Submitted URL: https://cosmeticscriminal.ca/
Effective URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On April 20 via api from US — Scanned from CA

Summary

This website contacted 67 IPs in 3 countries across 51 domains to perform 219 HTTP transactions. The main IP is 165.254.198.118, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 67092.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.2.138.107 393259 (YOTTAA-AS-1)
1 17 165.254.198.118 393259 (YOTTAA-AS-1)
2 12 23.212.249.219 20940 (AKAMAI-ASN1)
2 142.250.31.190 15169 (GOOGLE)
1 151.101.2.137 54113 (FASTLY)
2 172.253.63.190 15169 (GOOGLE)
2 23.212.249.208 20940 (AKAMAI-ASN1)
3 151.101.130.133 54113 (FASTLY)
5 35.190.10.96 15169 (GOOGLE)
5 172.64.150.95 13335 (CLOUDFLAR...)
12 104.19.177.52 13335 (CLOUDFLAR...)
5 172.253.63.97 15169 (GOOGLE)
3 3.162.3.39 16509 (AMAZON-02)
2 104.26.13.205 13335 (CLOUDFLAR...)
1 172.64.155.119 13335 (CLOUDFLAR...)
1 3.161.213.14 16509 (AMAZON-02)
3 216.239.36.178 15169 (GOOGLE)
2 3 172.253.115.103 15169 (GOOGLE)
1 2 172.253.122.155 15169 (GOOGLE)
3 172.253.63.155 15169 (GOOGLE)
7 3.162.3.24 16509 (AMAZON-02)
4 142.251.111.94 15169 (GOOGLE)
1 13.225.195.83 16509 (AMAZON-02)
2 2 18.210.244.77 14618 (AMAZON-AES)
1 3 52.73.200.224 14618 (AMAZON-AES)
2 4 68.67.179.155 29990 (ASN-APPNEX)
4 4 3.33.220.150 16509 (AMAZON-02)
1 1 142.251.16.157 15169 (GOOGLE)
1 1 69.173.151.100 26667 (RUBICONPR...)
1 2 172.64.151.101 13335 (CLOUDFLAR...)
1 204.2.50.240 393259 (YOTTAA-AS-1)
2 54.237.131.176 14618 (AMAZON-AES)
1 34.102.147.248 396982 (GOOGLE-CL...)
4 151.101.65.21 54113 (FASTLY)
1 23.47.22.7 16625 (AKAMAI-AS)
1 3.161.213.65 16509 (AMAZON-02)
1 3.161.213.47 16509 (AMAZON-02)
2 23.220.128.196 16625 (AKAMAI-AS)
2 31.13.66.19 32934 (FACEBOOK)
4 151.101.193.140 54113 (FASTLY)
3 13.107.21.237 8068 (MICROSOFT...)
11 23.212.249.199 20940 (AKAMAI-ASN1)
4 13.225.195.21 16509 (AMAZON-02)
4 8 142.251.16.149 15169 (GOOGLE)
2 34.120.253.250 396982 (GOOGLE-CL...)
5 34.49.124.132 396982 (GOOGLE-CL...)
2 142.250.31.113 15169 (GOOGLE)
1 151.101.1.21 54113 (FASTLY)
2 34.98.67.3 396982 (GOOGLE-CL...)
3 151.101.129.35 54113 (FASTLY)
7 151.101.128.84 54113 (FASTLY)
3 23.205.107.75 20940 (AKAMAI-ASN1)
1 3.222.239.237 14618 (AMAZON-AES)
2 192.229.210.155 15133 (EDGECAST)
4 18.213.91.59 14618 (AMAZON-AES)
1 151.101.0.84 54113 (FASTLY)
11 34.98.72.95 396982 (GOOGLE-CL...)
1 34.249.47.228 16509 (AMAZON-02)
2 3.162.3.121 16509 (AMAZON-02)
1 34.117.228.120 396982 (GOOGLE-CL...)
1 34.149.10.121 396982 (GOOGLE-CL...)
1 35.190.89.82 15169 (GOOGLE)
13 192.225.157.157 30286 (THM)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
1 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
1 1 142.251.167.155 15169 (GOOGLE)
1 34.160.20.10 15169 (GOOGLE)
2 34.149.130.207 15169 (GOOGLE)
8 34.111.8.32 396982 (GOOGLE-CL...)
2 52.7.166.131 14618 (AMAZON-AES)
2 31.13.66.35 32934 (FACEBOOK)
1 54.154.189.86 ()
219 67
Apex Domain
Subdomains
Transfer
22 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 67092
sgtm.elfcosmetics.com — Cisco Umbrella Rank: 164395
364 KB
15 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8294
imgs.signifyd.com — Cisco Umbrella Rank: 7079
69 KB
14 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 36
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
cm.g.doubleclick.net — Cisco Umbrella Rank: 262
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 284657
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 238988
3 KB
14 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 14404
cdn.static.amplience.net — Cisco Umbrella Rank: 42889
6 MB
12 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 2403
api.bounceexchange.com — Cisco Umbrella Rank: 2692
301 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 306
170 KB
11 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 709
270 KB
11 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 8903
st.dynamicyield.com — Cisco Umbrella Rank: 8386
async-px.dynamicyield.com — Cisco Umbrella Rank: 8616
243 KB
8 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 908
5 KB
8 paypal.com
www.paypal.com — Cisco Umbrella Rank: 2924
t.paypal.com — Cisco Umbrella Rank: 3505
125 KB
7 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 2186
667 B
7 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 3548
c.contentsquare.net — Cisco Umbrella Rank: 4473
srm.ba.contentsquare.net — Cisco Umbrella Rank: 18916
k-aeu1.contentsquare.net
72 KB
5 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 33809
external-api.jebbit.com — Cisco Umbrella Rank: 33959
61 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
analytics.google.com — Cisco Umbrella Rank: 145
423 B
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
478 KB
5 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3156
1018 B
5 px-cloud.net
collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 189618
2 KB
4 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 622
match.adsrvr.org — Cisco Umbrella Rank: 356
2 KB
4 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 497
ib.adnxs.com — Cisco Umbrella Rank: 252
4 KB
4 google.ca
www.google.ca — Cisco Umbrella Rank: 9881
253 B
4 youtube.com
www.youtube.com — Cisco Umbrella Rank: 66
69 KB
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 24651 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 10420
1 MB
3 cdnwidget.com
ids.cdnwidget.com — Cisco Umbrella Rank: 3963
pd.cdnwidget.com — Cisco Umbrella Rank: 3909
idr.cdnwidget.com — Cisco Umbrella Rank: 8402
1 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 5087
page.cdnbasket.net — Cisco Umbrella Rank: 5094
view.cdnbasket.net — Cisco Umbrella Rank: 5092
1014 B
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 140856
7 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 337
14 KB
3 usehero.com
cdn.usehero.com — Cisco Umbrella Rank: 64874
api.usehero.com — Cisco Umbrella Rank: 60125
31 KB
3 bidr.io
cnv.event.prod.bidr.io — Cisco Umbrella Rank: 10849
2 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
21 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
400 B
2 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 2489
w2txo5aavabe2smcl37q5fus67byroflce7sjzk2072e7b0d8e3a7ecasac.d.aa.online-metrix.net
438 B
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 457
838 B
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2623
16 KB
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 8870
tags.rd.linksynergy.com — Cisco Umbrella Rank: 5305
696 B
2 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1342
735 B
2 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 4604
6 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1221
10 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
73 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 940
22 KB
2 cquotient.com
api.cquotient.com — Cisco Umbrella Rank: 41702
517 B
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 629
1 KB
2 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 4863
1 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2959
225 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 123
23 B
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 31095
43 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 7918
15 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 378
916 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 9481
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 535
306 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 767
24 KB
1 cosmeticscriminal.ca
cosmeticscriminal.ca
330 B
219 51
Domain Requested by
17 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
13 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
12 cdn.media.amplience.net 2 redirects www.elfcosmetics.com
11 assets.bounceexchange.com www.elfcosmetics.com
11 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
8 ct.pinterest.com s.pinimg.com
www.elfcosmetics.com
analytics.tiktok.com
7 events.bouncex.net
7 async-px.dynamicyield.com cdn.dynamicyield.com
5 sgtm.elfcosmetics.com www.googletagmanager.com
analytics.tiktok.com
5 www.paypal.com www.elfcosmetics.com
www.paypal.com
analytics.tiktok.com
5 www.googletagmanager.com www.elfcosmetics.com
5 sdk.iad-05.braze.com cdn-fsly.yottaa.net
5 collector-pxxt4gy2ig.px-cloud.net www.elfcosmetics.com
analytics.tiktok.com
4 c.contentsquare.net t.contentsquare.net
4 10742279.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 9231397.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 js.jebbit.com www.elfcosmetics.com
4 www.google.ca
4 www.youtube.com www.elfcosmetics.com
3 elfcosmetics.a.bigcontent.io
3 t.paypal.com
3 bat.bing.com www.elfcosmetics.com
3 match.adsrvr.org 3 redirects
3 secure.adnxs.com 1 redirects www.googletagmanager.com
3 cnv.event.prod.bidr.io 1 redirects
3 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
3 www.google.com 2 redirects
3 www.google-analytics.com www.elfcosmetics.com
www.google-analytics.com
3 cdn.dynamicyield.com www.elfcosmetics.com
3 cdn-fsly.yottaa.net www.elfcosmetics.com
2 www.facebook.com
2 api.usehero.com analytics.tiktok.com
2 idsync.rlcdn.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 www.paypalobjects.com www.elfcosmetics.com
2 alb.reddit.com
2 analytics.google.com www.googletagmanager.com
2 tag.wknd.ai www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 api.cquotient.com cdn-fsly.yottaa.net
2 dsum-sec.casalemedia.com 1 redirects
2 pixel.pointmediatracker.com 2 redirects
2 googleads.g.doubleclick.net 1 redirects www.elfcosmetics.com
2 api.ipify.org cdn-fsly.yottaa.net
2 cdn.static.amplience.net www.elfcosmetics.com
1 k-aeu1.contentsquare.net t.contentsquare.net
1 idr.cdnwidget.com
1 api.bounceexchange.com www.elfcosmetics.com
1 pd.cdnwidget.com analytics.tiktok.com
1 ids.cdnwidget.com analytics.tiktok.com
1 www.googleadservices.com 1 redirects
1 w2txo5aavabe2smcl37q5fus67byroflce7sjzk2072e7b0d8e3a7ecasac.d.aa.online-metrix.net
1 h.online-metrix.net imgs.signifyd.com
1 tags.rd.linksynergy.com
1 view.cdnbasket.net analytics.tiktok.com
1 page.cdnbasket.net analytics.tiktok.com
1 data.cdnbasket.net analytics.tiktok.com
1 srm.ba.contentsquare.net analytics.tiktok.com
1 external-api.jebbit.com js.jebbit.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 cdn.usehero.com www.elfcosmetics.com
1 t.contentsquare.net www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 pixel.rubiconproject.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 ib.adnxs.com 1 redirects
1 insight.adsrvr.org 1 redirects
1 js.cnnx.link www.googletagmanager.com
1 st.dynamicyield.com www.elfcosmetics.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 code.jquery.com www.elfcosmetics.com
1 cosmeticscriminal.ca 1 redirects
219 77
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA
2023-09-25 -
2024-10-25
a year crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-20 -
2024-08-14
a year crt.sh
*.google.com
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018
2023-09-13 -
2024-10-14
a year crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA
2023-08-15 -
2024-09-13
a year crt.sh
sdk.iad-05.braze.com
E1
2024-04-19 -
2024-07-18
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2024-03-01 -
2024-12-31
10 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M02
2023-09-03 -
2024-10-01
a year crt.sh
ipify.org
GTS CA 1P5
2024-03-21 -
2024-06-19
3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2023-11-13 -
2024-11-12
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
*.google.ca
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
js.cnnx.link
Amazon RSA 2048 M02
2023-07-11 -
2024-08-07
a year crt.sh
*.cquotient.com
Amazon RSA 2048 M02
2024-03-05 -
2025-04-02
a year crt.sh
tag.rmp.rakuten.com
GTS CA 1D4
2024-03-31 -
2024-06-29
3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA
2024-02-08 -
2025-02-08
a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2
2023-08-04 -
2024-08-17
a year crt.sh
t.contentsquare.net
Amazon RSA 2048 M01
2023-09-13 -
2024-10-11
a year crt.sh
*.usehero.com
Amazon RSA 2048 M02
2023-08-28 -
2024-09-24
a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-08-07 -
2024-08-07
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-01-28 -
2024-04-27
3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-01-08 -
2024-07-06
6 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02
2024-04-20 -
2024-06-27
2 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018
2023-07-14 -
2024-08-13
a year crt.sh
*.jebbit.com
Amazon RSA 2048 M01
2023-05-24 -
2024-06-21
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
tag.wknd.ai
R3
2024-03-19 -
2024-06-17
3 months crt.sh
sgtm.elfcosmetics.com
GTS CA 1D4
2024-03-17 -
2024-06-15
3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1
2024-01-15 -
2024-07-13
6 months crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA
2024-01-23 -
2025-01-22
a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA
2023-09-21 -
2024-10-21
a year crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1
2024-04-02 -
2025-05-03
a year crt.sh
dep.bf.contentsquare.net
Amazon RSA 2048 M03
2024-02-18 -
2025-03-19
a year crt.sh
assets.bounceexchange.com
GTS CA 1D4
2024-03-19 -
2024-06-17
3 months crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02
2023-11-07 -
2024-12-06
a year crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M01
2023-07-03 -
2024-07-31
a year crt.sh
data.cdnbasket.net
GTS CA 1D4
2024-03-06 -
2024-06-04
3 months crt.sh
page.cdnbasket.net
GTS CA 1D4
2024-03-13 -
2024-06-11
3 months crt.sh
view.cdnbasket.net
GTS CA 1D4
2024-03-17 -
2024-06-15
3 months crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2
2023-10-20 -
2024-11-20
a year crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1
2023-10-20 -
2024-10-21
a year crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1
2023-10-20 -
2024-10-21
a year crt.sh
ids.cdnwidget.com
R3
2024-03-12 -
2024-06-10
3 months crt.sh
pd.cdnwidget.com
R3
2024-03-12 -
2024-06-10
3 months crt.sh
*.wunderkind.co
R3
2024-04-04 -
2024-07-03
3 months crt.sh
idr.cdnwidget.com
R3
2024-03-12 -
2024-06-10
3 months crt.sh
api.usehero.com
Amazon RSA 2048 M03
2024-01-06 -
2025-02-03
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2024-02-14 -
2025-03-16
a year crt.sh
dep-malka.ba.contentsquare.net
Amazon RSA 2048 M02
2023-10-11 -
2024-11-08
a year crt.sh

This page contains 15 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: 114B3541EBD97D7BAE56406BFF0143DE
Requests: 194 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: F7691100CB8CDEB50A2AD98C6A7510AB
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 55BC2DD5C23305E4B847CF1B1B3AEE01
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CJfu-_C50IUDFSTGwgQdzlkAig;src=9231397;type=retarget;cat=globa0;ord=9034392482404;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: E458ADDB19C6BAE2CF4B881EDB66B6ED
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CJzk2e-50IUDFeTLwgQdDUMAOQ;src=10742279;type=elf8j0;cat=glo_flap;ord=1561473035958;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 7AEA4789FFDDAE25EBE8920422C15A6B
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.63.0&integrationType=SDK
Frame ID: 63ACFDD768F40F4CAFDFE461208E0FC6
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: E426ACD15F15885EE3C3476A064CAD9A
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 31305E9E56FCEE15F16D984EDA7C9995
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 557561B29732BCFA1214D8C39E9C244D
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Frame ID: DC07D171C2E7AE5C65119D9AF64CC9E6
Requests: 11 HTTP requests in this frame

Frame: https://imgs.signifyd.com/Vb1znXa89etIDN9K?caac687813e0fab9=j0R1_8h4wGKMbO6XicDp0xEwQUo_tXiaYaOalBHdpualF1kr8Sf3uIFBO5hvg0wqMuSJxApSE3LnbOJN_OuIoX1McRZr3O0nXn-61rNHosUXBz9rGwptxKlL0Vqo9MJhBAnL4Q6rd3Cgz7jH9shxf32yMwPrglJ-MAuwg3vk2vGwbo5AkTy5Cxa6tyP1kMdoMDf1MsQRlac1--RlXlUbAlLmuc2VRg
Frame ID: E45D646FA2FA9DD29FFD0FB8C4624A09
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/YjyUuH_80CPfiFUU?00310ad782da3d5f=S7lY2TirCbiMXRrnRDGTXAcFg7o5Wv74RRvMzGbMQj11rhHYVwqRSRYXNCdJh5H41dwpKayaxy8M9tJftvjSBxPXl6swJV0V3orfr6tFwV3ONZL5BC2-DCloZY784ss15Vm5W8VEP4Yt5Gy-skFtm2TnH3oZ9fcOViK2RNLHQJsTjZ7ur03TsuxmBqMBJOClWrecKu8gdy7CbKj-0RNSixsQmPHSMOU
Frame ID: 3C3243AC216AD24E316EB062AB4C20D5
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/XvFXJNWqwZkC95EU?75b992039436bd59=3QUhRTm3alAkMMVZAS2k0TNZMo0YB4CKkQOGa41j4HFbvrGAp0xc7msYlYG5lSW5wYDYP8BKudBAic9n5vosJDXl6DUCgsnkyX9mNJ8nOw_UaxvBIaiLSlMe5EOnzZPUSQCSaVM9WCCpWgjgLcLz7KQMvQdoTD-06Lvbtfx3n-xmyXplw-xBAOZr3E9MWJtYKGLMWsOHP00KYy8KulhwslDutKZoSu0
Frame ID: 5F6A24548AF1399065BC66E3273733D1
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOv5PS50IUDFSXEwgQdumUKhQ;src=9231397;type=retarget;cat=globa0;ord=8746611001666;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: BB479F2CA044F60ED32C658CA94247C8
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ3n5_S50IUDFdXIwgQdPYoCkA;src=10742279;type=elf8j0;cat=glo_flap;ord=4465452693980;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 9B00AD729A3B205565CE704B07D335B4
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

  1. https://cosmeticscriminal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com

Overall confidence: 10%
Detected patterns
  • basket.*\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

219
Requests

95 %
HTTPS

0 %
IPv6

51
Domains

77
Subdomains

67
IPs

3
Countries

10091 kB
Transfer

19471 kB
Size

90
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticscriminal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 16
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 33
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=IC1VXAW09nHJWwLV_RKiPz9guYHwfe3yXyiX4rjScMQ HTTP 303
  • https://www.elfcosmetics.com/callback?usid=86b39b05-ac54-4555-96d1-77cc38b50530&code=TOj1a5mN9YsJbavvxBBSQaRVZHlGVtGI6cfIyRcI0Uw
Request Chain 41
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=194915433.1713604405&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896608294za200&auid=1647868181.1713604405 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=194915433.1713604405&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896608294za200&auid=1647868181.1713604405
Request Chain 57
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=4ba94b30-bf17-47f6-8466-c227f2e798bd&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=629074079 HTTP 302
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=fd2b63d5-0c18-4ad9-873c-de1b938cd1dd.&ord=3239269651175855623 HTTP 303
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=fd2b63d5-0c18-4ad9-873c-de1b938cd1dd.&ord=3239269651175855623&_bee_ppp=1
Request Chain 58
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 59
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=1b22a74f-94f9-4aae-ace1-cb224108b9be HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=7863499826449087247&ttd_tdid=1b22a74f-94f9-4aae-ace1-cb224108b9be HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MWIyMmE3NGYtOTRmOS00YWFlLWFjZTEtY2IyMjQxMDhiOWJl&gdpr=0&gdpr_consent=&ttd_tdid=1b22a74f-94f9-4aae-ace1-cb224108b9be HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=1b22a74f-94f9-4aae-ace1-cb224108b9be&google_gid=CAESEIKM2VgwnhZC6vf4MvzS27k&google_cver=1 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=1b22a74f-94f9-4aae-ace1-cb224108b9be&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1b22a74f-94f9-4aae-ace1-cb224108b9be&expiration=1716196409&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1b22a74f-94f9-4aae-ace1-cb224108b9be&expiration=1716196409&gdpr=0&gdpr_consent=&C=1
Request Chain 97
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9034392482404;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CJfu-_C50IUDFSTGwgQdzlkAig;src=9231397;type=retarget;cat=globa0;ord=9034392482404;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 108
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=1561473035958;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJzk2e-50IUDFeTLwgQdDUMAOQ;src=10742279;type=elf8j0;cat=glo_flap;ord=1561473035958;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 161
  • https://idsync.rlcdn.com/458359.gif?partner_uid=822726aa-22bd-49e2-a48d-2a01fbe0e8e8 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDgyMjcyNmFhLTIyYmQtNDllMi1hNDhkLTJhMDFmYmUwZThlOBAAGg0IuI6OsQYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=2be2ff0e7b95851672d417550bfb1a28907bc44e7abee961bfd8eb31298b3de16ac34734d8e453ee
Request Chain 178
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=134142092&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1647868181.1713604405&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=154.47.17.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1575003115&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1647868181.1713604405&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=154.47.17.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&eitems=ChAI8M-NsQYQh-u3r6P2kOg0Eh0A2yzU0oIifjM9qrlwcsos0UOAvOOheHMbQQXMyQ&pscrd=IhMIk_738bnQhQMVTV1yCh0VkgzkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1575003115&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1647868181.1713604405&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=154.47.17.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&pscrd=IhMIk_738bnQhQMVTV1yCh0VkgzkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQB7FLtqtSImuQdaqQDrdiBHS_sA-UHd-qejTCAk8xmvkrX6Gsr_8fUW&eitems=ChAI8M-NsQYQh-u3r6P2kOg0Eh0A2yzU0sDwb1ZZ2Bq79Fv8W9EwW-j0iyJ0htjpug&random=980142945 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1575003115&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1647868181.1713604405&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=154.47.17.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&pscrd=IhMIk_738bnQhQMVTV1yCh0VkgzkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQB7FLtqtSImuQdaqQDrdiBHS_sA-UHd-qejTCAk8xmvkrX6Gsr_8fUW&eitems=ChAI8M-NsQYQh-u3r6P2kOg0Eh0A2yzU0sDwb1ZZ2Bq79Fv8W9EwW-j0iyJ0htjpug&random=980142945&ipr=y
Request Chain 210
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=4ba94b30-bf17-47f6-8466-c227f2e798bd&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=New&gtmcb=1822881772 HTTP 302
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=85e67416-a19a-4463-a245-b4dcc22350a5.&ord=6662198186783525490
Request Chain 216
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8746611001666;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOv5PS50IUDFSXEwgQdumUKhQ;src=9231397;type=retarget;cat=globa0;ord=8746611001666;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 217
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4465452693980;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ3n5_S50IUDFdXIwgQdPYoCkA;src=10742279;type=elf8j0;cat=glo_flap;ord=4465452693980;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

