urlscan.io logo urlscan.io
SecurityTrails logo

www.plumplay.hk Open in urlscan Pro
103.1.184.152  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.plumplay.hk/
Submission Tags: sansec.io magecart Search All
Submission: On September 13 via api from US — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 2 countries across 12 domains to perform 68 HTTP transactions. The main IP is 103.1.184.152, located in Sydney, Australia and belongs to MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU. The main domain is www.plumplay.hk.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 8th 2024. Valid for: 3 months.
This is the only time www.plumplay.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
36 103.1.184.152 133159 (MAMMOTHME...)
1 18.155.192.82 16509 (AMAZON-02)
12 151.101.2.133 54113 (FASTLY)
3 142.250.66.234 15169 (GOOGLE)
2 157.240.8.23 32934 (FACEBOOK)
2 172.217.24.35 15169 (GOOGLE)
1 151.101.194.133 54113 (FASTLY)
2 142.251.221.78 15169 (GOOGLE)
2 157.240.8.35 32934 (FACEBOOK)
1 172.217.167.72 15169 (GOOGLE)
2 13.35.122.102 16509 (AMAZON-02)
1 172.217.24.46 15169 (GOOGLE)
1 74.125.68.155 15169 (GOOGLE)
1 142.250.204.2 15169 (GOOGLE)
1 142.250.76.99 15169 (GOOGLE)
68 16
36    103.1.184.152 (Sydney, Australia)

ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU)
PTR: vps1.plumproducts.com.au
www.plumplay.hk
1    18.155.192.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-192-82.sfo53.r.cloudfront.net
eu-library.klarnaservices.com
12    151.101.2.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
static.klaviyo.com
static-tracking.klaviyo.com
static-forms.klaviyo.com
3    142.250.66.234 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f10.1e100.net
fonts.googleapis.com
2    157.240.8.23 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-syd2.fbcdn.net
connect.facebook.net
2    172.217.24.35 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f3.1e100.net
fonts.gstatic.com
1    151.101.194.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
fast.a.klaviyo.com
2    142.251.221.78 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f14.1e100.net
www.google-analytics.com
2    157.240.8.35 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-syd2.facebook.com
www.facebook.com
1    172.217.167.72 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s06-in-f8.1e100.net
www.googletagmanager.com
2    13.35.122.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-122-102.sfo5.r.cloudfront.net
na-library.klarnaservices.com
1    172.217.24.46 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s20-in-f14.1e100.net
analytics.google.com
1    74.125.68.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f155.1e100.net
stats.g.doubleclick.net
1    142.250.204.2 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f2.1e100.net
td.doubleclick.net
1    142.250.76.99 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f3.1e100.net
www.google.com.au
Apex Domain
Subdomains		 Transfer
36 plumplay.hk
www.plumplay.hk
2 MB
13 klaviyo.com
static.klaviyo.com — Cisco Umbrella Rank: 4027
static-tracking.klaviyo.com — Cisco Umbrella Rank: 4898
fast.a.klaviyo.com — Cisco Umbrella Rank: 5294
static-forms.klaviyo.com — Cisco Umbrella Rank: 5083
76 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
4 KB
3 klarnaservices.com
eu-library.klarnaservices.com — Cisco Umbrella Rank: 42044
na-library.klarnaservices.com — Cisco Umbrella Rank: 11645
576 KB
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
td.doubleclick.net — Cisco Umbrella Rank: 481
246 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
4 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
2 gstatic.com
fonts.gstatic.com
66 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
59 KB
1 google.com.au
www.google.com.au — Cisco Umbrella Rank: 17600
63 B
1 google.com
analytics.google.com — Cisco Umbrella Rank: 238
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
106 KB
68 12
Domain Requested by
36 www.plumplay.hk www.plumplay.hk
9 static.klaviyo.com www.plumplay.hk
static.klaviyo.com
3 fonts.googleapis.com www.plumplay.hk
client
2 na-library.klarnaservices.com eu-library.klarnaservices.com
2 www.facebook.com www.plumplay.hk
2 www.google-analytics.com www.plumplay.hk
www.google-analytics.com
2 static-tracking.klaviyo.com static.klaviyo.com
2 fonts.gstatic.com fonts.googleapis.com
2 connect.facebook.net www.plumplay.hk
connect.facebook.net
1 www.google.com.au www.plumplay.hk
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 www.googletagmanager.com www.google-analytics.com
1 static-forms.klaviyo.com static.klaviyo.com
1 fast.a.klaviyo.com static.klaviyo.com
1 eu-library.klarnaservices.com www.plumplay.hk
68 17
Subject Issuer Validity Valid
plumplay.hk
cPanel, Inc. Certification Authority		 2024-09-08 -
2024-12-07		 3 months crt.sh
*.klarnaservices.com
Amazon RSA 2048 M03		 2024-02-24 -
2025-03-23		 a year crt.sh
static.klaviyo.com
R11		 2024-09-09 -
2024-12-08		 3 months crt.sh
upload.video.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-06-22 -
2024-09-20		 3 months crt.sh
*.gstatic.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
static-tracking.klaviyo.com
R11		 2024-07-19 -
2024-10-17		 3 months crt.sh
fast.a.klaviyo.com
R10		 2024-09-09 -
2024-12-08		 3 months crt.sh
static-forms.klaviyo.com
R10		 2024-08-18 -
2024-11-16		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.doubleclick.net
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.google.com.au
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.plumplay.hk/
Frame ID: 692EBB28019C735DABF54AEB0EB94820
Requests: 68 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-667D7Y0D9F&gacid=1389865097.1726239300&gtm=45je49b0v871155808za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1612988868
Frame ID: 751FAE88D0C36DB8F6251AD806A86020
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Plum Play the Active Play Specialists

