94
31.13.66.35
060caeb93d3d708e9310d308ab2a838aa9cccaacecdd754bba8c413343566c2d
0850234f0a8492ed7f33fb1d5c6fc705576234ce75ef6b31eef9115c8e1f13ee
0cee40962b40c4442799a4c155635baf0ce152b520be93186b9ded0cab7c6061
1af909393259656c685c179f85806c99222b0b403cf6453995752c5c4cbe6f88
1c0fbe0af5144146b0c17160932d63194d6071d9de5d902ddb6b2ae379455644
223182d314835e6ff001576f9a460edbf6edc7cf40cd9a5e93df1830538f754c
240355f4e85792fb5c1e46a942e6d797a078d39f8717dfbab666e4e80cb4dd8d
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
434551fb02596289fffdd2c95cc63d92c00b04cec218085a21ec9916bb520147
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44152fd2ce9dedf42da6530a7bb384cf15dd27eab9dcb7eda870f480a94d5041
4d9df0300bab2846125dc518a4a26df4640b9530df89eeb26f00e0c04c414ac6
4ffc0c39c0d3f4ba19a2f4c30a3bfb9a3c60b82a957f4f87286f158048fdc740
534f84a7faf2ef61d8b81c6442672424448f92afb5decf178c9613a86318be72
5383dd9d89b325b494e6bc49d016ab2b1a513457117644899052c57b0146b351
55addeecef7521eb9b14d7dd5406080ffcfd466c84e8ba592131cf65b83b6f27
5986616d90e4d8a88091a2326b43d51fecbb591828693cdc8a21f0e498608b06
5ae52684246bcb0d55dee7814801953fec5dfb22314d499bd25e8ab70bd1fb26
5d0c4c75111a7398e3f4223e6719a6f95bd2cd95b7fe840c69225c86836b94d4
5f09aa2dd96442eb97d0abecd5479c3b269fc9cc70b67f36bf00405a6e206164
5f4a8beecf6be69182bf411e0f8ee901494eda3170e8fa0dae673f81d7571883
65b69b52df48d4da4f575a31bc2b2c227e1592fdcec7fb95546d8e12d434a21d
6e4ec94e6dcedf1f68d0d5cf55f662a38291dd5bc2ee9aec0f3051e170ddf658
732e24d6a22f62ec00714953c03dee5eea6b2beac7f9d3c476cbf63fe529e2b3
781854daeb79dee900ea2c9a9d5811d83ae29c3fd9d7a346e02faa7b1f99e1c0
7df5b104b2e0e6c292498e402e71ba65edbb90d5a0d7f891df24c8500eba6eec
7e27fea4ef6fb8dd65b654fd28c8f231357b4193c4b534d556864a2d49561caf
7f729c4fb16904859e69c9aad27372e37cbe7f70fffb012955034a7ed9b346a5
82fa157155d6a2df4a1295db7fee1df7ab18002912f183c2a452b0b78566e03e
85ce6f1cb71c82104e71cd148134644ca80cfe44a3b7bd7e988e45659008fff9
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
920d03e97a994efe602c035a276983b415d75f5417f92b5f8430cfdf784cf2b9
954920896e35524cda5ea16323cac17cbf5500ba12b49eeb5425a443dc84e8bc
9e821dadaff3191d885d11651f14a9ea105df8e6ea4aa389b993d642538b8883
a04626000115b51df165d599140b778c88a81972812f73a8af5da1082ad26d0b
a99787c87d594b93c2ca390c684b2acc72377e2a02ccec5d490e97100fd1aa4c
a9ebe2fbb7bc0b46e1e5addd1f44535a75e05f64adde4b984d5e93b5cb59a5c0
aa0fb2f30b9e7ef80d5d73039878238e4f2cd30f1c33f2bbd6c230ba05bfdeea
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b65767de15434bade604a2cbd1b4783a57334a900d2f2551c64a5888922f0308
b7364ea3578e0ef9d2159761e871c2e4d377543417445b8aaf9c69ea6e163df0
b920fd83bf43df916dbc6898aac27868e23d9bcb9dc66f1b9750fd13f2448c81
c3e3d7e0bce6022ae66381d04eb4742252d577ba15c5f9cceb49cb14c9eb90b1
cd05c15a8e4f9914fb4f0624ed44bf597205673af4d96c245298678b66aab7ba
cd5ee5b5b8e9d49e2c4c03a2d82e26a23499e6335da6ee4d98139259ab4caad3
cd680651d5373268bba54ef52590c98b36683e04b478b0944a7d3e63150e902b
d172393479e2aa5f6e33a68926c19226fcca5cb845e121bb858ae57614d2d1b3
d1e30e9e96d4f76523d88945167431b0dfbab2a260fb8547a784f37bb9db46d4
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
dcffa1de04bc6e27a386b70880f4a99f0b04c0cb82bfa850b433058ac9438cdb
e213a7d778e3d5024646bc18a941999af088307c936b0e7de8a0cb56ae5e29a9
e27c31ca2689db9537482e997fa0a1b81934e09d49cb666e9204acebf233bceb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58b6a14cd0fff186ee329a3076395d98251a35e4cff4850f13e273a3d0db924
ed672be35ebb46c11aeb50cabd6805c5367ff127d80c565138e09c676cb912e1
edea65dd709329375ff3bdb101d560d2379ad41034b304321931987e1dfb5ff8
f98a04c7fe6640e7c8332a5d8ade0b57492a46a6c01f9f9447c6f83b00681cc8
fece65f315c69f02e28002380085413c39f4fad38694961ef14008c69a7a0ae8
ffcbdb7bad1fed2c2f83087b48804d15090559a0a4864cd76ea49d6be5fe5e2e