219 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/en_CA/
Redirect Chain
  • https://cosmeticscriminal.ca/
  • https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
892 KB
230 KB
Document
General
Full URL
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f71fb48d32c9b2e88a419d2a16252a1d7c6aee937ef234425d099ad98c63328b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
234870
content-type
text/html; charset=utf-8
date
Sat, 20 Apr 2024 09:13:22 GMT
etag
W/"c1f22-t04Zv37JesUQrS6LhwtEhvZiCVQ"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront)
x-amz-apigw-id
WhIPxGvyiYcEAVg=
x-amz-cf-id
AEQsCLrCF8-iPbZAMxEr8wz9T6ZxW4sTOGKWW37oa_XwZWP9NPoArw==
x-amz-cf-pop
DFW57-P1
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
794402
x-amzn-remapped-date
Sat, 20 Apr 2024 09:13:22 GMT
x-amzn-requestid
1bbde472-6cf1-455c-9925-183bf54ed97f
x-amzn-trace-id
Root=1-66238731-7b58ee40784f395f1692688b;Parent=109a04aa41153523;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
3221cc02d142/[1466,1363,-] 32D1a5fec676/[-,1568.636]
x-yottaa-optimizations
ob/1000000100001000 si/32D1a5fec676-1713544935-5840285975 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1198
content-type
text/html; charset=utf-8
date
Sat, 20 Apr 2024 09:13:21 GMT
location
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658f1dead931403bb4ae3e88 rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
25D1cc028a6b/[-,0.180]
x-yottaa-optimizations
ob/0 si/25D1cc028a6b-1713544934-4905618760 tts/1713604401015 ti/0 ai/658f1dead931403bb4ae3e88
init.js
www.elfcosmetics.com/XT4Gy2ig/
168 KB
75 KB
Script
General
Full URL
https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e63e6fd6f7de96da3a88ce0e8d574665990242df97bb2d59d382d9f3dc887f3c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
content-encoding
gzip
etag
"2a126-nE4tt0PVPmWMbYGqEFni8XC00Fo"
active-cdn
Akamai
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-yottaa-metrics
32D1a5fec676/[-,35.815]
x-px-hash
M2JmNjY0NDZkNTM3YTEwOTJlNGM1ZDczZDgxMzYwOGIwOWY2N2UwNTJhNWY0NTEyNzIzZmNlYzAzZjYyZWRkOA==
x-yottaa-optimizations
ob/0 si/32D1a5fec676-1713544935-5840285979 tts/1713604403143 ti/0 ai/5a0c9b7632f01c35d42101b2
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/
0
0

PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/
630 KB
630 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
nHCweV-KL,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id
CJP8Wscuez
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
server
Unknown
x-frame-options
DENY
x-amp-source-width
3199
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/
205 KB
205 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
EriXWOR7n,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id
T5sW31YLlc
content-length
209440
x-xss-protection
1; mode=block
x-amp-source-height
340
server
Unknown
x-frame-options
DENY
x-amp-source-width
800
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
truncated
/
10 KB
10 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin
https://www.elfcosmetics.com
Accept-Language
en-CA,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/
10 KB
10 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin
https://www.elfcosmetics.com
Accept-Language
en-CA,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
bxGKZ6lfJ7A
www.youtube.com/embed/ Frame F769
0
0
Document
General
Full URL
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.190 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f190.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
rZPCKoUReO0
www.youtube.com/embed/ Frame 55BC
0
0
Document
General
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.190 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f190.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
truncated
/
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/
2 MB
2 MB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
kHZIc2XA6,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-req-id
3z7iU3mG57
content-length
2085695
x-xss-protection
1; mode=block
x-amp-source-height
1484
server
Unknown
x-frame-options
DENY
x-amp-source-width
3080
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/
330 KB
331 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
bAXApDK0q,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-req-id
t9Ss-aX2AJ
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
server
Unknown
x-frame-options
DENY
x-amp-source-width
2806
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/
180 KB
180 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
r_hJXD8VE,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-req-id
MyNCxafAGx
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
server
Unknown
x-frame-options
DENY
x-amp-source-width
1952
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/
614 KB
614 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
7QyXPqcNv,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-req-id
OVwjvLxZow
content-length
628288
x-xss-protection
1; mode=block
x-amp-source-height
525
server
Unknown
x-frame-options
DENY
x-amp-source-width
3200
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
jquery-3.7.1.slim.min.js
code.jquery.com/
69 KB
24 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
8033461
x-cache
HIT, HIT
content-length
24036
x-served-by
cache-lga21942-LGA, cache-yyz4525-YYZ
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1713604403.284949,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
3643, 4335
player_api
www.youtube.com/
1 KB
2 KB
Script
General
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.190 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f190.1e100.net
Software
ESF /
Resource Hash
b50dd0986c969fd95c7c1b8395efb9455c6096e891e9388affdb1380d7e623fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type
text/javascript; charset=utf-8
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Sat, 20 Apr 2024 09:13:23 GMT
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB
Media
General
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
23.212.249.208 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-208.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
etag
"dd3676819bd88a250c875a11e38c307d"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/mp4
access-control-allow-origin
*
Content-Range
bytes 0-1060947/1060948
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
1060948

Redirect headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
-8l9n7ahO,l4p5bDg2e,bgWw7nQ29
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB
Media
General
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
23.212.249.208 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-208.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/mp4
access-control-allow-origin
*
Content-Range
bytes 0-1262366/1262367
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
1262367

Redirect headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
KnS3FQkJo,l4p5bDg2e,fH6Lo3_5e
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/
2 MB
620 KB
Script
General
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b2e0bde8a120edcd0e126c139ff4c62dc420e43a86bb9e22c92044fdda3fc3ef

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
via
1.1 968842023e92f9868a60ec906f146c2c.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
SFO53-P2
age
223721
x-yottaa-optimizations
ob/1100 si/2511cc02853e-1706727921-1747665582 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
731232
content-length
634413
x-amz-meta-bundle
11109
x-served-by
cache-yyz4535-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1713604403.311267,VS0,VE2
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2521cc028a8e/[15,-,1713380668921] 2511cc02853e/[-,128.237]
accept-ranges
bytes
x-amz-cf-id
R5FzEYhohmNaj9MYflSqPJ0oAYtvWPayRNqY7WnN78uvW6srqZ5z3w==
x-cache-hits
1
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/
2 MB
485 KB
Script
General
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
48eac18ec8b1c06a5b11f38fbf38abf0d52f42b46f0c17a6250872645845dd82

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
via
1.1 cb0b891eddf58d69d157d55977c68bce.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
SFO53-P2
age
223735
x-yottaa-optimizations
ob/1001 si/2511cc028a74-1706727919-1154700029 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
731232
content-length
495549
x-amz-meta-bundle
11109
x-served-by
cache-yyz4535-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1713604403.311250,VS0,VE1
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2521cc0285f8/[111,83,-] 2511cc028a74/[hit]
accept-ranges
bytes
x-amz-cf-id
NwS-yKYLNcy_E-MGZpbERF5y90pqXobX1WrTJeY63zT2WAR-qW4cRw==
x-cache-hits
1
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/
42 KB
12 KB
Script
General
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9f2461f7629a9751a8ce13d4fa6465bd4dade527356dedaa1e07be6712694ec4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
via
1.1 86364f3fbc9271997968ac61fea44a02.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
SFO53-P2
age
223721
x-yottaa-optimizations
ob/1100 si/2511cc028a76-1706727919-519252215 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Miss from cloudfront, HIT
x-amz-meta-deploy
731232
content-length
11877
x-amz-meta-bundle
11109
x-served-by
cache-yyz4535-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1713604403.311236,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2521cc028a87/[2,-,1713380668834] 2511cc028a76/[-,5.397]
accept-ranges
bytes
x-amz-cf-id
J_a7tua4pMuyVkGxAiCUddjxNc8OlRLbgE7B-WSsLFsTGk8Sh73H9A==
x-cache-hits
168
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/
564 B
811 B
XHR
General
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
2eb851a2f780dfc3d49c2cedda77ac275ab0f533cefbab63cda3849cff357210

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
564
PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min
cdn.media.amplience.net/i/elfcosmetics/
73 KB
73 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
c75a0f7c4104d907f8419aeb5f87467a90bce54ef633af1e8a05c6c585c9994d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
R-HxFGDw1,l4p5bDg2e,5-jG4GMEO,WepA0szpz
x-req-id
dQYJmzA4I-
content-length
74537
x-xss-protection
1; mode=block
x-amp-source-height
1303
server
Unknown
x-frame-options
DENY
x-amp-source-width
855
access-control-allow-origin
*
content-type
image/avif
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min
cdn.media.amplience.net/i/elfcosmetics/
16 KB
17 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
c6UK1oZku,l4p5bDg2e,QvpKILV5P,DtzGFM5oJ
x-req-id
8lGjG5iKAZ
content-length
16698
x-xss-protection
1; mode=block
x-amp-source-height
2000
server
Unknown
x-frame-options
DENY
x-amp-source-width
2000
access-control-allow-origin
*
content-type
image/webp
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min
cdn.media.amplience.net/i/elfcosmetics/
52 KB
52 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
32aaeee96fd5d4ee55d785e181d136b89e21de673bd8b6e89f4731412ba5aba9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
1GTcnJLML,l4p5bDg2e,h1qKNVnZ0,WepA0szpz
x-req-id
sQAyPevctv
content-length
52930
x-xss-protection
1; mode=block
x-amp-source-height
1324
server
Unknown
x-frame-options
DENY
x-amp-source-width
862
access-control-allow-origin
*
content-type
image/avif
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min
cdn.media.amplience.net/i/elfcosmetics/
20 KB
21 KB
Image
General
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.219 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-219.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
M0ESz1ddA,l4p5bDg2e,nb-u70u49,DtzGFM5oJ
x-req-id
tCOvF6cNAI
content-length
20738
x-xss-protection
1; mode=block
x-amp-source-height
2400
server
Unknown
x-frame-options
DENY
x-amp-source-width
2400
access-control-allow-origin
*
content-type
image/webp
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
/
sdk.iad-05.braze.com/api/v3/data/ Frame
0
0
Preflight
General
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.95 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
877404aa99fb39d2-YYZ
content-encoding
gzip
date
Sat, 20 Apr 2024 09:13:25 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
zgTRIDojRJmnmBTwUyI2Vw==
age
55275
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Thu, 18 Apr 2024 19:47:50 GMT
server
cloudflare
etag
0x8DC5FE06E4C260E
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
8befe9e8-701e-008c-2f73-92518d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
877404a9693136b0-YYZ
gtm.js
www.googletagmanager.com/
486 KB
130 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
961df68d86b47f1ab732b736c327b16c57a4b4cc21905786e1b5079a6d3be488
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:24 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
133177
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 20 Apr 2024 09:13:24 GMT
api_dynamic.js
cdn.dynamicyield.com/api/8772046/
475 KB
52 KB
Script
General
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-39.yul62.r.cloudfront.net
Software
DYCDN /
Resource Hash
bcb200189a4d9d85fdd5d2b7baed695287012a6727a98245613633d80d32b1b9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
via
1.1 302bce0287d24df9c94be17a5fd67262.cloudfront.net (CloudFront)
last-modified
Fri, 19 Apr 2024 20:46:33 GMT
server
DYCDN
x-amz-cf-pop
YUL62-P2
x-amz-server-side-encryption
AES256
etag
W/"e5ee12564f7b49f0fa6fb54706ecb5b2"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
yQq98nW0HsSsWUg5jGkxb5c7WBomJIjTIigGVH4IjjFIQR3u7hsARw==
api_static.js
cdn.dynamicyield.com/api/8772046/
388 KB
114 KB
Script
General
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-39.yul62.r.cloudfront.net
Software
DYCDN /
Resource Hash
498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 06:35:23 GMT
content-encoding
gzip
via
1.1 302bce0287d24df9c94be17a5fd67262.cloudfront.net (CloudFront)
last-modified
Tue, 09 Apr 2024 08:59:55 GMT
server
DYCDN
age
9482
x-amz-cf-pop
YUL62-P2
x-amz-server-side-encryption
AES256
etag
W/"64e0187feba0c97d38f8aabb6e6d66cd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
J3WWxZ9nv7dEaSDdlw8BIPPHYfet1kjyE7E8nVUvzsAqBgWJcRyUCA==
/
api.ipify.org/
20 B
153 B
XHR
General
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc7d0b5b22528c1d080fb7dba2aa556fd4c033715a84ea93333cebe38a0e4daa

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
877404a97cc136f9-YYZ
content-length
20
/
api.ipify.org/
20 B
72 B
XHR
General
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc7d0b5b22528c1d080fb7dba2aa556fd4c033715a84ea93333cebe38a0e4daa

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
877404aa2d3d36f9-YYZ
content-length
20
/
sdk.iad-05.braze.com/api/v3/data/
323 B
540 B
XHR
General
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.95 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8ee898151890a393bfa532ab863c79d4c0aaa8a657fefedb72c7f90a85623f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/json
Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
62aecef7-f076-426b-a88f-86d6d3cc1b57
x-runtime
0.193102
server
cloudflare
etag
W/"a8ee898151890a393bfa532ab863c79d"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1713604407
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
877404ab6a7139d2-YYZ
x-ratelimit-remaining
499.0
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=86b39b05-ac54-4555-96d1-77cc38b50530&code=TOj1a5mN9YsJbavvxBBSQaRVZHlGVtGI6cfIyRcI0Uw
0
0
Fetch
General
Full URL
https://www.elfcosmetics.com/callback?usid=86b39b05-ac54-4555-96d1-77cc38b50530&code=TOj1a5mN9YsJbavvxBBSQaRVZHlGVtGI6cfIyRcI0Uw
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Apr 2024 09:13:25 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
DFW57-P1
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
f0b16595-f285-4758-80b4-efdf07b99394
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840285987 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
WhIQaEmliYcEi-A=
content-length
0
alt-svc
h3=":443"; ma=86400
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-66238735-636faffe467de56f6f8d4bfb;Parent=00b217481e69d1b2;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
3221a5fec6fe/[229,223,-] 32D1a5fec676/[-,232.133]
x-amzn-remapped-date
Sat, 20 Apr 2024 09:13:25 GMT
x-amz-cf-id
AUGxkVvoTweFrE-WfLOO5r9I0RRnZSudOe-a8OvLelavsapBRWw5WQ==

Redirect headers

date
Sat, 20 Apr 2024 09:13:25 GMT
x-correlation-id
877404adc94f1d01
via
1.1 800cba2437ee092ab9e4755c65d34a72.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/0 si/32D1a5fec676-1713544935-5840285985 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23636, 1984772
x-ratelimit-1m-reset
34566, 34565
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=86b39b05-ac54-4555-96d1-77cc38b50530&code=TOj1a5mN9YsJbavvxBBSQaRVZHlGVtGI6cfIyRcI0Uw
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=IC1VXAW09nHJWwLV_RKiPz9guYHwfe3yXyiX4rjScMQ
x-yottaa-metrics
3221cc02d14b/[112,109,-] 32D1a5fec676/[-,115.554]
cf-ray
877404adc94f1d01-ORD
x-amz-cf-id
cI0rGHb7aYa3HqDrdkiF0WFflUGV8g_2vN1nuCgejrZqnkEUK9dvmA==
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/
600 B
655 B
XHR
General
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
a9301f5f7a25b2cd75fa4dfaa0e0fb23be898d17b265560ff034b0c8f635aa92

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 20 Apr 2024 09:13:24 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/
6 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
52262
content-md5
j7e7fSdncC8T3SCV/IpUig==
content-length
1740
x-ms-lease-status
unlocked
last-modified
Mon, 08 Apr 2024 18:41:03 GMT
server
cloudflare
etag
0x8DC57FB71838BE4
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
c3fb1654-801e-0031-68e4-89d890000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
877404ab5e4d36ff-YYZ
expires
Sun, 21 Apr 2024 09:13:25 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
68 B
306 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.155.119 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept
application/json
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
877404ac6e643703-YYZ
access-control-allow-headers
Content-Type
st
st.dynamicyield.com/
118 KB
10 KB
Script
General
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=jxvdznujjl4ksfjm4kl960mb702sh3ju&ref=&scriptVersion=2.32.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.213.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-213-14.yul62.r.cloudfront.net
Software
/
Resource Hash
89ab986b4eeea474f16953f21787392d714b4c72867d2fc814ab78802ea9402a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
via
1.1 82411d437ee2d2355a407b78473e6156.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
O2le8uZXOOR_4kNfSUIrT9mc2YBvTI-1AhgSPa_QKIUjoo2gTYHMHg==
expires
Sat, 20 Apr 2024 09:13:24 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.36.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 20 Apr 2024 07:38:27 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
5698
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 20 Apr 2024 09:38:27 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202306.1.0/
404 KB
98 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XJk1ZZTljtwHFT3qcIJg+w==
age
41916
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99599
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:36 GMT
server
cloudflare
etag
0x8DB82A15D413626
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
877404ae0c5536b0-YYZ
sync
sdk.iad-05.braze.com/api/v3/content_cards/
85 B
228 B
XHR
General
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.95 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd19e0b33d98b1a1064811b32b014b2f0e35789a38c0b177464dee8d7179daa7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
Accept-Language
en-CA,en;q=0.9;q=0.9
X-Braze-ContentCardsRequest
true
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
2a4f79bc-74a6-45cd-bc61-b6992ff2be37
x-runtime
0.055213
server
cloudflare
etag
W/"cd19e0b33d98b1a1064811b32b014b2f"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1713604407
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
877404ae8c6739d2-YYZ
x-ratelimit-remaining
493.0
landing
googleads.g.doubleclick.net/pagead/
Redirect Chain
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=194915433.1713604405&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896...
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=194915433.1713604405&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n...
42 B
65 B
Ping
General
Full URL
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=194915433.1713604405&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896608294za200&auid=1647868181.1713604405
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Server
172.253.122.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=194915433.1713604405&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He44h0n81WL3STMXv896608294za200&auid=1647868181.1713604405
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame
0
0
Preflight
General
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.95 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
877404ae0c2239d2-YYZ
content-encoding
gzip
date
Sat, 20 Apr 2024 09:13:25 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-ecda-7202-9bf3-a2ff4acebe55/
158 KB
34 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/018ebeca-ecda-7202-9bf3-a2ff4acebe55/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
009342098f06d5ae7b2186f1076fab177d05b5a481ffe1190535fe501c1cae68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
52223
content-md5
5rS6k6LfUu8toMASIT8lMw==
content-length
34672
x-ms-lease-status
unlocked
last-modified
Mon, 08 Apr 2024 18:41:17 GMT
server
cloudflare
etag
0x8DC57FB7A1265A4
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
abd0a229-b01e-0083-53e4-8927e1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
877404af181236ff-YYZ
expires
Sun, 21 Apr 2024 09:13:25 GMT
collect
www.google-analytics.com/j/
4 B
212 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=61590415&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dp=%2Fen_CA%2Felf-cosmetic-criminals&ul=en-ca&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=580659792&gjid=101121358&cid=1244450778.1713604406&tid=UA-432816-1&_gid=248703762.1713604406&_r=1&_slc=1&gtm=45He44h0n81WL3STMXv896608294za200&gcs=G111&gcd=13t3t3t3t5&dma=0&z=283591022
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.36.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.32.0/
196 KB
65 KB
Script
General
Full URL
https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-39.yul62.r.cloudfront.net
Software
DYCDN /
Resource Hash
42997132bd0142564014ac4a809356dc0ceb9b7a90eede2b5b48019f1700cc58

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Apr 2024 06:17:06 GMT
content-encoding
gzip
via
1.1 302bce0287d24df9c94be17a5fd67262.cloudfront.net (CloudFront)
last-modified
Tue, 02 Apr 2024 09:13:12 GMT
server
DYCDN
age
1133780
x-amz-cf-pop
YUL62-P2
etag
W/"65b3e284856fb8d657d1f6a3423618c7"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
7YGW4dRe9v0pRyK941JDUXReC7ftNcKdl1OlZDXKe0Sghgu5jbBGZw==
collect
stats.g.doubleclick.net/j/
4 B
352 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=1244450778.1713604406&jid=580659792&gjid=101121358&_gid=248703762.1713604406&_u=YEBAAEAAAAAAACgAI~&z=6714698
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 20 Apr 2024 09:13:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5mNZducabMgxSDzBo+ZI8w==
age
46157
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:30 GMT
server
cloudflare
etag
0x8DB82A159AF8EA6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
877404b018da36ff-YYZ
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/
61 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sXFDxCJwbPEMIT/8f5Prwg==
age
55071
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:33 GMT
server
cloudflare
etag
0x8DB82A15AFF8646
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
99943331-001e-00a9-52a5-21f8f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
877404b018db36ff-YYZ
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
v0pzgeeelPwcAOki15i3HA==
age
55071
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1766
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:32 GMT
server
cloudflare
etag
0x8DB82A15AB9FB83
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
cd67b2fb-901e-0094-1c03-248eea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
877404b018dc36ff-YYZ
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
50059
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
b54dfe3f-901e-004f-6264-2348d7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
877404b018dd36ff-YYZ
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/
2 KB
2 KB
Fetch
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
12ae2d40097c4391fecf4bdacaf0b90ed7f7b976f5408747140a9d64683f0ea1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
gzip
x-correlation-id
877404b0fe6fe15f
cf-cache-status
DYNAMIC
via
1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840285989 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
x-ratelimit-1m-remaining
23618, 1984424
x-ratelimit-1m-reset
34055, 34054
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
3221cc02d144/[129,127,-] 32D1a5fec676/[-,131.391]
cf-ray
877404b0fe6fe15f-ORD
x-amz-cf-id
SE788aO4JzjrddHnTseDI7zJ6xjLaZxdQPotzHK3JaEAzkkLRbnQGw==
uia
async-px.dynamicyield.com/
0
382 B
XHR
General
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1713604405850
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-24.yul62.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
via
1.1 327dc9ff74acc5a845efbe2daefaec7a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
aRARt_bWS3mhfH-b4du3N8Vcya0EVrXcax1IVfT9zy2BXQ-i3G71TA==
expires
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/
32 B
49 B
XHR
General
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
7586f9164e6bc95d916e3828d687c85f77cf253b34a5908fffa5f6f17dfd0d72