Detected technologies

Overall confidence: 100%
Detected patterns
  • <a[^>]*href=[^>]*/Cart
  • <a[^>]*href=[^>]*/Checkout
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • klaviyo\.com

Page Statistics

68
Requests

100 %
HTTPS

0 %
IPv6

12
Domains

17
Subdomains

16
IPs

2
Countries

2661 kB
Transfer

9507 kB
Size

21
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

68 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.plumplay.hk/ 		120 KB
28 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
1e10739ee1044e12b20f2b864bc40c0cabfac51fe58e98f0058d51294d27f3f2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0, must-revalidate, no-cache, no-store
content-encoding
br
content-security-policy
upgrade-insecure-requests;
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
content-type
text/html; charset=UTF-8
date
Fri, 13 Sep 2024 14:54:58 GMT
expires
Wed, 13 Sep 2023 14:54:58 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block
orig_1289e299356cda50431d9ae82575880d.min.css
www.plumplay.hk/static/version1725965192/_cache/merged/ 		970 KB
124 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/_cache/merged/orig_1289e299356cda50431d9ae82575880d.min.css
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
23fe962bf16a9f345bb381c669f07e057b4a0633fa559acfb8988c52a63f8a43
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
content-encoding
br
last-modified
Tue, 10 Sep 2024 10:47:15 GMT
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=31536000, public
expires
Sat, 13 Sep 2025 14:54:58 GMT
ec.min.css
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/Anowave_Ec/css/ 		3 KB
938 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/Anowave_Ec/css/ec.min.css
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
75e379756ebeeec1f0e43429578a0a52de9503ed0689d9ab745c73c485de4b6d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
content-encoding
br
last-modified
Tue, 10 Sep 2024 10:47:46 GMT
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=31536000, public
expires
Sat, 13 Sep 2025 14:54:58 GMT
styles-l.min.css
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/css/ 		342 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/css/styles-l.min.css
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
e970f71749c0f7892047ea34c7d9a50b30fb1794249679d89a3f0f40748217b6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
content-encoding
br
last-modified
Tue, 10 Sep 2024 10:47:48 GMT
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=31536000, public
expires
Sat, 13 Sep 2025 14:54:58 GMT
opensans-300.woff2
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/opensans/light/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/opensans/light/opensans-300.woff2
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
69fd4fd58ab3812b5b43a91478b13191fee58a0a438a5901345c89ea4991e9ca
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
last-modified
Tue, 10 Sep 2024 10:47:39 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
17436
expires
Sat, 13 Sep 2025 14:54:58 GMT
opensans-400.woff2
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/opensans/regular/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/opensans/regular/opensans-400.woff2
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
b367d278abdbff97dcca334e31b1714fae2f7922f2347c5e76a6fd2c67f15079
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
last-modified
Tue, 10 Sep 2024 10:47:39 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
17848
expires
Sat, 13 Sep 2025 14:54:58 GMT
opensans-600.woff2
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/opensans/semibold/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/opensans/semibold/opensans-600.woff2
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
e970869c33bf34e4efdffeed811711d5e1d3956d08ed64a85865d544099b3395
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
last-modified
Tue, 10 Sep 2024 10:47:39 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
17980
expires
Sat, 13 Sep 2025 14:54:58 GMT
opensans-700.woff2
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/opensans/bold/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/opensans/bold/opensans-700.woff2
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
796de1bd57056646e70e7749841a0f1f15043f263e63cd41f252e238e3a40b1c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
last-modified
Tue, 10 Sep 2024 10:47:39 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
17668
expires
Sat, 13 Sep 2025 14:54:58 GMT
Luma-Icons.woff2
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/fonts/Luma-Icons.woff2
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
811c13b5ffa267fe2b53adbf1d40cc42ee7cffa7374297297159d629051fcefa
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
last-modified
Tue, 10 Sep 2024 10:47:54 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
3272
expires
Sat, 13 Sep 2025 14:54:58 GMT
b1c6ef13f8b6101dfe496fb57aa1a299.min.js
www.plumplay.hk/static/version1725965192/_cache/merged/ 		6 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/_cache/merged/b1c6ef13f8b6101dfe496fb57aa1a299.min.js
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
3a8064f60be8d5091bbd24ebac2fac924f2bfa1fd48b7cb06fd8c08c8be8e198
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:58 GMT
content-encoding
br
last-modified
Tue, 10 Sep 2024 10:51:07 GMT
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Sat, 13 Sep 2025 14:54:58 GMT
lib.js
eu-library.klarnaservices.com/ 		72 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eu-library.klarnaservices.com/lib.js
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.192.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-192-82.sfo53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
518958d7a215c2d98b1fd57baf69fe0d8ada51a05f50f066cb7ec0d27452c0d2

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:00 GMT
x-amz-version-id
tgtOSdQ92f4d4OEYxg9IbnCwqVQcejSe
via
1.1 40eef8a1f68a2d42c85df34e3766b79c.cloudfront.net (CloudFront)
x-amz-request-id
EMARTVYZJSNDN1DQ
x-amz-cf-pop
SFO53-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
73670
x-amz-id-2
C/XOLNA9H3O/5aQZMfoEldv6gyA4SlWcVz7tNOsBgbJMfCveYPnC6T3Nx7ilgclR28EJejVLpjM=
last-modified
Thu, 12 Sep 2024 14:32:06 GMT
server
AmazonS3
x-amz-meta-sdk-version
0.0.299
etag
"51cfeffe727faa86d3affa5326751465"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=60
accept-ranges
bytes
x-amz-cf-id
VDWJ9hLwpRbaq50O0xOHNgs9b5z9Vi45e8VgzhIva0sPBLIuQu6tPg==
klaviyo.js
static.klaviyo.com/onsite/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6dad622df29b8349e401bdd3d4337a51e0536e02635c33c10342b0c9f4bdd13c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; base-uri 'none'; report-uri /csp/

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; base-uri 'none'; report-uri /csp/
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:58 GMT
age
1738
x-cache
HIT, HIT
content-length
2292
x-served-by
cache-lga21971-LGA, cache-syd10146-SYD
server
nginx
x-timer
S1726239299.535074,VS0,VE1
etag
"01db7d0e8522d01a4a626503aa431612"
allow
OPTIONS, GET
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
content-language
en-us
cache-control
max-age=1, stale-while-revalidate=10800, stale-if-error=86400
access-control-allow-credentials
true
content-type
application/javascript
vary
Accept-Encoding
accept-ranges
bytes
access-control-allow-headers
x-cache-hits
2, 0
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
css
fonts.googleapis.com/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/css/styles-l.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.234 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s15-in-f10.1e100.net
Software
ESF /
Resource Hash
c3061c3788ad5783ef8a5d10c454bafe7eb942c48200dccc852cc6d3c9f303d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 13 Sep 2024 14:54:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 13 Sep 2024 13:25:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 13 Sep 2024 14:54:59 GMT
css
fonts.googleapis.com/ 		755 B
790 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Bree+Serif
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/css/styles-l.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.234 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s15-in-f10.1e100.net
Software
ESF /
Resource Hash
4ff03ade0aca405db5eae97a4833302e7d32b77b48afbe9f950700cd8f24dbd2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 13 Sep 2024 14:54:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 13 Sep 2024 14:33:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 13 Sep 2024 14:54:59 GMT
fbevents.js
connect.facebook.net/en_US/ 		225 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-syd2.fbcdn.net
Software
/
Resource Hash
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 13 Sep 2024 14:54:59 GMT
document-policy
force-load-at-top
x-fb-server-load
58
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58953
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=1, rtx=0, c=23, mss=1232, tbw=4295, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
8+4KINVfhxt+MtE89GH85L4aEaKRYFaZq797wBO10saqZJ+fljpdwn2JE4eu6YiqYX9cXhx9cvyqCZJYUHWRTg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.24.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
hkg07s23-in-f3.1e100.net
Software
sffe /
Resource Hash
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 01:34:09 GMT
x-content-type-options
nosniff
age
48050
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000
content-length
18668
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:00:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Sep 2025 01:34:09 GMT
klaviyo.js
static.klaviyo.com/onsite/js/ 		7 KB
106 B 		Other
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6dad622df29b8349e401bdd3d4337a51e0536e02635c33c10342b0c9f4bdd13c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; base-uri 'none'; report-uri /csp/

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:59 GMT
via
1.1 varnish
content-encoding
br
content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; base-uri 'none'; report-uri /csp/
age
1739
x-cache
HIT
content-length
2292
x-served-by
cache-syd10146-SYD
server
nginx
x-timer
S1726239299.096934,VS0,VE1
etag
"01db7d0e8522d01a4a626503aa431612"
vary
Accept-Encoding
access-control-allow-methods
GET
content-language
en-us
access-control-allow-origin
*
content-type
application/javascript
cache-control
max-age=1, stale-while-revalidate=10800, stale-if-error=86400
access-control-allow-credentials
true
access-control-max-age
86400
accept-ranges
bytes
access-control-allow-headers
allow
OPTIONS, GET
x-cache-hits
1
fender_analytics.8d21d049ace5ab4dbeef.js
static-tracking.klaviyo.com/onsite/js/ 		32 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static-tracking.klaviyo.com/onsite/js/fender_analytics.8d21d049ace5ab4dbeef.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
da90484142079a67f8609c50324de041125ee49ca7eff1dff04527f393b082c9

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
nBhF5b72CCHSTD22re6nc.gWaBsK_b7t
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
2MWJNP74RTTF50AJ
age
1776
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
11823
x-amz-id-2
W8eXvsBBQzMZ8GpPgLMTVLEUOwWSS6seyVfKj33lLZyOEttzH0rH4UxoS9/0dXNczrOPQyywUyc=
x-served-by
cache-lga21952-LGA, cache-syd10152-SYD
last-modified
Wed, 04 Sep 2024 19:04:52 GMT
server
AmazonS3
etag
"d80bb8baa3ca6cf2a6045d35a5769751"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
a45f8024c0890c50311d19cc2cd58cb4dfd1f41e
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
216718, 306
static.8d136cd44b74e8189276.js
static-tracking.klaviyo.com/onsite/js/ 		495 B
555 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static-tracking.klaviyo.com/onsite/js/static.8d136cd44b74e8189276.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6eaa7d84867f4a3f58d1cff2d44b4d4adfcc58072a48d761fe092b7e6172b253