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 20 Apr 2024 09:13:25 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
ga-audiences
www.google.com/ads/
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=1244450778.1713604406&jid=580659792&_u=YEBAAEAAAAAAACgAI~&z=1032082551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.103 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f103.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/
42 B
63 B
Image
General
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=1244450778.1713604406&jid=580659792&_u=YEBAAEAAAAAAACgAI~&z=1032082551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.111.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cnxtag-min.js
js.cnnx.link/roi/
2 KB
1 KB
Script
General
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-83.yul62.r.cloudfront.net
Software
/
Resource Hash
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:08:20 GMT
via
1.1 google, 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
YUL62-C1
age
307
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
mI9y6_M0j5uxOLHyHkfHfiQn3-YWrHRHva-tq38PFXsmaEPrIJ4SPg==
cnv
cnv.event.prod.bidr.io/log/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=4ba94b30-bf17-47f6-8466-c227f2e798bd&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=fd2b63d5-0c18-4ad9-873c-de1b938cd1dd.&ord=3239269651175855623
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=fd2b63d5-0c18-4ad9-873c-de1b938cd1dd.&ord=3239269651175855623&_bee_ppp=1
43 B
796 B
Image
General
Full URL
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=fd2b63d5-0c18-4ad9-873c-de1b938cd1dd.&ord=3239269651175855623&_bee_ppp=1
Protocol
HTTP/1.1
Server
52.73.200.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-200-224.compute-1.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:26 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=fd2b63d5-0c18-4ad9-873c-de1b938cd1dd.&ord=3239269651175855623&_bee_ppp=1
Date
Sat, 20 Apr 2024 09:13:26 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.179.155 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
an-x-request-uuid
e500b3e7-7f4c-40ab-8488-b4595fbdcf7c
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
154.47.17.2; 154.47.17.2; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
an-x-request-uuid
2ad8bbd1-ace3-42fa-bdce-24e82d274b6e
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control
no-store, no-cache, private
x-proxy-origin
154.47.17.2; 154.47.17.2; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=1b22a74f-94f9-4aae-ace1-cb224108b9be
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=7863499826449087247&ttd_tdid=1b22a74f-94f9-4aae-ace1-cb224108b9be
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MWIyMmE3NGYtOTRmOS00YWFlLWFjZTEtY2IyMjQxMDhiOWJl&gdpr=0&gdpr_consent=&ttd_tdid=1b22a74f-94f9-4aae-ace1-cb224...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=1b22a74f-94f9-4aae-ace1-cb224108b9be&google_gid=CAESEIKM2VgwnhZC6vf4MvzS27k&google_cver=1
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=1b22a74f-94f9-4aae-ace1-cb224108b9be&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1b22a74f-94f9-4aae-ace1-cb224108b9be&expiration=1716196409&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1b22a74f-94f9-4aae-ace1-cb224108b9be&expiration=1716196409&gdpr=0&gdpr_consent=&C=1
43 B
339 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=1b22a74f-94f9-4aae-ace1-cb224108b9be&expiration=1716196409&gdpr=0&gdpr_consent=&C=1
Protocol
H2
Server
172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:30 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m7Yahi0oakZD2VrM%2BFVJ%2FdfCVK%2Bd1lOgjm3eef%2BMi%2FJ7UXrhToZ0RqHiyVaWSLeq5ZZHgGMhANC4k1X58vxG0xXCEuDQs9j0Fe7NT4mHetevhb7DVPEbN1IQFE9JUrAio6kycKscQGtSLA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
877404cbbbc43a0a-YYZ
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:30 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y0mAxU8bHipsp2j12KUJFnWektlhxngDdvaR1y58%2BtiKt0vxNAT2j4NCRzuF2gns1qKvfyX4tKC13VruznrH5pDA%2FLHDezJsCkvmjClcJlAFHI0OMYlqZ9qvlluVlBVQRBqWWkXwS6bTBw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=39&external_user_id=1b22a74f-94f9-4aae-ace1-cb224108b9be&expiration=1716196409&gdpr=0&gdpr_consent=&C=1
cache-control
no-cache
cf-ray
877404cb6b883a0a-YYZ
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
ot_close.svg
cdn.cookielaw.org/logos/static/
651 B
601 B
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
55276
x-ms-lease-status
unlocked
last-modified
Thu, 18 Apr 2024 19:47:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
0d01d5c9-201e-0017-5009-929088000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
877404b12e4336b0-YYZ
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
540 B
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
41767
x-ms-lease-status
unlocked
last-modified
Thu, 18 Apr 2024 19:47:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
ff66d6a8-601e-0080-3914-92c685000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
877404b1396836ff-YYZ
ot_company_logo.png
cdn.cookielaw.org/logos/static/
4 KB
4 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
55276
content-length
4036
x-ms-lease-status
unlocked
last-modified
Thu, 18 Apr 2024 19:47:54 GMT
server
cloudflare
etag
0x8DC5FE070ADC548
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
e3ca2056-101e-007e-4209-92a9c4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
877404b15e5c36b0-YYZ
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 20 Apr 2024 09:13:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
46384
x-ms-lease-status
unlocked
last-modified
Thu, 18 Apr 2024 19:47:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
d44abfc7-d01e-0003-228c-92d8e7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
877404b15e5d36b0-YYZ
var
async-px.dynamicyield.com/
0
0
Fetch
General
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=136537&uid=-2994893505674639563&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=dfec889554dcd5a9fe4e69782ec03241&expSes=42104&aud=884367.884385.884387.1167402.1324059.1846919.2324421.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-5718331472647323590&cgtgDecisionId=-5718331472412093542&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1713604405973&rri=3047979
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-24.yul62.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
via
1.1 327dc9ff74acc5a845efbe2daefaec7a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
t7aJNT2ssrHwCVuDgOcQsqpU9JwZZqVCY1otNxUY6kljbMw6FQuvOg==
expires
0
var
async-px.dynamicyield.com/
0
0
Fetch
General
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=749761&uid=-2994893505674639563&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=dfec889554dcd5a9fe4e69782ec03241&expSes=42104&aud=884367.884385.884387.1167402.1324059.1846919.2324421.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-5718331471198187914&cgtgDecisionId=-5718331473194657416&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1713604405974&rri=5163035
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-24.yul62.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
via
1.1 327dc9ff74acc5a845efbe2daefaec7a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
8DmN52mNhhEcYMGJ_1LW9G3fabEB7Dj2_H6QAYk7RBf9SGvjN1syoQ==
expires
0
var
async-px.dynamicyield.com/
0
0
Fetch
General
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=527634&uid=-2994893505674639563&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=dfec889554dcd5a9fe4e69782ec03241&expSes=42104&aud=884367.884385.884387.1167402.1324059.1846919.2324421.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-5718331471927598401&cgtgDecisionId=-5718331474548517139&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1713604405975&rri=6393940
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-24.yul62.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:25 GMT
via
1.1 327dc9ff74acc5a845efbe2daefaec7a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
SyeVuQchBZBk3hQ1yMZPSD79tz59rFpH9Z1m4eVqP_CtgIWe2HUwAA==
expires
0
favicon.ico
www.elfcosmetics.com/
34 KB
34 KB
Other
General
Full URL
https://www.elfcosmetics.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
34494
x-amz-cf-pop
DFW57-P1
age
286, 286
x-amzn-remapped-connection
close
x-amzn-requestid
45b8cfb8-5097-4860-98e0-b50656ef5f78
x-yottaa-optimizations
ob/100 si/32D1a5fec676-1713544935-5840285990 tts/1710864117465 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront
x-amz-apigw-id
WbhHZEEPiYcEpEQ=
content-length
34494
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 17 Apr 2024 19:04:06 GMT
x-amzn-trace-id
Root=1-66214895-15e3d0190497f0c630719680;Parent=4d59c78024e92a7f;Sampled=0;lineage=2b75b0e9:0
etag
W/"86be-18eed71dc70"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
max-age=600, s-maxage=600
x-yottaa-metrics
3221cc02d145/[5,-,1713603923150] 32D1a5fec676/[-,7.718]
accept-ranges
bytes
x-amzn-remapped-date
Thu, 18 Apr 2024 16:21:41 GMT
x-amz-cf-id
G-vngb_ze0kZQeEvbdn5a0GtvlHTO8SBG6Z-kT3BP_yU6aFHBhzkBw==
batch
async-px.dynamicyield.com/
0
383 B
Ping
General
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1713604405980_238328
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-24.yul62.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 97a1bb4fb9aff82a97dbf758ce602258.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
aG8nqi0MLsp7oAdYgH092Z0R_bN14GTWxWmGBJG_pCRfO9wnwfCtng==
expires
0
var
async-px.dynamicyield.com/
0
0
Fetch
General
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=50482&uid=-2994893505674639563&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28207095%5D&ses=dfec889554dcd5a9fe4e69782ec03241&expSes=42104&aud=884367.884385.884387.1167402.1324059.1846919.2324421.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-5718331473904940574&cgtgDecisionId=-5718331472727044164&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1713604405993&rri=559243
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-24.yul62.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 327dc9ff74acc5a845efbe2daefaec7a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
X5nCrrzd7UAdHBq0KYKvc-hF3368-vIt--_4B6MQxnQLbvVKV0QWrw==
expires
0
event
qoe-1.yottaa.net/log-nt/
3 B
191 B
Ping
General
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.2.50.240 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 20 Apr 2024 09:13:33 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/0af6e327/www-widgetapi.vflset/
216 KB
67 KB
Script
General
Full URL
https://www.youtube.com/s/player/0af6e327/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.190 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f190.1e100.net
Software
sffe /
Resource Hash
85b38e7085ac3e5d7b57603c31d75140522fa3a4a70c0a944ad7337b80451e1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 07:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
5449
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68321
x-xss-protection
0
last-modified
Wed, 17 Apr 2024 04:21:26 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 20 Apr 2025 07:42:37 GMT
viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ Frame
0
0
Preflight
General
Full URL
https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.237.131.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-131-176.compute-1.amazonaws.com
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-cq-client-id
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization, content-type, x-cq-tenant, x-cq-client-id
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
content-length
0
date
Sat, 20 Apr 2024 09:13:27 GMT
server
envoy
strict-transport-security
max-age=15552000; includeSubdomains
x-envoy-upstream-service-time
1
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/
0
1 KB
XHR
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjg2YjM5YjA1LWFjNTQtNDU1NS05NmQxLTc3Y2MzOGI1MDUzMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM2MDQzNzUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibWJ4R2tYSkdrYnNSd3VrWmxhWVlscnNaOjpjaGlkOiAiLCJleHAiOjE3MTM2MDYyMDUsImlhdCI6MTcxMzYwNDQwNSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDkzMTgzNTI4Njk2NjczMSJ9.m8F8VEo6bDCLn5U2spfv4ipq12sXFrs8-QVCF-FXB1dpTRw9SsNsFgMCZkqKZhFi42xc0yln9Q7BKlGPz3LGvA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/0 si/32D1a5fec676-1713544935-5840285991 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3221cc02d146/[179,175,-] 32D1a5fec676/[-,182.218]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
877404b21b466197-ORD
x-dw-request-base-id
DRADyzaHI2YBAAB_
x-amz-cf-id
XPpgyAveVxdKoQmvthEKC3I7jQL8KASPUm9991BuMlNOLYaTOZAFAw==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/
135 B
885 B
XHR
General
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjg2YjM5YjA1LWFjNTQtNDU1NS05NmQxLTc3Y2MzOGI1MDUzMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM2MDQzNzUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibWJ4R2tYSkdrYnNSd3VrWmxhWVlscnNaOjpjaGlkOiAiLCJleHAiOjE3MTM2MDYyMDUsImlhdCI6MTcxMzYwNDQwNSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDkzMTgzNTI4Njk2NjczMSJ9.m8F8VEo6bDCLn5U2spfv4ipq12sXFrs8-QVCF-FXB1dpTRw9SsNsFgMCZkqKZhFi42xc0yln9Q7BKlGPz3LGvA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 4bbf91f2f9edc22eb68408b6405ae452.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
135
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
1af26a27-f2c8-498b-83a0-833521618968
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840285992 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
WhIQgEzEiYcEicQ=
content-length
119
alt-svc
h3=":443"; ma=86400
etag
W/"87-WFt3zDSdrvttkMP6rAK367Qj/Rw"
x-amzn-trace-id
Root=1-66238736-2ad671d9772c85b551527a9d;Parent=01da9d6895511432;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
3221a5fec69c/[843,840,-] 32D1a5fec676/[-,845.518]
x-amzn-remapped-date
Sat, 20 Apr 2024 09:13:26 GMT
x-amz-cf-id
Ayv3H1_nbU3Ih5GFpDZdx9ZG0kUrtHfInjqySfet80kxD1cAUD9Y2w==
sync
sdk.iad-05.braze.com/api/v3/content_cards/
85 B
250 B
XHR
General
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.95 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0a2ead3cf59e66a8cc040819b282abb30c8e35a6a241f2431c443f4755ce083
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
Accept-Language
en-CA,en;q=0.9;q=0.9
X-Braze-ContentCardsRequest
true
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
a9e6588c-fa9f-4961-bc43-a511d54930c6
x-runtime
0.061207
server
cloudflare
etag
W/"a0a2ead3cf59e66a8cc040819b282abb"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1713604407
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
877404b1ce6039d2-YYZ
x-ratelimit-remaining
488.0
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/
189 B
899 B
XHR
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=154.47.17.2
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
950200b1a632b0ee786b1af9bff50660cc7568ea90a68d0953ccdd7ca9927506
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
via
1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840285994 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=154.47.17.2
x-yottaa-metrics
3221a5fec69a/[421,418,-] 32D1a5fec676/[-,423.702]
cf-ray
877404b32d9b2311-ORD
x-dw-request-base-id
HVputjaHI2YBAAB_
x-amz-cf-id
dXBlWRdlwsqJ9AOJjaUmLGa8QQkY8uub6ZdgdGLb_Dh7ENPcmsh2tg==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/
189 B
899 B
XHR
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=154.47.17.2
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
950200b1a632b0ee786b1af9bff50660cc7568ea90a68d0953ccdd7ca9927506
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
via
1.1 ae39d1ac6bb931d0ff3d636fc3e249de.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840285997 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=154.47.17.2
x-yottaa-metrics
3221a5fec66f/[235,233,-] 32D1a5fec676/[-,237.713]
cf-ray
877404b60da262e8-ORD
x-dw-request-base-id
qbAgDTaHI2YBAAB_
x-amz-cf-id
23xLEDk-tktzjGSvaUz7bIHClt5aaCz45OtmXjpouwh3A2Y0LMmiOg==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abmbxGkXJGkbsRwukZlaYYlrsZ/
11 B
878 B
Fetch
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abmbxGkXJGkbsRwukZlaYYlrsZ/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjg2YjM5YjA1LWFjNTQtNDU1NS05NmQxLTc3Y2MzOGI1MDUzMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM2MDQzNzUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibWJ4R2tYSkdrYnNSd3VrWmxhWVlscnNaOjpjaGlkOiAiLCJleHAiOjE3MTM2MDYyMDUsImlhdCI6MTcxMzYwNDQwNSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDkzMTgzNTI4Njk2NjczMSJ9.m8F8VEo6bDCLn5U2spfv4ipq12sXFrs8-QVCF-FXB1dpTRw9SsNsFgMCZkqKZhFi42xc0yln9Q7BKlGPz3LGvA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
sfdc_customization
HOOK
dnt
0
cf-cache-status
DYNAMIC
x-correlation-id
877404b31d0861ad
x-content-type-options
nosniff
via
1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840285993 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
sfdc_load
1
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abmbxGkXJGkbsRwukZlaYYlrsZ/baskets?siteId=elf-us
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
877404b31d0861ad-ORD
x-amz-cf-id
azaJSi4Qmmx94q_edwJRbqW6zbOvIHzwD8k5PydXMuUbxZfNF8kgYg==
x-yottaa-metrics
3221a5fec69b/[171,169,-] 32D1a5fec676/[-,174.355]
viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/
98 B
517 B
Fetch
General
Full URL
https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.237.131.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-237-131-176.compute-1.amazonaws.com
Software
envoy /
Resource Hash
24fc3a67b397cca51dae595f7c13e6005062622a33891941857f871417d8067f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
x-cq-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://www.elfcosmetics.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:27 GMT
strict-transport-security
max-age=15552000; includeSubdomains
server
envoy
etag
W/"62-FdX5jb6XK5ocK3mGvuGOvmt72O0"
access-control-allow-methods
GET, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
content-length
98
110221.ct.js
tag.rmp.rakuten.com/
47 KB
15 KB
Script
General
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
0b2f3284731451436ae24019f5bced6829fc4f1c005ba21e4694a6dbc6e98f8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Sat, 20 Apr 2024 09:13:26 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
js
www.paypal.com/sdk/
419 KB
117 KB
Script
General
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5fcc27d86413eb4682a9c5392e8938f5c90ac54c3938360d5ac1db40e8bf6474
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rmYB4ANAPeCB4N/0FHOfEQGgNSjTEmqHePzDLFfXhaHbOpQJ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rmYB4ANAPeCB4N/0FHOfEQGgNSjTEmqHePzDLFfXhaHbOpQJ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-rmYB4ANAPeCB4N/0FHOfEQGgNSjTEmqHePzDLFfXhaHbOpQJ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-rmYB4ANAPeCB4N/0FHOfEQGgNSjTEmqHePzDLFfXhaHbOpQJ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Sat, 20 Apr 2024 09:13:26 GMT
age
10151
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f50892307a308
server-timing
"traceparent;desc="00-0000000000000000000f50892307a308-3a7d85131934e2c4-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
117884
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200163-BUR, cache-yyz4527-YYZ, cache-yyz4527-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f50892307a308-f0fe6c35df3fe923-01
x-timer
S1713604406.496656,VS0,VE4
etag
W/"1cc7c-fKO3YtMzy7+SsWbeBFfWZoqFb88"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
1, 6, 0
batch
async-px.dynamicyield.com/
0
382 B
Ping
General
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1713604406186_901253
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-24.yul62.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 97a1bb4fb9aff82a97dbf758ce602258.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
QgYof2izCczg6qfr6tued-yezLRURRoodBESuggPo8MWt7qqfjX3Dg==
expires
0
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/
145 KB
43 KB
Script
General
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.22.7 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-22-7.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
f7f7d48fa4ef27a882d9690c581637c5f56c8f0870e7d375a333c6604b54c432
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Sat, 20 Apr 2024 09:13:33 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"057b1d4cea90cfb374227140e2f2f95d96013931-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, max-age=900
Connection
keep-alive
Content-Length
43275
Expires
Sat, 20 Apr 2024 09:28:33 GMT
js
www.googletagmanager.com/gtag/
314 KB
102 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
8778d5b3e6b7ba58f84e2120fb51ec4b6e54780627c52dfe360ea1936b9817de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
104293
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 20 Apr 2024 09:13:26 GMT
js
www.googletagmanager.com/gtag/
299 KB
99 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
6d0c3ab4349bd9982749cb3a1916ac470ded78667870859abe4160077bcac7a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
101293
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 20 Apr 2024 09:13:26 GMT
1a8bfa042c9c5.js
t.contentsquare.net/uxa/
292 KB
71 KB
Script
General
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.213.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-213-65.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
329a5e6b08a931ac1df4877349d5fb131ee553dd231dad91850a0422d7d89dd8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 06:48:47 GMT
content-encoding
br
via
1.1 32ea9b2b7eaaba833294021989c78c08.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P1
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
71694
last-modified
Thu, 04 Apr 2024 14:00:49 GMT
server
AmazonS3
etag
"f5dfc1db5e16fbec46d877d4586c2484"
vary
Accept-Encoding, Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
RU49JZai7GiiK-t6MJTxowPFxiGwAr6cFl9pw-34LGiA_bm66VrdJw==
loader.js
cdn.usehero.com/
98 KB
28 KB
Script
General
Full URL
https://cdn.usehero.com/loader.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.213.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-213-47.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:01:59 GMT
content-encoding
gzip
via
1.1 905aa3bc80ce385e5945d99189fc1eac.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P1
age
697
x-amz-server-side-encryption
AES256
etag
W/"fbf714a58cbac38c0deea519667d9044"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
Brptp7kVB8MvPZqFm8e7qc2T2WyL8wvxTwkd2F_8g25A0s3rqO440A==
destination
www.googletagmanager.com/gtag/
203 KB
74 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
796132480e84128a861d2f399f8478816c92c036af808f7c0f5dfd568c4c1c60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75136
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 20 Apr 2024 09:13:26 GMT
destination
www.googletagmanager.com/gtag/
203 KB
73 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
871474c026a375c08d45faa149fd4a5599bab4f0fb4e2add7576488f083cb2bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75058
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 20 Apr 2024 09:13:26 GMT
core.js
s.pinimg.com/ct/
5 KB
2 KB
Script
General
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
62e7cb03e8f65ceb4f43a5a56a3b9c3950158fae3fea85699e3f4c68672f4c2f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
x-cdn
akamai
etag
"2a48a6694c41c203319b5f6018c2bbbc"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=7200
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
content-length
1899
fbevents.js
connect.facebook.net/en_US/
218 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 20 Apr 2024 09:13:33 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57850
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=17, rtx=0, c=12, mss=1380, tbw=2785, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
goWAH7Rhx/6UiAO55UUXmdiX4lTomkr9Os7CUYl89dZVBoraNU5odl5MLtxqS3Xe15x8gX5gcbrCHReANDJyNA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/
28 KB
9 KB
Script
General
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 15 Feb 2024 20:38:48 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8702
bat.js
bat.bing.com/
45 KB
13 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Sat, 20 Apr 2024 09:13:33 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 481845FC748D4015B76374D02E47904A Ref B: YTO01EDGE0520 Ref C: 2024-04-20T09:13:33Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
sdk.js
analytics.tiktok.com/i18n/pixel/
8 KB
3 KB
Script
General
Full URL
https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRR4GA0I9JJBU29G8GF0
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
4cc7feb5ab578928cbb28efc31c87d328d2b19f751e117abcee3fd3df77bf4e4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
1ae188ea
date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240420091327A23A03CE769431935CBE-31E59F5D26D1F594-00
x-cache
TCP_MISS from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing
inner; dur=2, cdn-cache; desc=MISS, edge; dur=2, origin; dur=5
content-length
2529
pragma
no-cache
server
nginx
x-tt-logid
20240420091327A23A03CE769431935CBE
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
6,23.220.105.199
x-tt-trace-host
01d6694c4d61b2f260fd54eccec6fdfa53562517d4b5429c46f4c3fac525f03aac67ef3d510952f97d5b8cbd9a53fa6279d144461289f0471f01be47e2e28813b69f2b13c41bcb77301e5c819bceab3a82b673cb4478e9472040124094a4e95df0
expires
Sat, 20 Apr 2024 09:13:27 GMT
events.js
analytics.tiktok.com/i18n/pixel/
6 KB
3 KB
Script
General
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2b98ba708aff9eaebd3cf0e2bdcf281082837a247ef8b3ae7cf10378bec5c787