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
uH6cu82Duq995N1qMWqZf6YsR2usxQeT
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
WDTF80E976R5R4A6
age
1776
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
280
x-amz-id-2
x3A3nCtK50M7+Le+F7ypZjiHS1oa1/lJWJ/lHcgzRUqMrASEQQEZJfRHmct4WIz7x+5idGhZNUM=
x-served-by
cache-lga21941-LGA, cache-syd10152-SYD
last-modified
Mon, 26 Aug 2024 22:54:37 GMT
server
AmazonS3
etag
"264b8a3f80d7760ba761881fd76641fb"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
d4c18fcc13fa184f6bbaac7525d6a7e0d3236ae8
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
688435, 344
runtime.115396286deec01c3670.js
static.klaviyo.com/onsite/js/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/runtime.115396286deec01c3670.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
33a84153136c8f750cb5025c5ecb07b4fb55df652252951b59cb5ddbd9e1e908

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
zDGzKNPpDug5mM8qf5vdvaqq7TtrH23n
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
DC8V1P1KM0JGDNRB
age
1775
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
7801
x-amz-id-2
IGvsiy1K/0P4wHbupchkXGIT8idoI4305tlmx9dKAtvSkKC69+XB4SrPEKmSMiytUyqB+5dOsGQ=
x-served-by
cache-lga21973-LGA, cache-syd10138-SYD
last-modified
Thu, 12 Sep 2024 14:39:50 GMT
server
AmazonS3
etag
"6b426f8d64899d3bd7f2ccb50cf69a76"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
21571c98d63ae835bf6215dba2bdfcdd087cc914
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
58, 401
sharedUtils.71e3cd98c51ae510679f.js
static.klaviyo.com/onsite/js/ 		48 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/sharedUtils.71e3cd98c51ae510679f.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a6d90b55a4309d0187331c8d18508768f3f4e0efff92c1645e8f3ef248ed3f5

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
L5n.RSIf6WBEVxN7gg7BsXY1NZXgAZYS
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
DC8QAVZ6YJVEJS59
age
1775
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
17945
x-amz-id-2
6rsgwKt8TPV5v7vwfc8HrKFbgywJC5E2oHIUyxLweDj3mq4gULOzDrGHFWUfw82wLDdwBbZmpOA=
x-served-by
cache-lga21953-LGA, cache-syd10138-SYD
last-modified
Thu, 12 Sep 2024 14:39:50 GMT
server
AmazonS3
etag
"c8b26f368fdbac8a3ad6f2fe6e7ee8c5"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
21571c98d63ae835bf6215dba2bdfcdd087cc914
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
54, 401
vendors~signup_forms~post_identification_sync~onsite-triggering~customerHubRoot.8c45a4643eee76f6e5c9.js
static.klaviyo.com/onsite/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/vendors~signup_forms~post_identification_sync~onsite-triggering~customerHubRoot.8c45a4643eee76f6e5c9.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d2586e045767a0379e2072dc2fd04a86e9b2514620ffab62af46318aa20e2f01

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
FrVyqlbukpM8uuM2GGJ2UOf0ylCe7aCf
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
F712HBSDHF0379GE
age
1775
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
4100
x-amz-id-2
+Dl1SFSl7aBcHCvm1Gt1ie/RaNbdI9ktXbZ27zF1omEhwEWcv+dljCP5lx8CUfUgYrlyj6v/ttyCHhdOwi07VxUEafatN4dWqgFkyiyiW9Y=
x-served-by
cache-lga21968-LGA, cache-syd10138-SYD
last-modified
Mon, 19 Aug 2024 21:56:48 GMT
server
AmazonS3
etag
"bcbe97b98d6018eab1657c41ede222ec"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
8f6e382a6dad25f970b754652bb2863c9cbe611b
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
331018, 260
vendors~signup_forms~onsite-triggering.f88945af9a706719d64b.js
static.klaviyo.com/onsite/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/vendors~signup_forms~onsite-triggering.f88945af9a706719d64b.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f73c578afd4839c471623755979976453bc91f26c0cf24a9f302e0024bf30a7f

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
TRe.Ma.RA.f_Hrh_dLuFmFXUoAUkn5ie
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
ZJATDMCAAV0AHMKP
age
1775
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
3282
x-amz-id-2
syehCADDPmX5FFolUcmmm4XdLJOd1Q314sOp32VWq/wN+Ei2aFy/HX817eN2UXhYBbdRH47O2ffzxHAjJ1HatOjX79LrtcGm
x-served-by
cache-lga21967-LGA, cache-syd10138-SYD
last-modified
Tue, 13 Aug 2024 10:51:58 GMT
server
AmazonS3
etag
"b9d594ec8a92f26146977ada9530f2b0"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
d682cf6b66add4bca41f2fb7cb88b63f39926c55
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
724027, 261
vendors~signup_forms.0a55af0707af13bd6205.js
static.klaviyo.com/onsite/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/vendors~signup_forms.0a55af0707af13bd6205.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
54a95e5381069af1c1ffe30d039643382c05ebd59d587161b142d5f29290c909

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
hbh_nq_NNkxDpebSuMzVe_uoaY1oLqvS
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
7QSYZD0M1RQH742T
age
1775
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
3986
x-amz-id-2
kXQ7o7EvzATGHrpAgZigJ6LhhAoZk3PsCXWVWigOAZRit817BcSRY/L5g7OkhyJ2ADtqa5DB+VU=
x-served-by
cache-lga21961-LGA, cache-syd10138-SYD
last-modified
Mon, 26 Aug 2024 22:54:37 GMT
server
AmazonS3
etag
"dc2fa375024745e4a07f0ad3e81ba109"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
d4c18fcc13fa184f6bbaac7525d6a7e0d3236ae8
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
407452, 261
default~signup_forms~onsite-triggering.c8f9e1cf499bdab782a9.js
static.klaviyo.com/onsite/js/ 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/default~signup_forms~onsite-triggering.c8f9e1cf499bdab782a9.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c853e00afaed8f5bc00f96b24ea685eeb960433abf7dd98a79df91e591301231