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
1ae188eb
date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240420091327D0D1DEB7AC6336371993-4F24F00A80D2BD90-00
x-cache
TCP_MISS from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing
inner; dur=2, cdn-cache; desc=MISS, edge; dur=1, origin; dur=5
content-length
2075
pragma
no-cache
server
nginx
x-tt-logid
20240420091327D0D1DEB7AC6336371993
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
6,23.220.105.199
x-tt-trace-host
01d6694c4d61b2f260fd54eccec6fdfa53562517d4b5429c46f4c3fac525f03aac7005c0a64a1347f68688e7edfa63aae43ae5a87ebd1947e51159292b00a33e7845075aef6bccd82fc059cf995add2f812b942e874d709a6838389a9728090b32
expires
Sat, 20 Apr 2024 09:13:27 GMT
widget.js
js.jebbit.com/companion/v1/
44 KB
45 KB
Script
General
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-21.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
R3KY_K4A_1J6MbzxdLc7TwnPZXsf4837
date
Fri, 19 Apr 2024 14:53:01 GMT
via
1.1 4208b3c43704306e2eddbba95ee93dc4.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-C1
age
66027
x-amz-server-side-encryption
AES256
etag
"cc4e73d84c409b310a274ca12ee462bc"
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45249
x-amz-cf-id
L6dzWnAitpphTRFDfeSfPKaIXy8Nent1fN85aLpfc-T7oAgwV6wvYQ==
activityi;dc_pre=CJfu-_C50IUDFSTGwgQdzlkAig;src=9231397;type=retarget;cat=globa0;ord=9034392482404;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
9231397.fls.doubleclick.net/ Frame E458
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9034392482404;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefi...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CJfu-_C50IUDFSTGwgQdzlkAig;src=9231397;type=retarget;cat=globa0;ord=9034392482404;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-...
0
0
Document
General
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CJfu-_C50IUDFSTGwgQdzlkAig;src=9231397;type=retarget;cat=globa0;ord=9034392482404;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
468
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:29 GMT
expires
Sat, 20 Apr 2024 09:13:29 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:29 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CJfu-_C50IUDFSTGwgQdzlkAig;src=9231397;type=retarget;cat=globa0;ord=9034392482404;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
i.js
tag.wknd.ai/6664/
17 KB
6 KB
Script
General
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
fa231056681e8d80c926f3a7c027699435f2dac18f21543b74fc144912bd88f4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 08:55:09 GMT
content-encoding
gzip
via
1.1 google
age
1098
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5537
server
istio-envoy
etag
eafeb909ea8ada
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
collect
sgtm.elfcosmetics.com/g/
739 B
1 KB
XHR
General
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1244450778.1713604406&ecid=839026459&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=194915433.1713604405&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=1&sid=1713604406&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=1&tfd=5638&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
13fe708437b20b4ff6dc037d87aec1624fabff6fb91bf93c0c63d8192ba7bf33
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/
65 B
394 B
XHR
General
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1244450778.1713604406&ecid=839026459&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=194915433.1713604405&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=2&sid=1713604406&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&_et=3&tfd=5653&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/
65 B
398 B
XHR
General
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1244450778.1713604406&ecid=839026459&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=194915433.1713604405&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=3&sid=1713604406&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1713604888562_171360484442415&ep.email=&ep.phone=&_et=3&tfd=5653&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
analytics.google.com/g/
0
102 B
Ping
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je44h0v879088318z8896608294za200&_gaz=1&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1244450778.1713604406&ul=en-ca&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&_s=1&sid=1713604406&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=5746
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f113.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:28 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
47 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=1244450778.1713604406&gtm=45je44h0v879088318z8896608294za200&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/
42 B
63 B
Image
General
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=1244450778.1713604406&gtm=45je44h0v879088318z8896608294za200&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5&npa=1&z=1415326138
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.111.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/s/
0
210 B
Image
General
Full URL
https://analytics.google.com/g/s/collect?dma=0&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&_gsid=5D80LRC85N-tj8Ri78h2bH66G-WzC2LQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f113.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:27 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/
42 B
63 B
Image
General
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&tid=G-5D80LRC85N&cid=eCxQPAIBoMXoLG4qQYDplroN6ahfviSCynyMoomYYOI%3D.1713604406&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&aip=1&z=1079534435
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.111.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
55 B
Image
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&tid=G-5D80LRC85N&cid=eCxQPAIBoMXoLG4qQYDplroN6ahfviSCynyMoomYYOI%3D.1713604406&gtm=45j91e44h0v9125640115z8896608294z99175401888za200&aip=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CJzk2e-50IUDFeTLwgQdDUMAOQ;src=10742279;type=elf8j0;cat=glo_flap;ord=1561473035958;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-c...
10742279.fls.doubleclick.net/ Frame 7AEA
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=1561473035958;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmeti...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJzk2e-50IUDFeTLwgQdDUMAOQ;src=10742279;type=elf8j0;cat=glo_flap;ord=1561473035958;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfc...
0
0
Document
General
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJzk2e-50IUDFeTLwgQdDUMAOQ;src=10742279;type=elf8j0;cat=glo_flap;ord=1561473035958;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
408
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:27 GMT
expires
Sat, 20 Apr 2024 09:13:27 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:26 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJzk2e-50IUDFeTLwgQdDUMAOQ;src=10742279;type=elf8j0;cat=glo_flap;ord=1561473035958;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/
3 KB
2 KB
XHR
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
eb44dc6a378e49c5e2a42a12d2b71a9237b65e6e12c35ce2018dc079845b8546
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjg2YjM5YjA1LWFjNTQtNDU1NS05NmQxLTc3Y2MzOGI1MDUzMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM2MDQzNzUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibWJ4R2tYSkdrYnNSd3VrWmxhWVlscnNaOjpjaGlkOiAiLCJleHAiOjE3MTM2MDYyMDUsImlhdCI6MTcxMzYwNDQwNSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDkzMTgzNTI4Njk2NjczMSJ9.m8F8VEo6bDCLn5U2spfv4ipq12sXFrs8-QVCF-FXB1dpTRw9SsNsFgMCZkqKZhFi42xc0yln9Q7BKlGPz3LGvA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840285996 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
1099
pragma
no-cache
etag
8db5084b1341169bc6adaebbfc07e167b012e792acfd80a7848a85a279345b4d
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
x-dw-resource-state
8db5084b1341169bc6adaebbfc07e167b012e792acfd80a7848a85a279345b4d
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3221a5fec670/[240,237,-] 32D1a5fec676/[-,243.459]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
877404b5b95529fa-ORD
x-dw-request-base-id
DRAQyzaHI2YBAAB_
x-amz-cf-id
AHpb6S2YSFi4AD2XOfB85K7gqZ0B9n_1u6IB7Qe9wGHRgPmg_yTOsw==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
local
www.paypal.com/credit-presentment/experiments/ Frame 63AC
0
0
Document
General
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.63.0&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
53272
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1527
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Sat, 20 Apr 2024 09:13:28 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-ekLkc6qsQrBB7EZmqLnoD9F78Kc"
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f1481180f4ba8
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f1481180f4ba8-7440f192170b31bb-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f1481180f4ba8-87914a241fb9c6c1-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
142, 4321, 0
x-served-by
cache-bur-kbur8200078-BUR, cache-yyz4579-YYZ, cache-yyz4579-YYZ
x-timer
S1713604409.952637,VS0,VE5
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/
14 KB
6 KB
Script
General
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.434&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b040c12c04f3b66fbaba01ba6103e1291f7c20f726b737d677faf689c6316ecc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-dSgJYrEAJFP9xxs4L8zFR9cSySaZn9oXeGSTmHbnE+bcvPgL' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-dSgJYrEAJFP9xxs4L8zFR9cSySaZn9oXeGSTmHbnE+bcvPgL' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
52507
x-cache
HIT, HIT, MISS
paypal-debug-id
f287596d0ac43
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4795
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200151-BUR, cache-yyz4527-YYZ, cache-yyz4527-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f287596d0ac43-29fed74ec4462380-01
x-timer
S1713604407.681018,VS0,VE4
etag
W/"3692-81wGMsuvwmpTrIPzDMrJELt46h0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
135, 84, 0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/
32 B
49 B
XHR
General
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
7586f9164e6bc95d916e3828d687c85f77cf253b34a5908fffa5f6f17dfd0d72

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
main.6192ffb7.js
s.pinimg.com/ct/lib/
69 KB
20 KB
Script
General
Full URL
https://s.pinimg.com/ct/lib/main.6192ffb7.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6982e83b9ea7682534a77808bc53b3e516bc5d26dc406de1a2ea81c2fdf63a33

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
x-cdn
akamai
etag
"0c0f2aed16e51276069e2c6e45c878c1"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=1209600
accept-ranges
bytes
content-length
19940
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/
86 B
700 B
XHR
General
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
98
rp.gif
alb.reddit.com/
42 B
637 B
Image
General
Full URL
https://alb.reddit.com/rp.gif?ts=1713604406687&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=7ef82b72-f875-421d-9393-433430e09d15&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:28 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
jsp
ut.rd.linksynergy.com/
148 B
404 B
Script
General
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
88e76973c6445bedb078f77da05db3ba48d3a35ff93f6c27253756a3395a2bd0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/plain; charset=utf-8
date
Sat, 20 Apr 2024 09:13:27 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
x-samesite
secure
ts
t.paypal.com/
42 B
553 B
Image
General
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1713604406837&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0
date
Sat, 20 Apr 2024 09:13:27 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
4b61518e4f04d
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200134-BUR, cache-yyz4552-YYZ
pragma
no-cache
correlation-id
4b61518e4f04d
traceparent
00-00000000000000000004b61518e4f04d-b0ad8c0b7934bf5a-01
x-timer
S1713604408.815950,VS0,VE98
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 20 Apr 2024 09:13:27 GMT
/
ct.pinterest.com/user/
321 B
303 B
XHR
General
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1713604406840&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
gzip
x-cdn
fastly
x-envoy-upstream-service-time
0
alt-svc
h3=":443";ma=600
x-pinterest-rid
4012149711724786
content-length
186
pin-unauth
dWlkPU9XSmpNR0ZoTldNdFlqTTJaQzAwTm1SbExXRmlZekl0TW1SaVpqZzVNemsyTnpWaQ
pragma
no-cache
referrer-policy
origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/user/
321 B
635 B
XHR
General
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1713604406841&dep=5%2CEVENT_TAGS_ABSENT
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:26 GMT
content-encoding
gzip
x-cdn
fastly
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
x-pinterest-rid
5041960733188271
content-length
186
pin-unauth
dWlkPVpqZ3pObVpsWmpVdE5qUTNOUzAwTlRjMExXSTBORGt0TVdFM1pUZzVObUkwTlRkag
pragma
no-cache
referrer-policy
origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/v3/
35 B
0
Fetch
General
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22124%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22124%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22124.0.6367.60%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1713604406842
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
referrer-policy
origin
x-cdn
fastly
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
x-pinterest-rid
1324985393701437
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/
56 B
1 KB
XHR
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

c_x-pwa-request
true
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
via
1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840285998 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-yottaa-metrics
3221a5fec666/[237,234,-] 32D1a5fec676/[-,239.749]
cf-ray
877404b76fe16197-ORD
x-dw-request-base-id
DRAYyzaHI2YBAAB_
x-amz-cf-id
ztL3nNalQzKevCaAzUeBO1tLPc-p0cl-6Msy34hIl7mfV6IGaB2vLQ==
expires
Thu, 01 Dec 1994 16:00:00 GMT
/
ct.pinterest.com/v3/
35 B
0
Fetch
General
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1713604406931&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22124%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22124%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22124.0.6367.60%22%2C%22ecm_enabled%22%3Afalse%7D
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6192ffb7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:26 GMT
referrer-policy
origin
x-cdn
fastly
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
16
alt-svc
h3=":443";ma=600
x-pinterest-rid
1820413747504793
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/
5 KB
6 KB
Image
General
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.107.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-205-107-75.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
date
Sat, 20 Apr 2024 09:13:27 GMT
server
Unknown
x-amz-server-side-encryption
AES256
x-amp-srv
A
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
5378
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/
2 KB
1 KB
Image
General
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.107.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-205-107-75.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Sat, 20 Apr 2024 09:13:27 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
996
icon-noun-mist-spray-6491531-2
elfcosmetics.a.bigcontent.io/v1/static/
649 B
659 B
Image
General
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-mist-spray-6491531-2?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-mist-spray-6491531-2?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-mist-spray-6491531-2?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.107.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-205-107-75.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
0ce9fb17074b954a06fc54f99d41dd29e2b613c7d843577775dafdf870cc00ac

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Sat, 20 Apr 2024 09:13:27 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
375
84759
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/
20 KB
5 KB
XHR
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/84759?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
7b3d0afff8895f25ff4f5eff8277ee7e76a3affb8e7918d246378e92ba5f463a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
cache-control
no-cache
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:27 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
gzip
via
1.1 800cba2437ee092ab9e4755c65d34a72.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840286000 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 20 Apr 2024 09:13:27 GMT
allow
GET,HEAD,OPTIONS
vary
accept-encoding
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/products/84759?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
x-yottaa-metrics
3221a5fec664/[256,254,-] 32D1a5fec676/[-,259.550]
cf-ray
877404b94f3362e8-ORD
x-dw-request-base-id
DRAgyzeHI2YBAAB_
x-amz-cf-id
R6fePmwdfLgBEmBvKFuZ4bjTUGD66T79UGYQWbyHKJqbkQFlP0ZbNw==
widget.css
js.jebbit.com/companion/v1/
15 KB
16 KB
Stylesheet
General
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-21.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 07:52:23 GMT
x-amz-version-id
rlLQSdBm9ZTNXvLaketZ1ik.75AdGtXG
via
1.1 4208b3c43704306e2eddbba95ee93dc4.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-C1
age
4865
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
vcHY05c2OHdfu3gN4EKWIaEIU1GX0vrPwyakOcRdipysWoM77SoOQA==
launcher_configs
external-api.jebbit.com/moments/v2/
2 B
448 B
XHR
General
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.239.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-239-237.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
x-dns-prefetch-control
off
content-length
2
x-xss-protection
1; mode=block
pragma
no-cache
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options
noopen
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
expires
0
1bd6111df5b5905e0f100c5039
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/
3 KB
2 KB
XHR
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/1bd6111df5b5905e0f100c5039
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4ba3f9423fe689de12b7e3720dd381126f50ae7030a0d3c3b9c550d85a485887
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjg2YjM5YjA1LWFjNTQtNDU1NS05NmQxLTc3Y2MzOGI1MDUzMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM2MDQzNzUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibWJ4R2tYSkdrYnNSd3VrWmxhWVlscnNaOjpjaGlkOiAiLCJleHAiOjE3MTM2MDYyMDUsImlhdCI6MTcxMzYwNDQwNSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDkzMTgzNTI4Njk2NjczMSJ9.m8F8VEo6bDCLn5U2spfv4ipq12sXFrs8-QVCF-FXB1dpTRw9SsNsFgMCZkqKZhFi42xc0yln9Q7BKlGPz3LGvA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
sec-ch-ua-platform
"Win32"

Response headers

x-yottaa-profileid
5a0c9b7632f01c35d4210220
date
Sat, 20 Apr 2024 09:13:27 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 cbe94ab27088fc4bb73abf8e3179b3d2.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
age
0
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840286003 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
1099
etag
daab38e6653bb0e5f185c055df9882e05b2490e073c9c4caa026ffe0e2b0a379
allow
DELETE,GET,HEAD,OPTIONS,PATCH
content-type
application/json;charset=UTF-8
x-dw-resource-state
daab38e6653bb0e5f185c055df9882e05b2490e073c9c4caa026ffe0e2b0a379
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-os
200
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/1bd6111df5b5905e0f100c5039
accept-ranges
bytes
cf-ray
877404ba1e0c2c80-ORD
x-dw-request-base-id
qbAvDTeHI2YBAAB_
x-amz-cf-id
BoFQ741LyWQhHm7cXba22S54g0rwZSKZ-7GNih0AyNHcqJCKjpVneQ==
x-yottaa-metrics
3221a5fec661/[153,151,-] 32D1a5fec676/[-,156.630]
muse.js
www.paypalobjects.com/muse/
55 KB
16 KB
Script
General
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/1693) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
264ce1b86c611
dc
ccg11-origin-www-1.paypal.com
content-length
16355
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (chf/1693)
traceparent
00-0000000000000000000264ce1b86c611-151e7a8eb0447633-01
etag
"64f25363-daa8+gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sat, 20 Apr 2024 10:13:28 GMT
pageview
c.contentsquare.net/
0
319 B
Image
General
Full URL
https://c.contentsquare.net/pageview?ex=&dt=1146&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6759&ww=1600&wh=1200&sw=1600&sh=1200&uu=85da9644-e081-a42f-d7d5-90657fddcedf&sn=1&hd=1713604407&v=14.5.1&pid=1926&pn=1&r=257431
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.91.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-91-59.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:29 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
token_create.js
ct.pinterest.com/static/ct/
4 KB
4 KB
Script
General
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca727c9d9c5d3ffa9fc01a2c57d612263a5ef4138da8d9b8e76e354835882466

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:27 GMT
x-cdn
fastly
age
6170
etag
"2a8d051abafd7b1d3f62592455b15f0c"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200
timing-allow-origin
https://ct.pinterest.com
alt-svc
h3=":443";ma=600
content-length
4101
ct.html
ct.pinterest.com/ Frame E426
0
0
Document
General
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443";ma=600
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Sat, 20 Apr 2024 09:13:28 GMT
pinterest-version
0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
referrer-policy
origin
x-cdn
fastly
x-envoy-upstream-service-time
1
x-pinterest-rid
1310431487245388
4eecab1a-4bbc-45c9-afa2-436bb7354104
https://www.elfcosmetics.com/
7 KB
0
Other
General
Full URL
blob:https://www.elfcosmetics.com/4eecab1a-4bbc-45c9-afa2-436bb7354104
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1d959f985f144d73bf7e483dc5b5027417eb785966a53fb8b1378979c43d6f90

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length
7329
Content-Type
application/javascript
dvar
c.contentsquare.net/
0
320 B
Image
General
Full URL
https://c.contentsquare.net/dvar?v=14.5.1&pid=1926&pn=1&sn=1&uu=85da9644-e081-a42f-d7d5-90657fddcedf&dv=H4sIAAAAAAAAA0WMsQrCUAxFfyVkdnHtpq0VwVEKnUraBgnERF6DWor%2F7hOUjvdwzl1wt%2B%2Bqtjuq96RQukVyhQtPgQVWs9FNBmiFdYTD685J2AaecPPrVgbbHDSUhELc8vorZ3%2FCyYLt%2B1i6KvWesvRgqEUj53bF9wcxTAoRiQAAAA%3D%3D&ct=2&r=687358
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.91.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-91-59.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:29 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
promotions
www.elfcosmetics.com/mobify/proxy/api/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/
1 KB
2 KB
Fetch
General
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/promotions?siteId=elf-us&ids=chooseyourgwp-CA-2%2C2023-esw-canada-shipping-promo-35&locale=en-CA
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
cef04833e5fc1d4b4ced5a180fb398abe34bb893c6c0c5694053d418520e3308
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjg2YjM5YjA1LWFjNTQtNDU1NS05NmQxLTc3Y2MzOGI1MDUzMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM2MDQzNzUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibWJ4R2tYSkdrYnNSd3VrWmxhWVlscnNaOjpjaGlkOiAiLCJleHAiOjE3MTM2MDYyMDUsImlhdCI6MTcxMzYwNDQwNSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDkzMTgzNTI4Njk2NjczMSJ9.m8F8VEo6bDCLn5U2spfv4ipq12sXFrs8-QVCF-FXB1dpTRw9SsNsFgMCZkqKZhFi42xc0yln9Q7BKlGPz3LGvA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
dnt
0
cf-cache-status
DYNAMIC
x-correlation-id
877404bb7d34e20f
x-content-type-options
nosniff
via
1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront)
x-amz-cf-pop
DFW57-P1
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840286009 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
vary
accept-encoding
content-type
application/json;charset=UTF-8
x-ratelimit-remaining
999
sfdc_load
2
cache-control
private,max-age=33
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/pricing/shopper-promotions/v1/organizations/f_ecom_bbxc_prd/promotions?siteId=elf-us&ids=chooseyourgwp-CA-2%2C2023-esw-canada-shipping-promo-35&locale=en-CA
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
877404bb7d34e20f-ORD
x-amz-cf-id
W96YckdEItK-l5BeiD_uKRDPfKc0lpfFXbv5jgqTQ4YIwSgF5nOTZA==
x-yottaa-metrics
3221a5fec65e/[256,254,-] 32D1a5fec676/[-,258.718]
main.MTIyYzc3NzllMQ.js
analytics.tiktok.com/i18n/pixel/static/
431 KB
114 KB
Script
General
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
19cc1cced30687035cb740cbbf86a4c2d7c5085ca95e3fdef76d7e28d35af57d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
1ae1896e
date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202404190410053D468379F2B9A3A4172A
x-tt-trace-id
00-2404190410053D468379F2B9A3A4172A-1651EC251E5875C1-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01c6176d7baf164bbf4af64ba1dd0b81731b603c75173f854ca2c0899c2f6d1434e6c926bc3c46698380b53b2cfbb06af96afb0a41854f698e96a70f7f04fbbf2617e49fe26c2e7140cdfb965dc23d567180838ad4fad3bb334e036e1a29842f6b
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=19
content-length
116231
main.MTIyYzc3NzllMA.js
analytics.tiktok.com/i18n/pixel/static/
411 KB
109 KB
Script
General
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a54234f412b9bfdc07fcbd75a6e3e22c0f89f89f861ea0e6e6a96c7048834c41

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
1ae1897f
date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240419041004CF8DF9E4E3C37BA95BA6
x-tt-trace-id
00-240419041004CF8DF9E4E3C37BA95BA6-7E75C7D6715F7D95-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01b7abb95817c8c34d8c93c827b7ea955a1cf4a5892b4ccd45e281ce594a8a95b5ddb75c0324958dd72b4852f0a4f1ef7900d2e9da511b560b1d840d0b5f064d84c0dc9cb40d2362bc60a91321fb0148d6d8c8a4982972e8e4470fc72f99da6f69
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=20
content-length
111109
runtime_6459738026535cda4232dc813c61447d.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/
3 KB
2 KB
Script
General
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_6459738026535cda4232dc813c61447d.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 21 Mar 2024 21:54:28 GMT
content-encoding
br
age
2546340
x-guploader-uploadid
ABPtcPqqyFeHWmtJaoHqeu0jFdvtZbM9ww-irirJ9-4GPATPVt2YoIgkeldaN3F17Id3Kkuoeo2DY-dNnoef98g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1316
last-modified
Mon, 22 Jan 2024 18:44:07 GMT
server
UploadServer
etag
"09512239cb2a22728ca9f8608dfc2181"
x-goog-generation
1705949047694544
x-goog-hash
crc32c=BS9gKg==, md5=CVEiOcsqInKMqfhgjfwhgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1316
accept-ranges
bytes
content-type
text/javascript
identify_c26a2.js
analytics.tiktok.com/i18n/pixel/static/
139 KB
37 KB
Script
General
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_c26a2.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a869fe8cddaf23f1ee50724c35748cefb30c697095b2cf4a231033cb8f43b4ab

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
1ae18a94
date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202404190410040B785546B6FC8AAEBB77
x-tt-trace-id
00-2404190410040B785546B6FC8AAEBB77-09CA818233B70C6B-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01b7abb95817c8c34d8c93c827b7ea955a1cf4a5892b4ccd45e281ce594a8a95b5dd1b3211d00ffeb32fe3a34a46ffdfdbc3f80ff709c257e2c975fb563845fce3f7db82cdcb69e15228184dd3e4815d01bf955f31b72eb00ad6266f68c19efad3
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=13
content-length
37293
performance_interaction
analytics.tiktok.com/api/v2/
0
701 B
Ping
General
Full URL
https://analytics.tiktok.com/api/v2/performance_interaction
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1ae18b3a
date
Sat, 20 Apr 2024 09:13:27 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240420091327428B34B7DCB1C127BE03-61AD5889A9FE642C-00
x-cache
TCP_MISS from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing
inner; dur=11, cdn-cache; desc=MISS, edge; dur=10, origin; dur=15
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240420091327428B34B7DCB1C127BE03
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
15,23.220.105.199
x-tt-trace-host
01d6694c4d61b2f260fd54eccec6fdfa53562517d4b5429c46f4c3fac525f03aaca860e2847ca31910259c76e76513f2dbea43a966c48368363eccdb7601c85060436ccd630cd5e2c382adf095c4ae01aea4ab6268aa86da4010ffbe52944e7def
access-control-allow-headers
Authorization,*
expires
Sat, 20 Apr 2024 09:13:27 GMT
pixel
analytics.tiktok.com/api/v2/
0
702 B
Ping
General
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1ae18b67
date
Sat, 20 Apr 2024 09:13:27 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240420091327D0D1DEB7AC63363719AF-2CFAAED2706A71FB-00
x-cache
TCP_MISS from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing
inner; dur=22, cdn-cache; desc=MISS, edge; dur=7, origin; dur=25
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240420091327D0D1DEB7AC63363719AF
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
25,23.220.105.199
x-tt-trace-host
01d6694c4d61b2f260fd54eccec6fdfa53562517d4b5429c46f4c3fac525f03aac7005c0a64a1347f68688e7edfa63aae42df69324cd8e6d1fd7f0bd038b50f7f8f538c6940bb03cb065a36782297d3618e634d981c5e4677f40e1c5803b149a29
access-control-allow-headers
Authorization,*
expires
Sat, 20 Apr 2024 09:13:27 GMT
pixel
analytics.tiktok.com/api/v2/
0
702 B
Ping
General
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1ae18b68
date
Sat, 20 Apr 2024 09:13:27 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240420091327F3CA039DDF21BFF19BAF-16CB4632668A0EA4-00
x-cache
TCP_MISS from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing
inner; dur=13, cdn-cache; desc=MISS, edge; dur=8, origin; dur=16
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240420091327F3CA039DDF21BFF19BAF
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
16,23.220.105.199
x-tt-trace-host
01d6694c4d61b2f260fd54eccec6fdfa53562517d4b5429c46f4c3fac525f03aacee0ee0c83bb872283ad4d09d032bac2c925ebadbb94d6ebdc7c6d9f77a5b682bc1e0d7dd3e9953113c88393bb5112731cde30e67f3dae9ae93744ffc9df4a6cd
access-control-allow-headers
Authorization,*
expires
Sat, 20 Apr 2024 09:13:27 GMT
pixel
analytics.tiktok.com/api/v2/
0
702 B
Ping
General
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1ae18b69
date
Sat, 20 Apr 2024 09:13:27 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240420091327A23A03CE769431935CD0-7B941CD4EB3FA807-00
x-cache
TCP_MISS from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing
inner; dur=28, cdn-cache; desc=MISS, edge; dur=6, origin; dur=31
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240420091327A23A03CE769431935CD0
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
31,23.220.105.199
x-tt-trace-host
01d6694c4d61b2f260fd54eccec6fdfa53562517d4b5429c46f4c3fac525f03aac67ef3d510952f97d5b8cbd9a53fa62794439d9bc36e199fbba9e645e66bd8649d166837a27638a726bd96bafc3030563a46a5291b22cb1a7c788ab346d4851e4
access-control-allow-headers
Authorization,*
expires
Sat, 20 Apr 2024 09:13:27 GMT
exist
srm.ba.contentsquare.net/
2 B
94 B
Fetch
General
Full URL
https://srm.ba.contentsquare.net/exist?v=14.5.1&pid=1926&pn=1&sn=1&uu=85da9644-e081-a42f-d7d5-90657fddcedf
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.47.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-47-228.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 20 Apr 2024 09:13:29 GMT
content-length
2
content-type
application/json
productratings
www.elfcosmetics.com/api/v1/
84 B
871 B
Fetch
General
Full URL
https://www.elfcosmetics.com/api/v1/productratings
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11109/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
165.254.198.118 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
241d7275d3ab0df4b2192ab22047bc4172b40e68350109c0bca4b1d2c1d27ee4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 20 Apr 2024 09:13:28 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 c31337642f54c5bd34bb485701d02e8a.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
84
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
11163e92-be81-45ac-9906-e2b5ff078faf
x-yottaa-optimizations
ob/1000 si/32D1a5fec676-1713544935-5840286013 tts/1710864117856 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
WhIQ1GHNCYcEqNg=
content-length
106
alt-svc
h3=":443"; ma=86400
etag
W/"54-EveEt1ybN7wOs/v2RXogqRA/4RA"
x-amzn-trace-id
Root=1-66238738-3d5156622469b1f62ba40d5c;Parent=5903d2ed4f984ceb;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
3221a5fec63e/[460,458,-] 32D1a5fec676/[-,463.216]
x-amzn-remapped-date
Sat, 20 Apr 2024 09:13:28 GMT
x-amz-cf-id
sCI2jtZaPHJ2geS1d8a-lTZLgWhs_5sv_ZFrmGJSEjxmAXBIuUos1A==
script-tag.js
cdn-scripts.signifyd.com/api/
10 KB
3 KB
Script
General
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-121.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 08:51:15 GMT
content-encoding
gzip
via
1.1 7d7c52d1848969f2077d9502aa06f40e.cloudfront.net (CloudFront)
last-modified
Wed, 10 Jan 2024 11:26:22 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P2
age
1334
x-amz-server-side-encryption
AES256
etag
W/"d34fe38d39e71cd6ace9ab1bfc0bb10a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
P_RCdivcI_at2UKIa9qlwJ0JeGWH6CyoYCqVQ8PhgAk30FVMVxGQWg==
index.html
www.paypalobjects.com/muse/analytics/ Frame 3130
0
0
Document
General
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chf/16CA) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16754
content-type
text/html
date
Sat, 20 Apr 2024 09:13:28 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc+gzip"
expires
Sat, 20 Apr 2024 10:13:28 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
bfec2026aa968
server
ECAcc (chf/16CA)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000bfec2026aa968-bab62cd5198c8647-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
main-v2_c24410c35e5d87b630f3d54a49f2b820.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/
486 KB
106 KB
Script
General
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_c24410c35e5d87b630f3d54a49f2b820.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e2e032414af88512367db0555f566e941050b9618167bb97dc795e7635f1fd71

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 19:25:32 GMT
content-encoding
br
age
136076
x-guploader-uploadid
ABPtcPrvzAMBSxejF22N5cyc18cTMWTUvLCr2bIGqmWwl0ElbFytvEHyG6gjLRw51TegJNpEsA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
108148
last-modified
Thu, 18 Apr 2024 19:25:27 GMT
server
UploadServer
etag
"94eec0687b93ad1f90569cf639841e9c"
x-goog-generation
1713468327468057
x-goog-hash
crc32c=jzjaEQ==, md5=lO7AaHuTrR+QVpz2OYQenA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
108148
accept-ranges
bytes
content-type
text/javascript
cjs_min_1e55b565811f11b08485230cf1d150d6.js
assets.bounceexchange.com/assets/smart-tag/versioned/
49 KB
16 KB
Script
General
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 11 Apr 2024 07:42:21 GMT
content-encoding
gzip
age
783067
x-guploader-uploadid
ABPtcPqiSjB_cFFOmzluzErI8K8FOIw6-QEyHz3ZBEyMgAPFOeNzgHmHgmkdVdtSqQHsPz1gcOLjX2GDhyVxnWw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15751
last-modified
Wed, 13 Dec 2023 16:23:11 GMT
server
UploadServer
etag
"d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation
1702484591435387
x-goog-hash
crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15751
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
/
data.cdnbasket.net/
14 B
338 B
XHR
General
Full URL
https://data.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.228.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.228.117.34.bc.googleusercontent.com
Software
/
Resource Hash
b22b582a5029683d1b1c4ec1c2e477d06ca83788c3bdb5ea5282ee9ec589a91e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:28 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/
14 B
338 B
XHR
General
Full URL
https://page.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.10.121 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
121.10.149.34.bc.googleusercontent.com
Software
/
Resource Hash
f48e1c94c7d30bfffbfa8b23bedc100848a4a50794a0df3638c2055ffc22a4b5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:31 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/
14 B
338 B
XHR
General
Full URL
https://view.cdnbasket.net/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.190.89.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
82.89.190.35.bc.googleusercontent.com
Software
/
Resource Hash
b75e6aa2727f6d205675bfddd4d26e2cdd510591394611d8adaa38f534e5218c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
act
analytics.tiktok.com/api/v2/pixel/
0
701 B
Ping
General
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1ae19225
date
Sat, 20 Apr 2024 09:13:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240420091328D0D1DEB7AC6336371A09-44CD9A6F29E1F632-00
x-cache
TCP_MISS from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing
inner; dur=29, cdn-cache; desc=MISS, edge; dur=9, origin; dur=33
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240420091328D0D1DEB7AC6336371A09
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
33,23.220.105.199
x-tt-trace-host
01d6694c4d61b2f260fd54eccec6fdfa53562517d4b5429c46f4c3fac525f03aac7005c0a64a1347f68688e7edfa63aae4cdc02cd34e403d19a12cdcfa3785e248557a11708e24c19e74b78b445158ba8a4d3cfc2a56d2c6fddff17dd3da7f2842
access-control-allow-headers
Authorization,*
expires
Sat, 20 Apr 2024 09:13:28 GMT
ts
t.paypal.com/
42 B
245 B
Image
General
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1713604408297&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0
date
Sat, 20 Apr 2024 09:13:28 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
aac4fc46bdc19
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200074-BUR, cache-yyz4552-YYZ
pragma
no-cache
correlation-id
aac4fc46bdc19
traceparent
00-0000000000000000000aac4fc46bdc19-002fb159fc5e614d-01
x-timer
S1713604408.306742,VS0,VE93
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 20 Apr 2024 09:13:28 GMT
inbox-v2_749c9ccd613f1a40075d1e7b59caea42.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/
17 KB
5 KB
Script
General
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_749c9ccd613f1a40075d1e7b59caea42.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3a0cb24163d51976d5904bac47f896454a8bdbd333ebccc00ca9805645b165c4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 20:26:05 GMT
content-encoding
br
age
1946843
x-guploader-uploadid
ABPtcPqWV9GeyGbF91Z0aa2aqptSuFoMDPTwITUboHsju5FJKzu7Cmc_F0tZsPitlDuiRGVrKl2Q-7B9eQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5080
last-modified
Thu, 28 Mar 2024 20:25:50 GMT
server
UploadServer
etag
"d501c542732291fff75a0156b4700c01"
x-goog-generation
1711657550379643
x-goog-hash
crc32c=k9Hglg==, md5=1QHFQnMikf/3WgFWtHAMAQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
5080
accept-ranges
bytes
content-type
text/javascript
onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/
16 KB
5 KB
Script
General
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 20:26:04 GMT
content-encoding
br
age
1946844
x-guploader-uploadid
ABPtcPo5aOlawodZ6jxuI0MujtjU-61cPrqrir6zwJEddxOf3IJVa0AwJRQyHuAk1TF9exfevr0
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5003
last-modified
Thu, 28 Mar 2024 20:25:58 GMT
server
UploadServer
etag
"7ff99b6f1cea743cef749de91009e764"
x-goog-generation
1711657558214674
x-goog-hash
crc32c=qFvE1Q==, md5=f/mbbxzqdDzvdJ3pEAnnZA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
5003
accept-ranges
bytes
content-type
text/javascript
company_toolkit.js
cdn-scripts.signifyd.com/api/
4 KB
2 KB
Script
General
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-121.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:01:14 GMT
content-encoding
gzip
via
1.1 7d7c52d1848969f2077d9502aa06f40e.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P2
age
735
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
_8RMrvtI43M49_rqQiJjxcje2yevNO1UzGh1r_h_P6AlVms7VPy2vA==
xemc8kjvwfwq3lew.js
imgs.signifyd.com/
96 KB
14 KB
Script
General
Full URL
https://imgs.signifyd.com/xemc8kjvwfwq3lew.js?8qk3mfewko6ojwa6=w2txo5aa&fjy81pzqfqe3rv7u=L2VuX0NBLzFiZDYxMTFkZjViNTkwNWUwZjEwMGM1MDM5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
519a96acb570e00b0c294fbd484735eab1d5cf1d6c390c093af3b945ed88e9da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 20 Apr 2024 09:13:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
jquery-3.5.1.min.js
assets.bounceexchange.com/assets/bounce/
87 KB
31 KB
Script
General
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 30 Mar 2024 23:55:13 GMT
content-encoding
br
age
1761495
x-guploader-uploadid
ABPtcPqJsY2aWkauNSBdOHMNUZTp6I-mbfdMtYUjfuKaJIccn9lRsVdSGTIJ0ZsTYXIJhNcU__-oGnDtxQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31582
last-modified
Fri, 29 Mar 2024 14:00:26 GMT
server
UploadServer
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary
Accept-Encoding
x-goog-generation
1711720826244289
x-goog-hash
crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
89476
accept-ranges
none
content-type
text/javascript; charset=UTF-8
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=822726aa-22bd-49e2-a48d-2a01fbe0e8e8
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDgyMjcyNmFhLTIyYmQtNDllMi1hNDhkLTJhMDFmYmUwZThlOBAAGg0IuI6OsQYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=2be2ff0e7b95851672d417550bfb1a28907bc44e7abee961bfd8eb31298b3de16ac34734d8e453ee
37 B
292 B
Image
General
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=2be2ff0e7b95851672d417550bfb1a28907bc44e7abee961bfd8eb31298b3de16ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

content-type
image/gif
date
Sat, 20 Apr 2024 09:13:28 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
x-samesite
secure