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
j5JFaCZIuGrzfgh0VhcZJkrGzYvy_Ar.
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
J3KVXJZ162GJDJ6Z
age
1775
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
9350
x-amz-id-2
c1FGDgGnakXJPeSrWk2KTdqxE6F4wYSaj/MLDaVl0FFeaCTyOO+DajzFAoEs7YgAuXyhlSfQSYE=
x-served-by
cache-lga21937-LGA, cache-syd10138-SYD
last-modified
Tue, 03 Sep 2024 14:44:50 GMT
server
AmazonS3
etag
"8374708fe1a13fb0eb1fffbe8a55a579"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
5138fb2ed66c438d18b1193d40ae53a8ddcad717
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
9, 255
signup_forms.8cf69d2022c91c9a1df8.js
static.klaviyo.com/onsite/js/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.klaviyo.com/onsite/js/signup_forms.8cf69d2022c91c9a1df8.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=WUKGCL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8d7d2922afbb7aeb4815edfb4393e0fea0132bfbcce9246ce278c43f8067f2d6

Request headers

Referer
https://www.plumplay.hk/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
pd9Ozt7Z87YWlvIBdLl7.H4CbPJZA5Kr
content-encoding
br
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
DC8VF17YGZXZP4FA
age
2479
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
5848
x-amz-id-2
hlGOKXtYDc6tNxRwOC1gh2Iv7il55n+vuN6qKeBuOxwxzlDtNSbRprtKahwL67+9c0plqYjXVRA=
x-served-by
cache-lga21940-LGA, cache-syd10138-SYD
last-modified
Thu, 12 Sep 2024 14:39:50 GMT
server
AmazonS3
etag
"fd5edc6144a323a590c29da8a280555d"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
21571c98d63ae835bf6215dba2bdfcdd087cc914
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
66, 288
js-translation.json
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/ 		2 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/js-translation.json
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:59 GMT
last-modified
Tue, 10 Sep 2024 10:48:56 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2
expires
Sat, 13 Sep 2025 14:54:59 GMT
loader.svg
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/Amasty_Scroll/images/ 		856 B
658 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/Amasty_Scroll/images/loader.svg
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
71543b7776396e7d6f972065127f716d415da47b048fd72c68c52a4f375af021
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:59 GMT
content-encoding
br
last-modified
Tue, 10 Sep 2024 10:47:45 GMT
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=31536000, public
expires
Sat, 13 Sep 2025 14:54:59 GMT
load
www.plumplay.hk/customer/section/ 		86 B
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/customer/section/load?sections=apptrian_facebook_pixel_matching_section&_=1726239299112
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
185a97333db58fa341a3cbb7c1e36ee73eb0970aeefeaebb11baf5b307b7b2a1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.plumplay.hk/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:59 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
br
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
x-magento-tags
FPC
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
pragma
no-cache
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/json
cache-control
max-age=0, must-revalidate, no-cache, no-store
expires
Wed, 13 Sep 2023 14:54:59 GMT
onsite
fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/ 		372 B
939 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/onsite?company_id=WUKGCL
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/vendors~signup_forms.0a55af0707af13bd6205.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c5d459a0ae76ff2d5933eacfb90d15b4d65dd4bf5175cad65f91825569f90f5c
Security Headers
Name Value
Content-Security-Policy object-src 'none'; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; report-uri /csp/
Strict-Transport-Security max-age=900

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
object-src 'none'; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval'; report-uri /csp/
via
1.1 varnish, 1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
strict-transport-security
max-age=900
age
639985
x-cache
HIT, HIT
content-length
372
x-served-by
cache-bos4662-BOS, cache-syd10170-SYD
server
nginx
allow
GET, HEAD, OPTIONS
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
content-language
en-us
cache-control
max-age=10
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
vary
Accept-Language, Cookie
accept-ranges
bytes
access-control-allow-headers
x-cache-hits
5, 0
full-forms
static-forms.klaviyo.com/forms/api/v7/WUKGCL/ 		31 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static-forms.klaviyo.com/forms/api/v7/WUKGCL/full-forms
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/vendors~signup_forms.0a55af0707af13bd6205.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b857b838282384530c4a0888c9edcc7aa7359b1bae16973185a9ff902835a95b