Redirect headers

date
Sat, 20 Apr 2024 09:13:28 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=2be2ff0e7b95851672d417550bfb1a28907bc44e7abee961bfd8eb31298b3de16ac34734d8e453ee
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 5575
0
0
Document
General
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
1920518
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Fri, 29 Mar 2024 03:44:51 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Thu, 28 Mar 2024 20:25:37 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1711657537142702
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
ABPtcPr_XtiWf2OCyHo9FPqEzTTVccx7zIW_pBCWgfxxje24s-UgObBFRvX9EVRSzFCDRTtsuTE
KLxdky445vLs-2cy
imgs.signifyd.com/ Frame DC07
278 KB
47 KB
Script
General
Full URL
https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/xemc8kjvwfwq3lew.js?8qk3mfewko6ojwa6=w2txo5aa&fjy81pzqfqe3rv7u=L2VuX0NBLzFiZDYxMTFkZjViNTkwNWUwZjEwMGM1MDM5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
3f3138788abfc916e6dc1b7efcbdb0f29efd4050f350f5ade55b0e903f93f33a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
072e7b0d8e3a7eca
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
zpV0JfS908a5itOk
imgs.signifyd.com/ Frame DC07
81 B
474 B
Image
General
Full URL
https://imgs.signifyd.com/zpV0JfS908a5itOk?a23b7b59fdbf2999=Oo3fq95cqG0Wz2XWyE012najI-lE2Mn0HGZoZL4UtDj4FpAsShqmCPIy9Rb-dagJkXSa3FviACcisXOLU3RzCkTRcltuYElsoJrK4pMzDxPZk7FVdr2rc1nGITHutXOKo4ARq0E2e8A4ZBmMxd7UyIq8T2mKgOyl1bgQuHZUYP721HTs3Q
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
4QPrdYXIb751Y73a
imgs.signifyd.com/ Frame DC07
81 B
474 B
Image
General
Full URL
https://imgs.signifyd.com/4QPrdYXIb751Y73a?276256489ddd0234=9kVU_SWmcuITydRYxH9XNtOx90a6KknjWKPbtGCwyP76_fTvrxlAFxrLgWkn22Yip2se-oBm9_nP8UiR6YM5O_Viyi2jEUmKjb4Kq27qwP3jO1nUWvvlF1nMN4_eYzJVpin3BrWuXbL89BF47zwYS3hEZkxvnIYRKNqx_ezrGGldF_vV0g
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ts
t.paypal.com/
42 B
245 B
Image
General
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfo&cust=F5S4QS7CQRFWS&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=8&identifier_used=DFP&e=im&t=1713604409215&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0, 0
date
Sat, 20 Apr 2024 09:13:29 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
f3cf1de6a521e
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200113-BUR, cache-yyz4552-YYZ
pragma
no-cache
correlation-id
f3cf1de6a521e
traceparent
00-0000000000000000000f3cf1de6a521e-feb899a4566380e7-01
x-timer
S1713604409.225334,VS0,VE91
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 20 Apr 2024 09:13:29 GMT
clear.png
imgs.signifyd.com/fp/ Frame DC07
81 B
536 B
XHR
General
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
*/*, w2txo5aa/072e7b0d8e3a7ecal2vux0nblzfizdyxmtfkzjvintkwnwuwzjewmgm1mdm5
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 20 Apr 2024 09:13:30 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Sat, 20 Apr 2024 09:13:30 GMT
Server
Apache
Etag
2af36cc818d34a54896c87890127b8f1
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Thu, 19 Apr 2029 09:13:30 GMT
Vb1znXa89etIDN9K
imgs.signifyd.com/ Frame E45D
0
0
Document
General
Full URL
https://imgs.signifyd.com/Vb1znXa89etIDN9K?caac687813e0fab9=j0R1_8h4wGKMbO6XicDp0xEwQUo_tXiaYaOalBHdpualF1kr8Sf3uIFBO5hvg0wqMuSJxApSE3LnbOJN_OuIoX1McRZr3O0nXn-61rNHosUXBz9rGwptxKlL0Vqo9MJhBAnL4Q6rd3Cgz7jH9shxf32yMwPrglJ-MAuwg3vk2vGwbo5AkTy5Cxa6tyP1kMdoMDf1MsQRlac1--RlXlUbAlLmuc2VRg
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 20 Apr 2024 09:13:29 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
lAZRmz5aXHmlazdI
imgs.signifyd.com/ Frame DC07
0
388 B
Script
General
Full URL
https://imgs.signifyd.com/lAZRmz5aXHmlazdI?c6525c6b4ba206b8=4ditvNNIMFgvs9_5aExbDoBVNsBtAmQvuSAHyvQQDH6SgGBF_Jp9ZZmuVFkpdM4VIFcInX4TwbzQnksLfoyVDgIUVshrno0CwoMj2wu--7FBC54Yn4U-hUC0ixHrJ43CxYdyKKXxYIzyu0lHPN7vzINwUVSXSpxpxDXswA&jb=3b34246c7b613733316b66316c323e3a3861673e683e606a6f336b346e3731316b3c643a3a353b
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
YjyUuH_80CPfiFUU
h.online-metrix.net/ Frame 3C32
0
0
Document
General
Full URL
https://h.online-metrix.net/YjyUuH_80CPfiFUU?00310ad782da3d5f=S7lY2TirCbiMXRrnRDGTXAcFg7o5Wv74RRvMzGbMQj11rhHYVwqRSRYXNCdJh5H41dwpKayaxy8M9tJftvjSBxPXl6swJV0V3orfr6tFwV3ONZL5BC2-DCloZY784ss15Vm5W8VEP4Yt5Gy-skFtm2TnH3oZ9fcOViK2RNLHQJsTjZ7ur03TsuxmBqMBJOClWrecKu8gdy7CbKj-0RNSixsQmPHSMOU
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 20 Apr 2024 09:13:30 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
XvFXJNWqwZkC95EU
imgs.signifyd.com/ Frame 5F6A
0
0
Document
General
Full URL
https://imgs.signifyd.com/XvFXJNWqwZkC95EU?75b992039436bd59=3QUhRTm3alAkMMVZAS2k0TNZMo0YB4CKkQOGa41j4HFbvrGAp0xc7msYlYG5lSW5wYDYP8BKudBAic9n5vosJDXl6DUCgsnkyX9mNJ8nOw_UaxvBIaiLSlMe5EOnzZPUSQCSaVM9WCCpWgjgLcLz7KQMvQdoTD-06Lvbtfx3n-xmyXplw-xBAOZr3E9MWJtYKGLMWsOHP00KYy8KulhwslDutKZoSu0
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 20 Apr 2024 09:13:29 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
lAZRmz5aXHmlazdI
imgs.signifyd.com/ Frame DC07
0
218 B
Script
General
Full URL
https://imgs.signifyd.com/lAZRmz5aXHmlazdI?c6525c6b4ba206b8=4ditvNNIMFgvs9_5aExbDoBVNsBtAmQvuSAHyvQQDH6SgGBF_Jp9ZZmuVFkpdM4VIFcInX4TwbzQnksLfoyVDgIUVshrno0CwoMj2wu--7FBC54Yn4U-hUC0ixHrJ43CxYdyKKXxYIzyu0lHPN7vzINwUVSXSpxpxDXswA&ja=3a3231392e26693f253e3a382c7a353e382664373b3c3238723138323a246164373b3632387a393238302e73707b3f3638783c322e6e727a373124393e3032263b38323826313c323a2e31303a3a2c333e32382c3932383024333430382c3b30383a2e3e3a2c3e382e6d7637383d643d3b6439333e3b6534686c323231603e366a643b383f6032616e3369362e676c3538267b6b6c3d303e2c666a3562747e72792733432f3846273a447f777f2e6d6c6e616d7365657e6b6b792c6b656d2d3a4e656c55494b273a4c65666427616f71676f746b6b2f6b72616d616e696e7126786c37372e7a6a356f38383a6c66633f3f3f333139663e676867383b333965603c6331393a3938642e6a6a3d696169323c32336b3f653e386c613169686e35693e366b30323239346f3e35672e687b6f3557616e6c6d75732d323a33392c687b683d4b607a6f6f6f2f38323938342c68796d753f5d636e6667757b2662736a7535416a72676d6f24666261353e382e666c6d3f322c646f7c7a3d3a247e78643f4b676570616169253a465e6166616d757e657824656b7660783d3c383833663b6938606d693038673c6163373c3a303a3a636c313d353c30396466343d3832333c3b663e6f61693a3c6461333e6b646a6e3738313b31313b3c6b26667a3f60747c707b253b4327324e2538447f7d75266f6c6e6b67736f6f7e63617b2463656f2f304667645543432d304e656466256367716f657c69692f6b786b65636e69647b2672377a66776f636e55646663736a2f3f4564696e7b65297064756f6b6c5f7f696466677d715767656c61695f72666b73677a2f354f646b6e73672b7a6c776f6b665f696467626d5d63637a6f68637c2f374d6c61647b6d2172667f6d6b6655717f6b6969746b676f25374d64696c7b65297064776569665f796a6769697f6b766d2d3d45646b667967297a6c7f65636c5f706f6b6c72646371657a253d456e636e736d217a6e7d6d6b665576646b57706e6b736f702d3f456c63667165237a667565616c57646d76696c7e7027354d666b6e7b6f237866756f61665f717c6d5574616f776f702f3745646b667367297264756f69665f626374612d354f646966716d2c6764576b3d756f686d6e5f6f624d4e2f303033243a2530382a47706d6e4f4c2d3032455b2538323a24322d38304b607a6f6f637f672b5f6f624d4e2f30304546594c273a324d532d32383126322732382845726d6445442f32384d5b25303a4d4651442f323a47592732323b2430273a324b687a6f65697d6f2b576d62416b7c5d676a41697c2d3a30556f684d4e4944474647556b6e717e6b6e616d6657617a7269797b2731422d323a47505e5d6a6665666c576d6b64676b7a2d39422f303a47585655696c6b785d6b6f66747a6f642731422d323a47505e5d6b656c677a5762776c6c6f70576261666455646c6d6b7e25314a273a304d585c5f6c677274605f696e6967722d39422d3a38455a5e556c6e676b74556066676e662f3942273a324d585c5f6e7269655d646d707e6a2d39402d38304d505c5f726566736567645f65646c71657655696c6365722d334a253a304d5a565f7b686b666d785d7c6f787c7d7a655d66656e273b482538324f5a545d7e6f78767d706d5f6b6f65707a677173616f645d6a7a766b2f334a2d3a3047525e55766d72747f706f5d636d677a72677b71616f665f7a677c6127334a2538324d5256577e65707c7d7267556c636e7c6f725563646b736d7e786f7261612d334a253a304d5a565f7c6572767d78675767697a7a67725d69666b6f785574655d6f6667672f3942273a324d585c5f7b524f4027334a253832474f51576f6c6d656d6e76556364666d725f7f6b64762531482f323247475b5f6e62675f7a676c646d72556f617a6f697a253b4a2d3232454f595d7b7e6164666b70645d6e6f726b7e637c697e657b253b402732384f4f51577e67707e757a6d57666e656b7e273b482538324547535d7e6f78767d706d5f6e6c67617c5d6e6966656b702d39402d3830474d5b5f766f727e777a6f5f626366645f64666561762d314a253a3047455b5d766570747f706d556a696666576e646f637e55666b666f617827394025303a45455157746d727c65705f69707061715f6560626f617c2f334a2d3a30554f484d4e57696f666d785d62776c6c65705764646f69742d334a2730305f4548454455616767707a6d7b73676e557e67707e75786755637376692f33402d3038574d424f4c57616d6d78726f717b6f66577e65707c7d7267556f7e612d39422f303a5545404d465f61676f78726d737b656c5d766570747f706d55677c69312d3b4a25303a5d4f404f465f696d677272677979656657766d787c757a65577131746b2539402d38325f4f424f4457636d677a78677b79656e5d7e6778767f78655d7b317c6357737a676a2731422d323a554d48454455646d6a7d675d786f64666d7865785d636c666d2f3942273a325f454a47445f6c6760756f5f796a696e677a79253b4a2d32325d4f48454455646f727e6a5f766f7274777a672d334a253a305f474047445f6e70697d5d6a7f666e6d7a732739482f30385d454845465d6c6d796f5f61676c7c6570742d334a2730305f45484544556f7d667461576c72637d2f39402d38305d4748454c5d7a656c7b6f6d665f656f6c6539342467645f623f303c643b69383c69303733683e3267696e383e34336364366b3d62376b3438386a3869643d3733362e776d6e7e374b667e65642d3a304b646924247f6d6c783f436c7467662f3232417061732d32384f78676c47442538324d64656164652e6b6b643f3b&jb=393732266471374f67706b6466612d3a4e352c3a2f3832205d69646665757327383a4e562d303831382e38253b4027323857636c3e3e273b48253a38703636232f3832497a7066675d676249637e25304e373b3726333e253a322a4b4054474e2d38412d38306461636527383a4d676b616f23273832436a78656d672d304e313a34263026322c302d323a51696c637a63253a4e3d333524393c
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=96
Content-Type
text/javascript;charset=UTF-8
eu46T-IMBikzJjTo
w2txo5aavabe2smcl37q5fus67byroflce7sjzk2072e7b0d8e3a7ecasac.d.aa.online-metrix.net/ Frame DC07
81 B
438 B
Image
General
Full URL
https://w2txo5aavabe2smcl37q5fus67byroflce7sjzk2072e7b0d8e3a7ecasac.d.aa.online-metrix.net/eu46T-IMBikzJjTo?0f7b67d67c8780b7=vD4uOD_w2OarGyFExI8hlIVA2wv3gD2bCNhzW_PdAB2OOlRXfRcSTsWgcgETKWNKun_9t4rsi1POBSoLwdG3ctDlhEP4r_bqfuPuSFRnUOB6t1jrsHtoIVavqsal0rs5J1Ce4v5FsPQf4msjM-I55f4gqoH6Y-YgZxeFBGA9PjkkTAI
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
WE4pwbd9HCfkjNa4
imgs.signifyd.com/ Frame DC07
0
218 B
Script
General
Full URL
https://imgs.signifyd.com/WE4pwbd9HCfkjNa4?2e104bd0ae1b5f28=ZtsCxqvYmGGH8-FnzOBV2e3d8PvZBUDRPYKnOn7nqEU0IBq1qC4SlWN3EzqS4r13IOxORs3_39tW176nmU8HQY7DtokKqVJiFubxEF9J3u7T7hR6VFOZi-9DYrQYECRnEvtYjqKsiSk-Jc_1A4NeaiqagiWusREVoU-pY2z3I7mSBDfyuhLCv-QC0Ftlrtl1nQUsmYzCehOHufG9_HEwHq93XrgbgQ&jac=1&je=3036242665656e6a3522312d3843392d3a43312f384937316e333a6768663236333d33603033396139653f353e3360376b6332323e33306c3e36386d6d64356c3f32643e3f653d373f366134323b39676b666a613d6221
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
Content-Type
text/javascript;charset=UTF-8
kksEKUH5lf0ZSdCG
imgs.signifyd.com/ Frame DC07
0
400 B
Image
General
Full URL
https://imgs.signifyd.com/kksEKUH5lf0ZSdCG?4a92f55a5987e544=c_6SXYzsw674k6MoCwnc4q32eXJs6Eg76oA6VHkTzyXH4MeDjAAT9n9pAp6G2dryl0dj9ppBF9mAWJNW9P6LkvYCpWyu89awnm8C0LjRuFgwSgaK66taY9pKaW_VnMv0Lx_WBtEi6lumcC0Hhh6ItSvAfphYfJs6DJ60L11dJ3WOkGs0mSBakLV_9TBnrE3c9mDoxm0xonxlQ3P1ToJ7Y3fPzlG8QQ&jf=3c3334267b696e5d7a6466357e647a574c4e6747427f46654d3553766b6831752c796966576669746d3d3937393134303c343a3b2e796b6c557471786d3d756f6830676b6e736b24796b645d616f793f3b323d393b303933383432373a6132343c32616d3964383a3831323c3a32306932363e3a696733663a393033383538333c3238303836313269326e3b3f683a3032393d6b6c30333c6b6e32396c64693669376466386b64323d3b6d333d343c666e6766323b34683b3b3b333d6b39316b6a373b38683a3a3b32313d326c6137343f6f38373160313339346e326c31303369363b646a3d343868633f696d653a6f3968336d3e613c67336030343a6f63606a3138373c662e7361665d7361673731383e3738383239383866336c336f356a68663c37333265303c6c65646a3330363e323c303966303239366c366c33676b6f633f6a3c63326f323b313a693732306c3536316e3339613e323a3238336a31313767396b343e343c38346b32323f303e36313e3232643c3a396b30333130343c6c383a69366d356b6130366e60326130363e663d68613e6938303b3c2671636c783f38
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=95
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
lAZRmz5aXHmlazdI
imgs.signifyd.com/ Frame DC07
0
387 B
Script
General
Full URL
https://imgs.signifyd.com/lAZRmz5aXHmlazdI?c6525c6b4ba206b8=4ditvNNIMFgvs9_5aExbDoBVNsBtAmQvuSAHyvQQDH6SgGBF_Jp9ZZmuVFkpdM4VIFcInX4TwbzQnksLfoyVDgIUVshrno0CwoMj2wu--7FBC54Yn4U-hUC0ixHrJ43CxYdyKKXxYIzyu0lHPN7vzINwUVSXSpxpxDXswA&jac=1&je=393334342e267a6f35646d2e68617c7b7c3d273d482f303a66657c67662732302f394133263238253a432d323a7176617c7579273a38273b4b253a3a6b6863786d636c6f2f3238273d4626637f6e683f6b633f6231653e653e3a33636b6169346e38633f6931313a313334393e3c603d69333b35333462366e3264663c3a3e30383330666d3664303b666966303e37312c65703b35633339693e67383f396f3a3b6630353d6c33646c60386430383f61313a3634693868676b39613b68267d69603d273d482f303a6b72696a637665617e7f72672d303a253b412d323a7a3a362d3238273a49273a3862617c666571792f38302d39412f3038343427383825304b273a326a72696e6c7127323a2539432d3f402d3d422d3a3a62706b646e273a382539432f3032456565676e6d273a304b687a6f656727323a2538412d38307e6f727b61676e2738382f31492f32383338362530382f37462d304b253f422d323a60706166642f303a2f31492f323a46677427394b4b2f4a786164662f303227384925303a746d727b69676e2d3030253b412f303a32273a38253f4c2d32412f3d48273a3862786364662530382f33432d303a436072676d61776f253a322f304b2f303a7c657a7b616f6c2f3838273b4b2538303b303427383825354c273d442d324b253a306475646c5c677a796b67644c617b7c2530382f39432d3f422f35482732306878616c6c273a322d3349253a3041687a6f676b7d67273a38253a4b2d32307c6f787161656e2f30382733432f3832333a36263026363b363f2c34302d3238273f4e273a49253f4a2d323068786b6c6c2f32382739432530384d6f6d6f6e6d253a304b687a6d6f652d3238273a49273a38766d7a7b696d642f38302d39412f3038333236243a2e343b343f2e3e302d323a2735442d3249273f48273a38627a6966642738382f31492f32384c65762d432448726366662d323a253a432d3030766d72796b6764273a38253b492d323033332432263a2e3a27383025354e2f35462d304b253a32656f6a6b6e652d3238273b4b646966736d2d3a43273838676d6c6f6c2f30382733432f3832273a302d324b253a32786e63746e6f786f2d38302d39412d3a3a576b643938273a382538412f303272666b7464677065566d727b69676c27323a2539432d3830393a2e3826382530382f38412d38327d6d7d343427383825314964696c7b652d374c247761643d2f354a2f303a687269666c732738382f31492f3548273d4025303868726366662d323a253b412d303047676f6d6e6d2f303849687a6765652738382f304b2f3238746f70736b656425303a273b412d323a313a3627323a253d462d38412d3d422d3a3a62706b646e273a382539432f30324c657e2531494325427a6166642d3030253a432f303a7c677a796967662d32302f394b273a38382f30382737462f3843273f402d323a627a61666627323a2539432d38304b6272676561756f2f3838273a492538307c67727163656e273a302d3349253a32393036253a322f354c2f374c2f324b2d3a326f6568636e6d2f32382739436663667965273a412d323a7064617c646d72652538302d39432d38325f616633302f3838273f4e
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=94
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
sgtm.elfcosmetics.com/g/
942 B
1 KB
XHR
General
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1244450778.1713604406&ecid=839026459&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=194915433.1713604405&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&sid=1713604406&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=4&tfd=10671&richsstsse
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
75a65666233dad1f160e22f4a6230aa9b2c3b656b5cc2117e73d68d467e6ed00
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 20 Apr 2024 09:13:31 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=134142092&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v91256401...
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1575003115&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1575003115&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v9125640115z889...
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1575003115&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v9125640115z8896...
42 B
64 B
Image
General
Full URL
https://www.google.ca/pagead/1p-conversion/698270988/?random=1575003115&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1647868181.1713604405&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=154.47.17.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&pscrd=IhMIk_738bnQhQMVTV1yCh0VkgzkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQB7FLtqtSImuQdaqQDrdiBHS_sA-UHd-qejTCAk8xmvkrX6Gsr_8fUW&eitems=ChAI8M-NsQYQh-u3r6P2kOg0Eh0A2yzU0sDwb1ZZ2Bq79Fv8W9EwW-j0iyJ0htjpug&random=980142945&ipr=y
Protocol
H3
Server
142.251.111.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.ca/pagead/1p-conversion/698270988/?random=1575003115&fst=1713604411531&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e44h1h2v9125640115z8896608294z99175401888za200&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1647868181.1713604405&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5&uip=154.47.17.0&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECCJjBsQI&pscrd=IhMIk_738bnQhQMVTV1yCh0VkgzkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HWh0dHBzOi8vd3d3LmVsZmNvc21ldGljcy5jb20v&is_vtc=1&cid=CAQSKQB7FLtqtSImuQdaqQDrdiBHS_sA-UHd-qejTCAk8xmvkrX6Gsr_8fUW&eitems=ChAI8M-NsQYQh-u3r6P2kOg0Eh0A2yzU0sDwb1ZZ2Bq79Fv8W9EwW-j0iyJ0htjpug&random=980142945&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
c
ids.cdnwidget.com/
441 B
780 B
XHR
General
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=107168010&GCS2=MTcyLjE3LjAuNywxMC44LjAuMzk=&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22ZfDpPoQvPn5wCjL%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A4%2C%22IDStageStart%22%3A4%2C%22netComplete%22%3A148%2C%22obsReqdata%22%3A403%2C%22obsReqview%22%3A1146%2C%22obsReqpage%22%3A3133%2C%22IDStagePrefire%22%3A3133%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-7%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%223362843766456382326%22%2C%22visitid%22%3A%221713604409889217%22%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.20.10 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
10.20.160.34.bc.googleusercontent.com
Software
/
Resource Hash
e361470ff3de6b5c5aae239d999d31c925acecc88fc4386136614cb1e52cf390

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:32 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
441
lookup
pd.cdnwidget.com/
49 B
205 B
XHR
General
Full URL
https://pd.cdnwidget.com/lookup?deviceID=2fMIF1NpvYgdTBvAmMWXbMWloVe&bxwid=6664&bxdid=3362843766456382326&visitID=1713604409889217&enableUID2=false
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:32 GMT
via
1.1 google
server
istio-envoy
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
27
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
init1.js
api.bounceexchange.com/bounce/
108 KB
19 KB
Script
General
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=1077&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHZ8BmANgAYAWK-AJnwFZDNgAvEKKuizAdwCmAIxypgAgPqoAJlDLyqmAE4CcIADZw0GApQoAPehV4qYApSqVRsAQ3XrUCAOYS4S9VAAWwYAAccAKQkAIIBdABiYeF8MQB0AuowSCA4ALYCaEg4scmpUQIIEgDCoREJMAC0yWkZqEhVSqipjnY4mABuqKLAEskgANaoAlABhABCYXTqvpNBpXTefoF0jCFhjBHrETF88YnV6ZnZuVvhBcWlG2eJVSmHdQ1NLerLdGFFk0qza3Rvv6MAEWwIAGQxG40m0hk33mJHIdAAHFQSIQFIwyCQEXQSHQyLM6B9fp1pDCiKRKDQKABOBEIqkMQjvSbtGGjCa-dQgJxOATSKQIGEwVoCJm-ATtcwSTnc3n8wXC0V0JA2JQ9ACOwAAnjCKIqcHAhM0fLKMN0Rf8QkKXubCVMuTy+Y4pNICmgYEMSRbglacDbJsrVfLrYqAz12nY4Oa3paFYQAYrpE5wqglDhgAAZEA2T3R4LAJSRxWeFXSACS8a9kzoMAAsqXwvhSwAVADKAE19PpCGqlGwAEp8RiattCYB0CCMABa+NtahgwHLrN+1brDYAcr52m2nNIm2N2sFUjWAOoADSEJ85ADUowmnKyIb8ugAFFSdEBwHBFT+gdJfL0+n6T44C2Bo4EgjRCOYQa+iGNhIJ4kjAK8cxkuQ1C0AwzCAoCHQqjgADa0oOvyAC6sDCnhqYEeKkrEbKjjkYBVGEaGEgapq5G8OG1H6oaYjiHyppiAITGUTxhH0Y6hQyK6qDuryYnWixBGhkpvoqWx4aaKJFHKRJBG+DYPISFqvi6cx7QujARH2gxMkuggboeupAgdNZqkqmGEYWZRfSDEhIJSiqPJ6RpQi+FAvAZJFBEAEShnFAA0CU2OITggEomrJQliFIP0H7ADlnggOkOW+EoIDSHAKA5b6KoIXFpGYL4yHWLkvgODYyCSDA6jGdY7TFtYxZKI6sgrvWjath2XY9v2g7DqO45Tpgc49DIUCTeum7bru+6Hie56XiAN5AA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ca2763ca7410ca287e66f07cbb473f94cbe4584a73b9b10bf4a6b9a43c5dd90a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:32 GMT
content-encoding
gzip
via
1.1 google
last-modified
Sat, 20 Apr 2024 09:13:32 GMT
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
34
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/
37 KB
6 KB
Stylesheet
General
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 24 Mar 2024 16:57:54 GMT
content-encoding
gzip
age
2304938
x-guploader-uploadid
ABPtcPpjZDvAxwcq9ZGHdQxrpCjYlA8ifGnMexZe68lfR-j4MFcL1w99CArSBsk51kCwydNmE8M
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6053
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
server
UploadServer
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
vary
Accept-Encoding
x-goog-generation
1670951542233151
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
6053
accept-ranges
bytes
content-type
text/css
visit
events.bouncex.net/track.gif/
42 B
97 B
Image
General
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJanUWItYdAGUUADMUJBAneld3VQAyUAgYJAQK5A6kHBbwKGgKPh40U3QEWCRSHDTISFNhanrjGno6NboBbcYEUgr4gjAcyBB4sEZDrM3aLAB9YNXluj2KgFpD44RT+I+arJ4KFIYH6bWgHTABFIsFOBEwuhwklUzGYoMGEKhMJAcIAnoidKjWoN4vBINlgNUQCgbJYwDhKC5tNRSAQ0BheHceDRqPIntQqsDcjzqKFqNQEMBkHcWWyEByuWLedyBYhuSFufFqpA7gBHSA4tVyPklYWi6hgWA2AHzOV3OFtIVKsUqx0i7ky9mczCc3hYU4VEByw18l1qt1izVISDB5VA1WK8PUSPainQx1G2OCsNm8YYO760zpkNxx0uAAiaJghwIEUD9MZ3N4IF4MbFcg81AAHOpXKoNPRVHJO9Q5NRPAmzaAW4qjZIXJIPMx1Op8stmCPNIngDGG+X1WLeGhaCAkGBIAECChpzyjZAkLBcma0tVeABJMut514V+0SSvsSlAAmrouguDqSBEAASgI9A4oBNiQNQACK9AAFrZtykIVJA76fvy36-iIpjAIBaC8GICjAMYWR4JwAAaNi0SyABqrpmoeO5MuAAAKHSgAQ8DBKS2TIMGoaJuApSWmA8Q1DYokzsY4lmpq8RpAg+ZLDexhzguyLLvkkj0C4DIfomFTANGim6YuBmmtyKAEMGJRmqQpifnMCxLCsNw3NsAi7PsnwnGcFxXDc9yPBF+wfEcIW-LJIAApgcYYWKKBabyLncsAxHBpI+7UNeTpFWl1BIJ+ZXxJZ+XzrZK72WKEDFUabwFYmaCycGA6FdcinZWKpA1dZdX6Q1hWalk4wgGgmCZRmDZigUA4FJu2kMkywDbv1hVDVZ2k2WN+SmYVBSqG2JmKRtOXbdpA3MsNB2jUu417omZ1tp2nE3c5u2Pbyh0vcde4gxW8DIBM2DQDYmRCMgODpJkORNODqAYFDkqntimD4oUMj4yjiBo360AWCgkAVAQSBZDgKj8EIUioqjkMwL6oDxN8OKFjgvpgBEZKmE0JJniJSDQM+MlwpjkByjgqIYAQ0CHLA2BIDihy+gjxhNArSsCar6sEL6chayIOsIIrysGylOQIygKW8Cg5uKx0aDYzgADyZu6672M2wgnvYJSBDO0rUB4mIVNwmSoemEckBAhrAd4PQ2u64c2A8H6Sc4CI2tZEbAeogItgOs2OB9holbl4DdlrhuTRs2cCDl+253dr2-aDsOo7NLmEqBgINdNIgOoPpgHPl6i8ThH6pw5GeKBTYiz12XI+RC7PQemCAmMQHCOAJ2gciNwPHM800kBpCeHLjFGOJ3CLxN3E2YDUpYvA4C6l9EAQODqDoEeAkkDnxLjYJoLMcCoyAdhH0OB8I-kkEREiZEKJURovRRinAWIICaM+JA8pP4IN-P+ICIEwIQWgrBeCiEUKoSAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:32 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/
42 B
165 B
Image
General
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmAAbAAOLz-MxAywgSSDIQGHD4IgFWj0RjwFjsNT8QTCUR2CQyeQSdiqHjkzQcbS6fSGZGAiwg8EvWxcDKOSCYbZc8zArhguCvervTCkYCc54SyxSvnSKEwgAsAE4vABGIxiYCWXjATAtY12U24DhsS3W80oQgWq0mxBgYBuoy8LjLR3wCDOYajJZw2Gw7VGWCh8MGw2kWEtbXag15ACsLSopGjy1gHAg4dISao8O1pC8ke1GdhpHhOaosPFQPjRniNRukkLbY46DgknwOncuBA5swCYNSZTaZzCeN-ZWIGAMCgaWGg0wo7ApCM+aEMJCRlw2BgqDCoAO9U1tlQAOkIRghBcbhCopOx8hXEw2qoVsIXBoIWmBBs4RgAoOmDWGk7ZcGw1ThjEACyACSNAGgAcsAUAAJpgCEAAqPhQOQvBIQA6gAGs4FGBAAahARjYI4ORvshaEGihBEAMo4QAHnxXg1KgkIAErwBm9Q4c4uBUAAihmABaQA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:32 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/
92 KB
92 KB
Image
General
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 11 Apr 2024 04:02:59 GMT
age
796233
x-guploader-uploadid
ABPtcPpYdl5jdNVgPOvo29e_vEILjlt8YwELwqA-_uO6EwpSB7aHCaFhk1ce-_ET4mZKYIgCbFyMJgVUwA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
93895
last-modified
Mon, 08 Apr 2024 16:27:35 GMT
server
UploadServer
etag
"6aa18944a3ad2c224d37dafb46afa35f"
x-goog-generation
1712593655184176
x-goog-hash
crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
93895
accept-ranges
bytes
content-type
image/jpeg
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/
18 KB
18 KB
Image
General
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 24 Mar 2024 18:05:51 GMT
age
2300861
x-guploader-uploadid
ABPtcPqFkfYYbtKXAtMLvHFRJ_vTeReNpnW8ypTq8jr9UDiyyq3uiKmMzqkG7MDqMfFQzc2IONrQcctQQA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/
2 KB
2 KB
Image
General
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 11 Apr 2024 01:51:57 GMT
age
804095
x-guploader-uploadid
ABPtcPoGyJ8t0rp5sEZpD6nmVD6N1vPrAV2qxpdbnuBtlnM2Fm0Ows9LiDwqeWW6-qPU-8TgUMO-CPLBOA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2419
last-modified
Thu, 01 Apr 2021 03:01:32 GMT
server
UploadServer
etag
"16f45df19355361dc1c101036c0035b0"
x-goog-generation
1617246092060079
x-goog-hash
crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
2419
accept-ranges
bytes
content-type
image/png
eligible
events.bouncex.net/track.gif/
42 B
95 B
Image
General
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIDMANgAMAFk1yATHICsCsnACO8sqRB8AdpwD6EYFBxlRPAA4EIIG05y6mqq6usrGUCyoyJg4CCw20QAeZAQgmHY4AFZQZDxMwDHqZADumEgQnJj+qjWaZIxQFf6KKhraeroG6qF1BYzR-spqugAcmmG1BqrKI6G6qmReaYyYxc2WmKZw6QPAAW5EEOmcnBB8UJwEnvJKalo6geoAnAdHdgQeEPTYjUw2OJcQMoKAwINEcMAyJxxBBUMB7F5UJwAJ72C5MVCpTD2YDQAgIIiYPaEEjkTgALyYOE0uiKETwDn8ujwAFkAJIAMTkADkPPQAJogYBSABC9AAgjwWQB1AAaCBlRCYADVyOICHDHHtmeyuWyZPzEokFKZUOSAErFAzI-kITi6ACKBgAWkA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:32 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pop
events.bouncex.net/track.gif/
42 B
95 B
Image
General
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBhAQRLPH12PjoMAeQBy3cpVrw0uWs1aiuVAI4YAjIWiRswSPGJp4TDACYALADZTpgMwB2QgGdq+aKwBG1NO4AehSFJaDAArJ0JsEBYMAAZCAHdcDyd4WFxjDEss80JEeBSEE3V7dVtLGPNzdRsAVhi7HJY89wzbMtMADnMHbJrLWw67U0tCPVI83HiMzSdcFSo5FpNbLQAbeDlYHFwnWB1gDRKyiqqLarWN2khgJAIUoT3iFab4dwwmQlgAC3h8JgB9PT4WD0f67ED4QK4f5MfKQDyrXAmABmkFWs0+AC8QBhzKY4i5kbB-hlTMiALIASQAYupRMBEABNYhMAAqACFEBxsOSAOoADQ8fNWIAAarhCF9IH8SSYyVTaZTWQBlRm+Xz2FT4TEAJXiNXojI8sFMAEUagAtIA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:32 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
eligible
events.bouncex.net/track.gif/
42 B
95 B
Image
General
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIDMANgAMAFk1yATHICsCsnACO8sqRB8AdpwD6EYFBxlRPAA4EIIG05y6mqq6usoAHJYsqMiYOAgsNjEAHmQEIJh2OABWUGQ8TMCx6mQA7phIEJyY-qq1mmSMUJX+iioa2nq6Buqh9YWMMf7KarphmsoKdQaq4aG6qmRe6YyYJS2WmKZwGYPAOPXIRBAZnJwQfFCcBJ7ySmpaOoFdbkcnBB4Q9NhNTDY4VyBlBQGBAYjhgGROOIIKhgPYvKhOABPeyXJioNKYezAaAEBBETB7QgkcicABeTH2umKUCYeAc-l0eAAsgBJABicgAch56ABNEDAKQAIXoAEEeMyAOoADQQ0qITAAauRxARYY49ky2ZzWTI+UkkgpTKgyQAlEoGJF8hCcXQARQMAC0gA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:32 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/
32 B
49 B
XHR
General
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
7586f9164e6bc95d916e3828d687c85f77cf253b34a5908fffa5f6f17dfd0d72

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 20 Apr 2024 09:13:31 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
graph
idr.cdnwidget.com/
0
135 B
Image
General
Full URL
https://idr.cdnwidget.com/graph?cookieID=2fMIF1ITSYxx7qrzRw5yYbt2Q5Z&deviceID=2fMIF1NpvYgdTBvAmMWXbMWloVe&bxdid=3362843766456382326&bxvid=1713604412250234&bxwid=6664&gm=true&apikey=2^HIykD&loadID=ZfDpPoQvPn5wCjL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Sat, 20 Apr 2024 09:13:32 GMT
via
1.1 google
x-envoy-upstream-service-time
0
server
istio-envoy
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
id_sync
events.bouncex.net/track.gif/
42 B
60 B
Image
General
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2fMIF1NpvYgdTBvAmMWXbMWloVe&source=web&agent=cjs&deviceid=3362843766456382326&visitid=1713604412250234&websiteid=6664&pageviewid=1&sequenceid=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:33 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
lAZRmz5aXHmlazdI
imgs.signifyd.com/ Frame DC07
0
388 B
Script
General
Full URL
https://imgs.signifyd.com/lAZRmz5aXHmlazdI?c6525c6b4ba206b8=4ditvNNIMFgvs9_5aExbDoBVNsBtAmQvuSAHyvQQDH6SgGBF_Jp9ZZmuVFkpdM4VIFcInX4TwbzQnksLfoyVDgIUVshrno0CwoMj2wu--7FBC54Yn4U-hUC0ixHrJ43CxYdyKKXxYIzyu0lHPN7vzINwUVSXSpxpxDXswA&jac=1&je=3a3724267f69633f393d30263b37263826372e3b3a243a263a2e393b
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/KLxdky445vLs-2cy?6bf767c9826ae7fc=ao91GTE-GnBq-eITj3YwfNDWlMo41lEEQbUkPb6j5pDbSXbOx8n4Epo3P19EYjADBgs9TqACvLL7alPgJpgi1pujGRVdjuRsHmCBU5ZyJk5-CJ3dp2M661k1gv8ad-Ucc9zWYm6-xU9yGSUNRx0GnzTRHNkB_nR0l6qCMM4ZDtwG3Aw0FfWOhC_1-fO711e9EdZe7M4M0dysikzJNAU-sekS7yU&jb=3d3b242662736577355d6b666e6f7f7b2e6a7165375d6b666e6f7d712f3030333b2c6a716a7735436072676d6d2468736a3d496a7a656f6d2f3238393a34
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:33 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
display
api.usehero.com/webplugin/
189 B
1 KB
XHR
General
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&state=untouched&outboundFeature=
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.7.166.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-7-166-131.compute-1.amazonaws.com
Software
/
Resource Hash
d531dc1df6c1e47743342e90cd4ca27a2f21dd4e2e15692576da1d793bbb89f4
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
eba7845a-6515-4d9a-8fa6-428cc6331ca3
cross-origin-resource-policy
same-origin
x-geo-longitude
-79.36230
pragma
no-cache
referrer-policy
same-origin
etag
W/"bd-NPzM9tmnCxqS1Gpt8i4zQva343Y"
x-frame-options
SAMEORIGIN
x-geo-zip
M5A
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
43.65470
x-accuracy
20
expires
0
date
Sat, 20 Apr 2024 09:13:33 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/Toronto
x-envoy-upstream-service-time
12
content-length
189
x-xss-protection
0
x-request-id
eba7845a-6515-4d9a-8fa6-428cc6331ca3
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
CA
x-geo-city
Toronto
1638306756445368
connect.facebook.net/signals/config/
68 KB
14 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.154&r=stable&domain=www.elfcosmetics.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
03f75fe69f0db79ae7b1f31af46cf0eb412c23d8d0a19cb8b1cf16a35fcf7ca1
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 20 Apr 2024 09:13:33 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14210
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=17, rtx=0, c=62, mss=1380, tbw=63207, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
RlC0ct9lMUdLONiNnXATnj+ozZ19b67QyIYkjD3SRD+gMlba6DVUsH2HIfA6SyH4wG3tSNEu2JgobxgWqYOUnA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1713604413771&sw=1600&sh=1200&v=2.9.154&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1713604413766.1115491517&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1713604413713&coo=false&eid=1713604888562_171360484442415&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=17, rtx=0, c=10, mss=1380, tbw=2754, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 20 Apr 2024 09:13:33 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
5013978.js
bat.bing.com/p/action/
0
117 B
Script
General
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Sat, 20 Apr 2024 09:13:33 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: AB30925ACC1742C9A17C22B3ED02B932 Ref B: YTO01EDGE0520 Ref C: 2024-04-20T09:13:33Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/
0
362 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=9b7db8f9-a076-4c1c-8bf8-6a11ff86d227&sid=433fd5a0fef611ee95a6ed68fa2e7c4f&vid=43402180fef611ee9d255135f39f9baa&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=5097&evt=pageLoad&sv=1&rn=22
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sat, 20 Apr 2024 09:13:33 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 3E2878C6ED4D4F3EB68DC8A7ABB73D0B Ref B: YTO01EDGE0520 Ref C: 2024-04-20T09:13:33Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
log
www.paypal.com/credit-presentment/
0
1015 B
XHR
General
Full URL
https://www.paypal.com/credit-presentment/log?disableSetCookie=true&features=disable-set-cookie
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Sat, 20 Apr 2024 09:13:36 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f7321672da484
server-timing
"traceparent;desc="00-0000000000000000000f7321672da484-d8641121f4876cd8-01"";content-encoding;desc="",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200150-BUR, cache-yyz4527-YYZ, cache-yyz4527-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f7321672da484-324fb59871b826ba-01
x-timer
S1713604417.845369,VS0,VE126
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
log
www.paypal.com/credit-presentment/ Frame
0
0
Preflight
General
Full URL
https://www.paypal.com/credit-presentment/log?disableSetCookie=true&features=disable-set-cookie
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Server-Timing
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Sat, 20 Apr 2024 09:13:36 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f7321679c1a7d
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f7321679c1a7d-74941f9de340b9c6-01"";content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f7321679c1a7d-280517c516563b83-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-bur-kbur8200058-BUR, cache-yyz4520-YYZ, cache-yyz4520-YYZ
x-timer
S1713604417.713036,VS0,VE113
px
secure.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.155 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:37 GMT
an-x-request-uuid
80bbca69-569d-4672-82cf-073b75b329c8
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
154.47.17.2; 154.47.17.2; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
widget.js
js.jebbit.com/companion/v1/
44 KB
0
Script
General
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-21.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
R3KY_K4A_1J6MbzxdLc7TwnPZXsf4837
date
Fri, 19 Apr 2024 14:53:01 GMT
via
1.1 4208b3c43704306e2eddbba95ee93dc4.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-C1
age
66027
x-amz-server-side-encryption
AES256
etag
"cc4e73d84c409b310a274ca12ee462bc"
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45249
x-amz-cf-id
L6dzWnAitpphTRFDfeSfPKaIXy8Nent1fN85aLpfc-T7oAgwV6wvYQ==
i.js
tag.wknd.ai/6664/
17 KB
43 B
Script
General
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
fa231056681e8d80c926f3a7c027699435f2dac18f21543b74fc144912bd88f4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:27 GMT
content-encoding
gzip
via
1.1 google
age
10
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5537
server
istio-envoy
etag
eafeb909ea8ada
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
events
c.contentsquare.net/v2/
0
319 B
Ping
General
Full URL
https://c.contentsquare.net/v2/events?uu=85da9644-e081-a42f-d7d5-90657fddcedf&sn=1&hd=1713604407&v=14.5.1&pid=1926&pn=1&str=1670&di=2090&dc=4496&fl=4513&sr=18&mdh=6759&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.91.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-91-59.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:37 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
recording
k-aeu1.contentsquare.net/v2/
0
201 B
Ping
General
Full URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&v=14.5.1&pid=1926&pn=1&sn=1&uu=85da9644-e081-a42f-d7d5-90657fddcedf&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.189.86 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 20 Apr 2024 09:13:37 GMT
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
collect
sgtm.elfcosmetics.com/g/
65 B
85 B
XHR
General
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je44h0v9125640115z8896608294za200&gcs=G111&gcd=13v3v3v3u5&npa=1&dma=0&cid=1244450778.1713604406&ecid=839026459&ul=en-ca&sr=1600x1200&ir=1&ur=CA-ON&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&sst.rnd=194915433.1713604405&sst.gse=1&sst.etld=google.ca&sst.gcd=13v3v3v3u5&sst.adr=1&sst.ude=0&_s=5&sid=1713604406&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1713604888562_171360484442431&ep.email=&ep.phone=&_et=10987&tfd=16682&richsstsse
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:37 GMT
via
1.1 google, 1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
eligible
events.bouncex.net/track.gif/
42 B
60 B
Image
General
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7HIDMANgAMAFk1yATHICsCsnACO8sqRB8AdpwD6EYFBxlRPAA4EIIG05y6mgaqgZqWLKjImDgILDZRAB5kBCCYdjgAVlBkPEzA0epkAO6YSBCcmP6q1WGMUOX+iioa2nq6Buq6ymH5jFH+ymq6AByaygo1wcrDXbqqZF6pjJhFjZaYpnBp-cA4Bm5EEGmcnBB8UJwEnvJKalo6CmrzyIfHBB4Q9Nj1TDY4lyBlBQGBAojhgGROOIIKhgPYvKhOABPewXJioFKYezAaAEBBETC7QgkcicABeTBwml0hSgTDwDn8ujwAFkAJIAMTkADkPPQAJogYBSABC9AAgjwWQB1AAaCBlRCYADVyOICLDHLtmeyuWyZPyEgkFKZUGSAEpFAxI-kITi6ACKBgAWkA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:37 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=61590415&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dp=%2Fen_CA%2Felf-cosmetic-criminals&ul=en-ca&de=UTF-8&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=1244450778.1713604406&tid=UA-432816-1&_gid=248703762.1713604406&gtm=45He44h0n81WL3STMXv896608294za200&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=CA&gcs=G111&gcd=13v3v3v3u5&dma=0&npa=1&z=639895809
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.36.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 19 Apr 2024 19:11:37 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
50520
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
cnv
cnv.event.prod.bidr.io/log/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=4ba94b30-bf17-47f6-8466-c227f2e798bd&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=Ne...
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=85e67416-a19a-4463-a245-b4dcc22350a5.&ord=6662198186783525490
43 B
560 B
Image
General
Full URL
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=85e67416-a19a-4463-a245-b4dcc22350a5.&ord=6662198186783525490
Protocol
HTTP/1.1
Server
52.73.200.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-200-224.compute-1.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
Date
Sat, 20 Apr 2024 09:13:37 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 20 Apr 2024 09:13:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-requestid
5c49795e-f02d-4580-924f-826e2c76d24a
x-amzn-trace-id
Root=1-66238741-3b8bf00a4d293229536d4d60;Parent=4f1d6dd2e000c32c;Sampled=0;lineage=07bbc27a:0
content-type
application/json
location
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=85e67416-a19a-4463-a245-b4dcc22350a5.&ord=6662198186783525490
access-control-allow-origin
*
x-amz-apigw-id
WhISSEbLIAMEKGg=
content-length
2
/
www.facebook.com/tr/
0
126 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1713604417395&sw=1600&sh=1200&v=2.9.154&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1713604413766.1115491517&ic=gtm&ler=empty&cdl=API_unavailable&it=1713604413713&coo=false&eid=1713604888562_171360484442431&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=17, rtx=0, c=10, mss=1380, tbw=3107, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 20 Apr 2024 09:13:37 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
rp.gif
alb.reddit.com/
42 B
98 B
Image
General
Full URL
https://alb.reddit.com/rp.gif?ts=1713604417397&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=7ef82b72-f875-421d-9393-433430e09d15&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:37 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
pageview
c.contentsquare.net/
0
319 B
Image
General
Full URL
https://c.contentsquare.net/pageview?ex=&pvt=a&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6761&ww=1600&wh=1200&sw=1600&sh=1200&uu=85da9644-e081-a42f-d7d5-90657fddcedf&sn=1&hd=1713604417&v=14.5.1&pid=1926&pn=2&r=700371
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.91.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-91-59.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:37 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
display
api.usehero.com/webplugin/
129 B
1 KB
XHR
General
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&state=untouched&outboundFeature=&visitorId=683e8027-e29b-4255-ba32-8e8b1d510e23
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.7.166.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-7-166-131.compute-1.amazonaws.com
Software
/
Resource Hash
f728b2a3472bdb7b12fe2b3ad324f86306d5ebfd9a22970cdb9d75865437181f
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
d6478653-12db-4ed3-ab41-70c39bb29ce5
cross-origin-resource-policy
same-origin
x-geo-longitude
-79.40570
pragma
no-cache
referrer-policy
same-origin
etag
W/"81-DUL/7m3RpQ4iaY5LE5GkpykgL0I"
x-frame-options
SAMEORIGIN
x-geo-zip
M5A
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
43.70900
x-accuracy
20
expires
0
date
Sat, 20 Apr 2024 09:13:37 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/Toronto
x-envoy-upstream-service-time
14
content-length
129
x-xss-protection
0
x-request-id
d6478653-12db-4ed3-ab41-70c39bb29ce5
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
CA
x-geo-city
Toronto
/
ct.pinterest.com/user/
35 B
400 B
XHR
General
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22pin_unauth%22%3A%22dWlkPU9XSmpNR0ZoTldNdFlqTTJaQzAwTm1SbExXRmlZekl0TW1SaVpqZzVNemsyTnpWaQ%22%7D&cb=1713604417541&dep=4%2CTAGS_RECEIVED&stc=true
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 09:13:37 GMT
x-cdn
fastly
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
content-length
35
x-pinterest-rid
1384456553813869
pin-unauth
dWlkPVpXTTFNakJpWWpBdFpqYzJPQzAwT0RSaUxUbGhNelV0T0dSaFkyVTBZV0l6TVRaaQ
pragma
no-cache
referrer-policy
origin
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
expires
Sat, 01 Jan 2000 00:00:00 GMT
activityi;dc_pre=CNOv5PS50IUDFSXEwgQdumUKhQ;src=9231397;type=retarget;cat=globa0;ord=8746611001666;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
9231397.fls.doubleclick.net/ Frame BB47
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8746611001666;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefi...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOv5PS50IUDFSXEwgQdumUKhQ;src=9231397;type=retarget;cat=globa0;ord=8746611001666;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-...
0
0
Document
General
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOv5PS50IUDFSXEwgQdumUKhQ;src=9231397;type=retarget;cat=globa0;ord=8746611001666;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
472
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:37 GMT
expires
Sat, 20 Apr 2024 09:13:37 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:37 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOv5PS50IUDFSXEwgQdumUKhQ;src=9231397;type=retarget;cat=globa0;ord=8746611001666;npa=1;auiddc=1647868181.1713604405;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181619921z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CJ3n5_S50IUDFdXIwgQdPYoCkA;src=10742279;type=elf8j0;cat=glo_flap;ord=4465452693980;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-c...
10742279.fls.doubleclick.net/ Frame 9B00
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=4465452693980;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmeti...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ3n5_S50IUDFdXIwgQdPYoCkA;src=10742279;type=elf8j0;cat=glo_flap;ord=4465452693980;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfc...
0
0
Document
General
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ3n5_S50IUDFdXIwgQdPYoCkA;src=10742279;type=elf8j0;cat=glo_flap;ord=4465452693980;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.149 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
405
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:37 GMT
expires
Sat, 20 Apr 2024 09:13:37 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 20 Apr 2024 09:13:37 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ3n5_S50IUDFdXIwgQdPYoCkA;src=10742279;type=elf8j0;cat=glo_flap;ord=4465452693980;npa=1;auiddc=1647868181.1713604405;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe44h0v9181663336z8896608294za201;gcs=G111;gcd=13v3v3v3u5;dma=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
ct.pinterest.com/v3/
35 B
0
Fetch
General
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22pin_unauth%22%3A%22dWlkPU9XSmpNR0ZoTldNdFlqTTJaQzAwTm1SbExXRmlZekl0TW1SaVpqZzVNemsyTnpWaQ%22%7D&cb=1713604417596&dep=4%2CTAGS_RECEIVED&stc=true&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22124%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22124%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22124.0.6367.60%22%2C%22ecm_enabled%22%3Afalse%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 20 Apr 2024 09:13:37 GMT
referrer-policy
origin
x-cdn
fastly
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
content-length
35
x-pinterest-rid
1153272303623252
expires
Sat, 01 Jan 2000 00:00:00 GMT
widget.css
js.jebbit.com/companion/v1/
15 KB
0
Stylesheet
General
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-21.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 20 Apr 2024 07:52:23 GMT
x-amz-version-id
rlLQSdBm9ZTNXvLaketZ1ik.75AdGtXG
via
1.1 4208b3c43704306e2eddbba95ee93dc4.cloudfront.net (CloudFront)
last-modified
Wed, 21 Feb 2024 21:57:20 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-C1
age
4865
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
vcHY05c2OHdfu3gN4EKWIaEIU1GX0vrPwyakOcRdipysWoM77SoOQA==
performance_interaction
analytics.tiktok.com/api/v2/
0
698 B
Ping
General
Full URL
https://analytics.tiktok.com/api/v2/performance_interaction
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.199 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-212-249-199.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.elfcosmetics.com/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1ae1fcf9
date
Sat, 20 Apr 2024 09:13:37 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240420091337E886F7F9913FD024F482-37BFC3889CA4CDB2-00
x-cache
TCP_MISS from a23-220-105-199.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing
inner; dur=6, cdn-cache; desc=MISS, edge; dur=8, origin; dur=10
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240420091337E886F7F9913FD024F482
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
10,23.220.105.199
x-tt-trace-host
01d6694c4d61b2f260fd54eccec6fdfa53562517d4b5429c46f4c3fac525f03aacc7c88a1c6baa5552e3a06fca39ccac8efca23456eaf0da87962d00dea72eae32626066285cc380fd645e340efe8922f93d4e354ddd90c3d2222d1e4e324178e0
access-control-allow-headers
Authorization,*
expires
Sat, 20 Apr 2024 09:13:37 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/