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
8Wz3q1w_J.PN7iEsTeIZNzaFcn2g..d4
content-encoding
gzip
via
1.1 varnish
date
Fri, 13 Sep 2024 14:54:59 GMT
x-amz-request-id
ZBA77GKW425WK5DS
age
141052
x-amz-server-side-encryption
AES256
x-cache
HIT
client-geo-continent
OC
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
full-forms/shared full-forms/WUKGCL custom-fonts/WUKGCL
content-length
4919
x-amz-id-2
TQyLmuT6SnrCGjW8dmgos6lfjW3qNBd1UcL14veQ6kRa7qD2K1nQHAyXfJpVjC5NrrI0S1OMknU=
x-served-by
cache-syd10163-SYD
client-geo-country
AU
last-modified
Wed, 11 Sep 2024 23:41:26 GMT
server
AmazonS3
x-timer
S1726239299.214044,VS0,VE0
etag
"a1e0afe9bf8586b4a01f0434dd79e4cf"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
client-geo-continent, client-geo-country
cache-control
max-age=5
accept-ranges
bytes
x-cache-hits
9
css2
fonts.googleapis.com/ 		23 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.66.234 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s15-in-f10.1e100.net
Software
ESF /
Resource Hash
6ca843c8152080da9858beb844feafe1264162fa3285d61286251ef9be1537e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 13 Sep 2024 14:54:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 13 Sep 2024 14:54:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 13 Sep 2024 14:54:59 GMT
cookies
www.plumplay.hk/amcookie/cookie/ 		5 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/amcookie/cookie/cookies
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
a1e99ef68d59d112f3226be242cb668ca03da717fd7d4b424b422b6d0226afd2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.plumplay.hk/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=edge
pragma
no-cache
date
Fri, 13 Sep 2024 14:54:59 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
br
server
nginx
vary
Accept-Encoding, Accept-Encoding
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
content-type
application/json
x-frame-options
SAMEORIGIN, SAMEORIGIN
cache-control
max-age=0, must-revalidate, no-cache, no-store
x-xss-protection
1; mode=block
expires
Wed, 13 Sep 2023 14:54:59 GMT
loader-1.gif
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/images/loader-1.gif
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
caefc900beabcb8b438e7e4861b34f560d256675a09c417fd201574cd257741c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:54:59 GMT
last-modified
Tue, 10 Sep 2024 10:47:41 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
17255
expires
Sat, 13 Sep 2025 14:54:59 GMT
/
www.plumplay.hk/amasty_fpc/reports/ 		0
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/amasty_fpc/reports/?ttfb=513&_=1726239299113
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.plumplay.hk/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=edge
pragma
no-cache
date
Fri, 13 Sep 2024 14:54:59 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
server
nginx
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
x-xss-protection
1; mode=block
expires
Wed, 13 Sep 2023 14:54:59 GMT
123456789012345
connect.facebook.net/signals/config/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/123456789012345?v=2.9.167&r=stable&domain=www.plumplay.hk&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-syd2.fbcdn.net
Software
/
Resource Hash
b5df71e6c523ca4a4909e0978de9c9510e8d6eeaef8145584d9e72007766f1e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 13 Sep 2024 14:54:59 GMT
document-policy
force-load-at-top
x-fb-server-load
43
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=1, rtx=0, c=74, mss=1232, tbw=66965, tp=63, tpl=0, uplat=234, ullat=1
pragma
public
x-fb-debug
okEtVF0zcEPR3YSidymeJpsqg5vV+ONys0vsOAnMXHjALehPSG+AOAKnHTrcnFQEuL4yj43AN+8IkNOzMPATqQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.24.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
hkg07s23-in-f3.1e100.net
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 07:42:46 GMT
x-content-type-options
nosniff
age
25933
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Sep 2025 07:42:46 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 13 Sep 2024 13:20:03 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
5696
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 13 Sep 2024 15:20:03 GMT
/
www.facebook.com/tr/ 		0
271 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=123456789012345&ev=PageView&dl=https%3A%2F%2Fwww.plumplay.hk%2F&rl=&if=false&ts=1726239299540&sw=1600&sh=1200&v=2.9.167&r=stable&a=dvapptrian&ec=0&o=28&it=1726239299293&coo=false&eid=PageView-918372740-5174970441726239299294&rqm=GET
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.8.35 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-syd2.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
UNKNOWN; q=-1, rtt=-1, rtx=0, c=10, mss=1317, tbw=2783, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 13 Sep 2024 14:54:59 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=123456789012345&ev=PageView&dl=https%3A%2F%2Fwww.plumplay.hk%2F&rl=&if=false&ts=1726239299540&sw=1600&sh=1200&v=2.9.167&r=stable&a=dvapptrian&ec=0&o=28&it=1726239299293&coo=false&eid=PageView-918372740-5174970441726239299294&rqm=FGET
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.8.35 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-syd2.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Fri, 13 Sep 2024 14:55:00 GMT
document-policy
force-load-at-top
x-fb-server-load
36
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7414141334801378444", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=1, rtx=0, c=10, mss=1317, tbw=3098, tp=-1, tpl=-1, uplat=262, ullat=0
pragma
no-cache
x-fb-debug
vcwQfFCi9zXn5faCr2wfkM+KweY3EVZpYVGIXBlKJ6ZV2N3bRR0z6hdyydF+z8PxyFGaVt1g73YxRWiZ0X0h6Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7414141334801378444"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
www.google-analytics.com/j/ 		15 B
222 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2521564&t=pageview&_s=1&dl=https%3A%2F%2Fwww.plumplay.hk%2F&ul=en-au&de=UTF-8&dt=Plum%20Play%20the%20Active%20Play%20Specialists&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=1754061498&gjid=1077079121&cid=1389865097.1726239300&tid=UA-104095032-1&_gid=1057713159.1726239300&_r=1&_slc=1&z=349226431
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.78 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
45db7c5e260a663b0b8cdeb32f641ebe2d32527e771cb848d5a2d5d4ce79e998
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 13 Sep 2024 14:54:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.plumplay.hk
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		316 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-667D7Y0D9F&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.167.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
3dcb4591244884349e320fc6121f938c903b11df04a441b19627800863f2e506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:00 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
107760
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 13 Sep 2024 14:55:00 GMT
runtime-config.json
na-library.klarnaservices.com/config/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://na-library.klarnaservices.com/config/runtime-config.json
Requested by
Host: eu-library.klarnaservices.com
URL: https://eu-library.klarnaservices.com/lib.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.122.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-122-102.sfo5.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5436162cb3cc1ae9477b03c7f207f41f028d611d17f462d5d597ae5d573da804

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
x-amz-version-id
IeqGwYlLMz07dKCxLPd59zDGiRP7EYXz
via
1.1 4d573cd6a6c0581b92beae04909c3dce.cloudfront.net (CloudFront)
x-amz-request-id
DSJTJX5ZF3ARRH5Q
x-amz-cf-pop
SFO5-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
1307
x-amz-id-2
h04pYP2sZZlrcc5ficFVKmoBrcHYnlUKqXPwj/84XhxkdlTI3kPOzHirxHlWcGtKausrv5RSVw8=
last-modified
Fri, 13 Sep 2024 14:21:34 GMT
server
AmazonS3
etag
"a00e7154bcfa4269d78d5545d415b60c"
vary
Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
access-control-max-age
3000
cache-control
public,max-age=60
accept-ranges
bytes
x-amz-cf-id
7gZoouv75MGZ-ETkZ78fRDreO3FfMJytPXMp14VLPSLalUV4LeWzVQ==
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-667D7Y0D9F&gtm=45je49b0v871155808za200&_p=1726239299692&_gaz=1&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=0&ul=en-au&sr=1600x1200&cid=1389865097.1726239300&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fwww.plumplay.hk%2F&dt=Plum%20Play%20the%20Active%20Play%20Specialists&sid=1726239300&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2625
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-667D7Y0D9F&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.24.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s20-in-f14.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 13 Sep 2024 14:55:01 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.plumplay.hk
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
246 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-667D7Y0D9F&cid=1389865097.1726239300&gtm=45je49b0v871155808za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-667D7Y0D9F&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 13 Sep 2024 14:55:01 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.plumplay.hk
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rul
td.doubleclick.net/td/ga/ Frame 751F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-667D7Y0D9F&gacid=1389865097.1726239300&gtm=45je49b0v871155808za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1612988868
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-667D7Y0D9F&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.204.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 13 Sep 2024 14:55:01 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.com.au/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-667D7Y0D9F&cid=1389865097.1726239300&gtm=45je49b0v871155808za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=1023468899
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.76.99 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s24-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 13 Sep 2024 14:55:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sdk.js
na-library.klarnaservices.com/v1/0.0.299/ 		500 KB
501 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://na-library.klarnaservices.com/v1/0.0.299/sdk.js
Requested by
Host: eu-library.klarnaservices.com
URL: https://eu-library.klarnaservices.com/lib.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.122.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-122-102.sfo5.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4083521115423de0f016a4730f6c11562e423f85c5654d5853d5c38c3a278ced