Verdicts & Comments Add Verdict or Comment

220 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host string| _pxAppId object| PXXT4Gy2ig object| PX undefined| _XT4Gy2ighandler function| $ function| jQuery object| scriptUrl object| ttPolicy object| YT object| YTConfig boolean| yt_embedsEnableIframeDefaultReferrerPolicy function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive boolean| __HYDRATING__ object| dataLayer function| getDataLayerEvent boolean| rakutenDataLayer object| DataLayer object| viewedProductIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otSPAPathChange boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom object| OneTrustStub object| DYExps object| DYO function| DYID object| contextManager object| DYJSON object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| OnetrustActiveGroups string| OptanonActiveGroups string| GoogleAnalyticsObject function| ga object| _uxa object| otStubData object| gaplugins object| gaGlobal object| gaData object| DYWork function| $dy object| Optanon object| OneTrust object| DYCS function| create_UUID function| createCookie object| HeroWebPluginSettings string| HeroObject function| hero function| pintrk number| gtmPageLoadId function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer number| j boolean| otLastAcceptAllValue object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ function| ___rmuid object| ___RMCMPW object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels object| paypalDDL string| PaypalOffersObject function| ppq object| tagConfig object| bouncex object| CS_CONF function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| CSCurrentScript object| UXAnalytics object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| __post_robot_10_0_44__ object| PAYPAL object| webpackChunksmart_tag object| bxgraph function| a0_0x1b34 function| a0_0xfeda object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| threatmetrix function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie object| cti110221 function| tmx_run_page_fingerprinting function| tmx_post_session_params_fixed boolean| tmx_profiling_started function| close_bouncex_ad function| DataLayerHelper object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG function| UET function| UET_init function| UET_push object| ueto_ca8280b8af object| uetq

90 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: GvG3572eJJo
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: n1_jHhQkOjc
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJDQRIEGgAgLQ%3D%3D
.elfcosmetics.com/ Name: pxcts
Value: 3d05496b-fef6-11ee-85c2-66e74a8c2121
.elfcosmetics.com/ Name: _pxvid
Value: 3d053755-fef6-11ee-85c2-0bebbdc8ed60
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%224f64b530-11f4-5cd0-7c6b-c8455c887a62%22%2C%22e%22%3A1713606204686%2C%22c%22%3A1713604404686%2C%22l%22%3A1713604404686%7D
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%22e4642b89-a254-b035-b969-b9feab9b5161%22%2C%22c%22%3A1713604404691%2C%22l%22%3A1713604404691%7D
.elfcosmetics.com/ Name: _px3
Value: 2c366e4c8398fe13dd437a0d3029793a508a92b0ddfb6f297ecd893a5fc9ab1a:yh9dFZgfo2/9DtX6XUvilhO08TH2+YsO4isfEs4VRqcm+8Y+7L0P2mcL7dyhU8Nb468HaCeZfxnQqsskKxBy5A==:1000:LbpRDd926LZ274Rp0EK0gRCOYLE6ZiBGt3dDOTki9bRgfYdBnWCMuWsYf+jqIqp6K2xghv/FqD3HmI8K6qhrAOS5NlgzXxJQL6ik/guFHEizP4t6TcaQbs+EQWeY9ZwfjdKMH0nF1m7Yc5POvWfmaIIWk5LGPwBbqUyHx5RPpWqNvVQptywWakesQZasbN+Cwecs2qCs5lwGBu5jKqrehxGgQntWR+DbILc/1bQtegQ=
.elfcosmetics.com/ Name: _dyjsession
Value: jxvdznujjl4ksfjm4kl960mb702sh3ju
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: jxvdznujjl4ksfjm4kl960mb702sh3ju
.elfcosmetics.com/ Name: _dy_c_exps
Value:
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.1647868181.1713604405
.elfcosmetics.com/ Name: _gid
Value: GA1.2.248703762.1713604406
.elfcosmetics.com/ Name: _gat_UA-432816-1
Value: 1
.dynamicyield.com/ Name: DYID
Value: -2994893505674639563
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _dyid
Value: -2994893505674639563
.elfcosmetics.com/ Name: _dycst
Value: dk.w.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: CA.NA.CA_ON.CA_ON_Toronto
.elfcosmetics.com/ Name: _dy_df_geo
Value: Canada..Toronto
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _dy_soct
Value: 647796.1248068.1713604405.jxvdznujjl4ksfjm4kl960mb702sh3ju*836603.1652212.1713604405*837245.1654610.1713604405*861617.1750272.1713604405
www.elfcosmetics.com/ Name: FPC
Value: 4ba94b30-bf17-47f6-8466-c227f2e798bd
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Sat+Apr+20+2024+02%3A13%3A25+GMT-0700+(Pacific+Daylight+Saving+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=adbb3643-bd10-4a90-b9ac-22b599c03fb9&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
.adnxs.com/ Name: XANDR_PANID
Value: u-5naFWPhbn6M2Ogho-_7F-3UJG6Xpkr7tLyXBgauEmNPqpwo8UsfA6ufTEUOybMrNTuhOF6Nm-WAlTzBoxN4FgypNZUrT6HYOR3EW9AyTk.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 7863499826449087247
www.elfcosmetics.com/ Name: scapi
Value: prd:86b39b05-ac54-4555-96d1-77cc38b50530:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MzFkYTk4OS01NGU2LTQwYjUtYTI5OC0wZDQxYjc1ZjdiMWUiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjg2YjM5YjA1LWFjNTQtNDU1NS05NmQxLTc3Y2MzOGI1MDUzMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MTM2MDQzNzUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibWJ4R2tYSkdrYnNSd3VrWmxhWVlscnNaOjpjaGlkOiAiLCJleHAiOjE3MTM2MDYyMDUsImlhdCI6MTcxMzYwNDQwNSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzNDkzMTgzNTI4Njk2NjczMSJ9.m8F8VEo6bDCLn5U2spfv4ipq12sXFrs8-QVCF-FXB1dpTRw9SsNsFgMCZkqKZhFi42xc0yln9Q7BKlGPz3LGvA
.adsrvr.org/ Name: TDID
Value: 1b22a74f-94f9-4aae-ace1-cb224108b9be
www.elfcosmetics.com/ Name: dwsid
Value: LoJbqkEtlhs0NynHl2ROxuFDr04l89jpCIigrk1kfBrlkgGg2I1aKU-fEw1UaLb1v_3BVl1KPPCimJxHh2AoeA==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: abmbxGkXJGkbsRwukZlaYYlrsZ
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.doubleclick.net/ Name: IDE
Value: AHWqTUlR5qLZ7xrboq0sNNZgaNLQnvkkq2eIi4ZR8mQtzSJtH4-WpsFK2QCvAMBemBs
.elfcosmetics.com/ Name: FPID
Value: FPID2.2.eCxQPAIBoMXoLG4qQYDplroN6ahfviSCynyMoomYYOI%3D.1713604406
.elfcosmetics.com/ Name: FPGSID
Value: 1.1713604406.1713604406.G-5D80LRC85N.-tj8Ri78h2bH66G-WzC2LQ
.pointmediatracker.com/ Name: c
Value: 56b72e37-d918-4220-a887-e435a6207c4b
.bidr.io/ Name: bito
Value: AACBg07MRw4AA2BWKnJdnA
.bidr.io/ Name: bitoIsSecure
Value: ok
.pinterest.com/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPU9XSmpNR0ZoTldNdFlqTTJaQzAwTm1SbExXRmlZekl0TW1SaVpqZzVNemsyTnpWaQ
.ct.pinterest.com/ Name: _pinterest_ct_ua
Value: "TWc9PSZMdkFlWUJrT09ySGQvd1pzMk5IM2FzYVViNE1pSnhqMzlLcGJYRnY4SVdGaUJRc2lMQXRxczFkZ084UlAxMUc1ZEhJdnNJSHZpODVDZ3pFZ3kxWjAwcm5IK2tKVjhuK1VsUmc1VGZQQVdQQT0mOEkzVTVvcmhBSTc3ZEtJTHVLcWVDVXRMVjdBPQ=="
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
www.elfcosmetics.com/ Name: esw.currency
Value: CAD
www.elfcosmetics.com/ Name: sid
Value: N7wsyr2zVizVcJajt0Aagfh92C7ZbRje6c8
www.elfcosmetics.com/ Name: _dyid_server
Value: -2994893505674639563
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: true
www.elfcosmetics.com/ Name: esw.location
Value: CA
www.elfcosmetics.com/ Name: currentLocale
Value: en_CA
www.elfcosmetics.com/ Name: esw.sessionid
Value: abmbxGkXJGkbsRwukZlaYYlrsZ
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_CA
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.elfcosmetics.com/ Name: _cs_c
Value: 0
.tiktok.com/ Name: _ttp
Value: 2fMIERvZUcfMSNq4rD3QD9vec0E
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: 2Vu0MIMpxRnMhciL_lt6BBFAgDx
.linksynergy.com/ Name: rmuid
Value: 822726aa-22bd-49e2-a48d-2a01fbe0e8e8
.rlcdn.com/ Name: rlas3
Value: 086+Ex5LrsjGUkqvKoEOkZQNwB/hxSvENY4viZ8a8is=
.rlcdn.com/ Name: pxrc
Value: CLiOjrEGEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-04-20T09:13:28Z
imgs.signifyd.com/ Name: thx_guid
Value: a1c198ef5e27b1a897c6af10b73377b0
.rubiconproject.com/ Name: khaos
Value: LV7VTKU5-1V-CGRB
.rubiconproject.com/ Name: audit
Value: 1|acVle5qO0ipxt5ulElZc0TBCWKCcGyq9dTyvlC9gUcJIuB5aVrQ5+rD27/RbCUFCJDTesEsOUgEwHTRO1/p4iHX0qfg68IpFQAPcN3ARK86hIttZLCb0DSFOQlFbYtHEcH9yvAKunEd99mm2YO554AilDWWXz+OgUL3tV5o81t/REvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIYXBwbmV4dXMSCwia2sCzhcnwPBAFEhUKBmdvb2dsZRILCJzdtLWFyfA8EAUSFgoHcnViaWNvbhILCMqBtbWFyfA8EAUSFQoGY2FzYWxlEgsIrJ6q1YXJ8DwQBRgFIAMoATILCNq2id6byfA8EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.casalemedia.com/ Name: CMID
Value: ZiOHOtHM6VEAAGG7AL6YTQAA
.casalemedia.com/ Name: CMPS
Value: 3509
.casalemedia.com/ Name: CMPRO
Value: 3509
.undertone.com/ Name: UTID
Value: c36ec9e3eb3f4018ae8f027bb7e48a67
.undertone.com/ Name: UTID_ENC
Value: bkiu93dp9o3je6q90g9dke5bb
.elfcosmetics.com/ Name: FPLC
Value: PXUCbg1RZGCDwGiZVWthRFNGeGAjPaizHq1If2UzD2nxnSbpFhgj9H6un4yXNkx8HaFxvNrf94DOPNV6w0ep7ljJY%2FS77WvtTeYiDu%2BSkavcRg3vRKkYMtY%2B%2FFgE8w%3D%3D
.elfcosmetics.com/ Name: _scid
Value: 70a3d08c-662f-4028-85e6-67fa8b8f87d5
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2fMIF1ITSYxx7qrzRw5yYbt2Q5Z","deviceID":"2fMIF1NpvYgdTBvAmMWXbMWloVe","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJmTUlGMUlUU1l4eDdxcnpSdzV5WWJ0MlE1WiIsImRldmljZUlEIjoiMmZNSUYxTnB2WWdkVEJ2QW1NV1hiTVdsb1ZlIiwiaXYiOiIiLCJ2IjoiIn0%3D
.bounceexchange.com/ Name: bounceClientVisit6664c
Value: %7B%22vid%22%3A1713604412250234%2C%22did%22%3A%223362843766456382326%22%7D
www.elfcosmetics.com/ Name: bounceClientVisit6664v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QbFIIDm9QSgooUbevxjUN13SfMQrNuw6cuKAL5AA
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1713604413766.1115491517
.elfcosmetics.com/ Name: _uetsid
Value: 433fd5a0fef611ee95a6ed68fa2e7c4f
.elfcosmetics.com/ Name: _uetvid
Value: 43402180fef611ee9d255135f39f9baa
.bing.com/ Name: MUID
Value: 38AFBAC75DEC6BE61F33AEA05C466A0A
.bat.bing.com/ Name: MR
Value: 0
.elfcosmetics.com/ Name: _ga
Value: GA1.2.1244450778.1713604406
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1713604406686.7ef82b72-f875-421d-9393-433430e09d15
.elfcosmetics.com/ Name: _cs_id
Value: 85da9644-e081-a42f-d7d5-90657fddcedf.1713604407.1.1713604417.1713604407.1558384338.1747768407402.1
.elfcosmetics.com/ Name: _cs_s
Value: 2.5.0.1713606217409
.elfcosmetics.com/ Name: _ga_5D80LRC85N
Value: GS1.1.1713604406.1.1.1713604417.0.0.839026459
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1713604406.1.1.1713604417.49.0.0
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2IlchGDFj!]tb=J.NI89Rkfl9RrTqM/B6J
.elfcosmetics.com/ Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a
Value: author=client&expires=1745140417532&visitor=683e8027-e29b-4255-ba32-8e8b1d510e23

176 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 362)
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 364)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.154&r=stable&domain=www.elfcosmetics.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 111)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.cquotient.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.usehero.com
cm.g.doubleclick.net
cnv.event.prod.bidr.io
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
cosmeticscriminal.ca
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
k-aeu1.contentsquare.net
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
qoe-1.yottaa.net
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aavabe2smcl37q5fus67byroflce7sjzk2072e7b0d8e3a7ecasac.d.aa.online-metrix.net
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
cdn-fsly.yottaa.net
104.19.177.52
104.26.13.205
13.107.21.237
13.225.195.21
13.225.195.83
142.250.31.113
142.250.31.190
142.251.111.94
142.251.16.149
142.251.16.157
142.251.167.155
151.101.0.84
151.101.1.21
151.101.128.84
151.101.129.35
151.101.130.133
151.101.193.140
151.101.2.137
151.101.65.21
165.254.198.118
172.253.115.103
172.253.122.155
172.253.63.155
172.253.63.190
172.253.63.97
172.64.150.95
172.64.151.101
172.64.155.119
18.210.244.77
18.213.91.59
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
204.2.138.107
204.2.50.240
216.239.36.178
23.205.107.75
23.212.249.199
23.212.249.208
23.212.249.219
23.220.128.196
23.47.22.7
3.161.213.14
3.161.213.47
3.161.213.65
3.162.3.121
3.162.3.24
3.162.3.39
3.222.239.237
3.33.220.150
31.13.66.19
31.13.66.35
34.102.147.248
34.111.8.32
34.117.228.120
34.120.253.250
34.149.10.121
34.149.130.207
34.160.20.10
34.249.47.228
34.49.124.132
34.98.67.3
34.98.72.95
35.190.10.96
35.190.89.82
35.244.154.8
52.7.166.131
52.73.200.224
54.154.189.86
54.237.131.176
68.67.179.155
69.173.151.100
009342098f06d5ae7b2186f1076fab177d05b5a481ffe1190535fe501c1cae68
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
03f75fe69f0db79ae7b1f31af46cf0eb412c23d8d0a19cb8b1cf16a35fcf7ca1
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
0b2f3284731451436ae24019f5bced6829fc4f1c005ba21e4694a6dbc6e98f8c
0ce9fb17074b954a06fc54f99d41dd29e2b613c7d843577775dafdf870cc00ac
12ae2d40097c4391fecf4bdacaf0b90ed7f7b976f5408747140a9d64683f0ea1
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
13fe708437b20b4ff6dc037d87aec1624fabff6fb91bf93c0c63d8192ba7bf33
19cc1cced30687035cb740cbbf86a4c2d7c5085ca95e3fdef76d7e28d35af57d
1d959f985f144d73bf7e483dc5b5027417eb785966a53fb8b1378979c43d6f90
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
241d7275d3ab0df4b2192ab22047bc4172b40e68350109c0bca4b1d2c1d27ee4
24fc3a67b397cca51dae595f7c13e6005062622a33891941857f871417d8067f
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
2b98ba708aff9eaebd3cf0e2bdcf281082837a247ef8b3ae7cf10378bec5c787
2eb851a2f780dfc3d49c2cedda77ac275ab0f533cefbab63cda3849cff357210
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
329a5e6b08a931ac1df4877349d5fb131ee553dd231dad91850a0422d7d89dd8
32aaeee96fd5d4ee55d785e181d136b89e21de673bd8b6e89f4731412ba5aba9
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3a0cb24163d51976d5904bac47f896454a8bdbd333ebccc00ca9805645b165c4
3f3138788abfc916e6dc1b7efcbdb0f29efd4050f350f5ade55b0e903f93f33a
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed
42997132bd0142564014ac4a809356dc0ceb9b7a90eede2b5b48019f1700cc58
48eac18ec8b1c06a5b11f38fbf38abf0d52f42b46f0c17a6250872645845dd82
498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4ba3f9423fe689de12b7e3720dd381126f50ae7030a0d3c3b9c550d85a485887
4cc7feb5ab578928cbb28efc31c87d328d2b19f751e117abcee3fd3df77bf4e4
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
519a96acb570e00b0c294fbd484735eab1d5cf1d6c390c093af3b945ed88e9da
55baa715ccc8c2512bceb1c949c1d0927944ca327e7edd2d5fc312d2a41986e4
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fcc27d86413eb4682a9c5392e8938f5c90ac54c3938360d5ac1db40e8bf6474
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
62e7cb03e8f65ceb4f43a5a56a3b9c3950158fae3fea85699e3f4c68672f4c2f
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6982e83b9ea7682534a77808bc53b3e516bc5d26dc406de1a2ea81c2fdf63a33
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6d0c3ab4349bd9982749cb3a1916ac470ded78667870859abe4160077bcac7a6
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
7586f9164e6bc95d916e3828d687c85f77cf253b34a5908fffa5f6f17dfd0d72
75a65666233dad1f160e22f4a6230aa9b2c3b656b5cc2117e73d68d467e6ed00
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
796132480e84128a861d2f399f8478816c92c036af808f7c0f5dfd568c4c1c60
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7b3d0afff8895f25ff4f5eff8277ee7e76a3affb8e7918d246378e92ba5f463a
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85b38e7085ac3e5d7b57603c31d75140522fa3a4a70c0a944ad7337b80451e1a
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
871474c026a375c08d45faa149fd4a5599bab4f0fb4e2add7576488f083cb2bc
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb
8778d5b3e6b7ba58f84e2120fb51ec4b6e54780627c52dfe360ea1936b9817de
88e76973c6445bedb078f77da05db3ba48d3a35ff93f6c27253756a3395a2bd0
89ab986b4eeea474f16953f21787392d714b4c72867d2fc814ab78802ea9402a
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
950200b1a632b0ee786b1af9bff50660cc7568ea90a68d0953ccdd7ca9927506
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
961df68d86b47f1ab732b736c327b16c57a4b4cc21905786e1b5079a6d3be488
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
9f2461f7629a9751a8ce13d4fa6465bd4dade527356dedaa1e07be6712694ec4
a0a2ead3cf59e66a8cc040819b282abb30c8e35a6a241f2431c443f4755ce083
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a54234f412b9bfdc07fcbd75a6e3e22c0f89f89f861ea0e6e6a96c7048834c41
a869fe8cddaf23f1ee50724c35748cefb30c697095b2cf4a231033cb8f43b4ab
a8ee898151890a393bfa532ab863c79d4c0aaa8a657fefedb72c7f90a85623f0
a9301f5f7a25b2cd75fa4dfaa0e0fb23be898d17b265560ff034b0c8f635aa92
a938eea663af09f75118101cf9061107fbef7c4770d7d123c71e33c52c565139
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b040c12c04f3b66fbaba01ba6103e1291f7c20f726b737d677faf689c6316ecc
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b22b582a5029683d1b1c4ec1c2e477d06ca83788c3bdb5ea5282ee9ec589a91e
b2e0bde8a120edcd0e126c139ff4c62dc420e43a86bb9e22c92044fdda3fc3ef
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b50dd0986c969fd95c7c1b8395efb9455c6096e891e9388affdb1380d7e623fa
b75e6aa2727f6d205675bfddd4d26e2cdd510591394611d8adaa38f534e5218c
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcb200189a4d9d85fdd5d2b7baed695287012a6727a98245613633d80d32b1b9
c75a0f7c4104d907f8419aeb5f87467a90bce54ef633af1e8a05c6c585c9994d
ca2763ca7410ca287e66f07cbb473f94cbe4584a73b9b10bf4a6b9a43c5dd90a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca727c9d9c5d3ffa9fc01a2c57d612263a5ef4138da8d9b8e76e354835882466
cd19e0b33d98b1a1064811b32b014b2f0e35789a38c0b177464dee8d7179daa7
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
cef04833e5fc1d4b4ced5a180fb398abe34bb893c6c0c5694053d418520e3308
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d531dc1df6c1e47743342e90cd4ca27a2f21dd4e2e15692576da1d793bbb89f4
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
dc7d0b5b22528c1d080fb7dba2aa556fd4c033715a84ea93333cebe38a0e4daa
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e2e032414af88512367db0555f566e941050b9618167bb97dc795e7635f1fd71
e361470ff3de6b5c5aae239d999d31c925acecc88fc4386136614cb1e52cf390
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e63e6fd6f7de96da3a88ce0e8d574665990242df97bb2d59d382d9f3dc887f3c
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
eb44dc6a378e49c5e2a42a12d2b71a9237b65e6e12c35ce2018dc079845b8546
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14
f48e1c94c7d30bfffbfa8b23bedc100848a4a50794a0df3638c2055ffc22a4b5
f71fb48d32c9b2e88a419d2a16252a1d7c6aee937ef234425d099ad98c63328b
f728b2a3472bdb7b12fe2b3ad324f86306d5ebfd9a22970cdb9d75865437181f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f7f7d48fa4ef27a882d9690c581637c5f56c8f0870e7d375a333c6604b54c432
fa231056681e8d80c926f3a7c027699435f2dac18f21543b74fc144912bd88f4
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616