Request headers

Referer
Origin
https://www.plumplay.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:02 GMT
x-amz-version-id
r6dUnqPJOCe_PSYm5MW2naAaQK0wwom9
via
1.1 4d573cd6a6c0581b92beae04909c3dce.cloudfront.net (CloudFront)
x-amz-request-id
CY85ZSY5T4W5C907
x-amz-cf-pop
SFO5-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
512039
x-amz-id-2
kQ2unvxenQiMMU2eB4ASZlia1+c2XdLBF1INbeMdyp6HQHQ1BNYIdOdnLAfVWp6YnCCnVIJoqXUeq8F3XI23Fw==
last-modified
Thu, 12 Sep 2024 14:32:05 GMT
server
AmazonS3
x-amz-meta-sdk-version
0.0.299
etag
"8cfebe24a36da2783e6636b9cd4e27a7"
vary
Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
3000
cache-control
public,max-age=315360000
accept-ranges
bytes
x-amz-cf-id
bw-eq_0GCt-aKJ86Up8U7KjlAJuNWnr_1Cgg3ovXawrhL1F5krHRtA==
print.min.css
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/css/ 		1 KB
678 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/css/print.min.css
Requested by
Host: www.plumplay.hk
URL: https://www.plumplay.hk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
1325fbbd83887b4b56f821607648184ecaf3f1ee716363657064055fece579b4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
content-encoding
br
last-modified
Tue, 10 Sep 2024 10:47:48 GMT
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=31536000, public
expires
Sat, 13 Sep 2025 14:55:01 GMT
logo.svg
www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/images/ 		14 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/static/version1725965192/frontend/Plum/plum/en_IE/images/logo.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
b525505ca81706232d6ce6b2e4465499176006c5ba647503762fa019251f4ed3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
content-encoding
br
last-modified
Tue, 10 Sep 2024 10:47:41 GMT
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=31536000, public
expires
Sat, 13 Sep 2025 14:55:01 GMT
25_04_00000-Our-Story-Brand-167_png.webp
www.plumplay.hk/media/amasty/webp/homepage/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/amasty/webp/homepage/25_04_00000-Our-Story-Brand-167_png.webp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
1798b766e52f762de4692d25cc08794b6f4675e2f2de93e9c7731676765901b7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Tue, 25 Apr 2023 05:52:37 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
24618
expires
Sat, 13 Sep 2025 14:55:01 GMT
25_04_00000-Design-Innovation-Brand-130_png.webp
www.plumplay.hk/media/amasty/webp/homepage/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/amasty/webp/homepage/25_04_00000-Design-Innovation-Brand-130_png.webp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
19d74e37f65998cd340c68d7ddbc03d4f250cabb90c8bb844c16d9d61257e9ae
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Tue, 25 Apr 2023 05:52:36 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
19146
expires
Sat, 13 Sep 2025 14:55:01 GMT
25_04_Desktop-Ethical-Brand-Banner_png.webp
www.plumplay.hk/media/amasty/webp/homepage/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/amasty/webp/homepage/25_04_Desktop-Ethical-Brand-Banner_png.webp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
641ee9a0782dda9c71935f7551bb16cf4100855eea82342050892824967afbac
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Tue, 25 Apr 2023 05:52:40 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
7464
expires
Sat, 13 Sep 2025 14:55:01 GMT
005-facebook.png
www.plumplay.hk/media/graphics/icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/graphics/icons/005-facebook.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
6555e27455c576ab39a1c014e7cace104d6922f9b73a083e158094e6c9b4b775
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Fri, 27 Jul 2018 16:10:54 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2111
expires
Sat, 13 Sep 2025 14:55:01 GMT
004-twitter.png
www.plumplay.hk/media/graphics/icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/graphics/icons/004-twitter.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
223c72af255c49f96510003d042349309ebd8e461703fd1f77da17f5124cd0f7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Fri, 27 Jul 2018 16:10:54 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2738
expires
Sat, 13 Sep 2025 14:55:01 GMT
003-pinterest.png
www.plumplay.hk/media/graphics/icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/graphics/icons/003-pinterest.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
18725ea5eb42cb9adc7c72cc03aacfa42c58f0fbf0ddfd57603d54e3c7e068a7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Fri, 27 Jul 2018 16:10:54 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2901
expires
Sat, 13 Sep 2025 14:55:01 GMT
001-instagram.png
www.plumplay.hk/media/graphics/icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/graphics/icons/001-instagram.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
d05d99855a4a36fae10f21cbdbabb289dd4798c1bca69d78a9034ed17fb8c417
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Fri, 27 Jul 2018 16:10:54 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2597
expires
Sat, 13 Sep 2025 14:55:01 GMT
002-youtube.png
www.plumplay.hk/media/graphics/icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/graphics/icons/002-youtube.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
59a917f5f13939685d6eb54697444de63055b34fcb71c4fd1e3a017b76292081
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Fri, 27 Jul 2018 16:10:54 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
3155
expires
Sat, 13 Sep 2025 14:55:01 GMT
GB-flag.png
www.plumplay.hk/media/graphics/icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/graphics/icons/GB-flag.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
0f4688ec905c296f35add7ffca39646aaf1130e3741c312032cb1a0c6c748f7e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Fri, 27 Jul 2018 16:09:24 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2888
expires
Sat, 13 Sep 2025 14:55:01 GMT
IR-flag.png
www.plumplay.hk/media/graphics/icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/graphics/icons/IR-flag.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
6b1e66a5d3aa15663540fb94ddbd682659026bf4269f11544f08651638a41e75
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Fri, 27 Jul 2018 16:09:24 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2281
expires
Sat, 13 Sep 2025 14:55:01 GMT
AUS-flag.png
www.plumplay.hk/media/graphics/icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/media/graphics/icons/AUS-flag.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
d7b7d3bdc9ea58a43d84c8ccab2a828dee8ae25fbe3b12386ded5a80aa445ecc
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
last-modified
Fri, 27 Jul 2018 16:09:24 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
2910
expires
Sat, 13 Sep 2025 14:55:01 GMT
002-visa.png
www.plumplay.hk/pub/media/graphics/icons/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/pub/media/graphics/icons/002-visa.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
3564d2a8881b0176ce312f4715a118172f306bf9ecdf30d08fc49360a78e7cb4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:02 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
br
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
x-magento-tags
cat_c,cat_c_172,cat_c_198,cat_c_144,cat_c_153,cat_c_291,cat_c_294,cat_c_302,cat_c_305,cat_c_308,cat_c_310,store,cms_b,mp_smtp_script,cms_b_notice,cms_b_2,cms_b_menu,cms_b_3,cms_b_icons,cms_b_7,cms_b_footer-ie,cms_p_68,FPC
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
pragma
cache
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, no-cache, no-store
expires
Sat, 14 Sep 2024 14:55:01 GMT
003-mastercard-1.png
www.plumplay.hk/pub/media/graphics/icons/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/pub/media/graphics/icons/003-mastercard-1.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
7498f40feeaef69ac94f0f2d840168a2f9a6b3d3abcede595a8f92de6624a07e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:02 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
br
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
x-magento-tags
cat_c,cat_c_172,cat_c_198,cat_c_144,cat_c_153,cat_c_291,cat_c_294,cat_c_302,cat_c_305,cat_c_308,cat_c_310,store,cms_b,mp_smtp_script,cms_b_notice,cms_b_2,cms_b_menu,cms_b_3,cms_b_icons,cms_b_7,cms_b_footer-ie,cms_p_68,FPC
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
pragma
cache
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, no-cache, no-store
expires
Sat, 14 Sep 2024 14:55:02 GMT
004-mastercard.png
www.plumplay.hk/pub/media/graphics/icons/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/pub/media/graphics/icons/004-mastercard.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
d8b9038b18584e05247d582ff33c313fd6449d148f203c9630bef0a50573051b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
br
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
x-magento-tags
cat_c,cat_c_172,cat_c_198,cat_c_144,cat_c_153,cat_c_291,cat_c_294,cat_c_302,cat_c_305,cat_c_308,cat_c_310,store,cms_b,mp_smtp_script,cms_b_notice,cms_b_2,cms_b_menu,cms_b_3,cms_b_icons,cms_b_7,cms_b_footer-ie,cms_p_68,FPC
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
pragma
cache
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, no-cache, no-store
expires
Sat, 14 Sep 2024 14:55:01 GMT
001-paypal-logo.png
www.plumplay.hk/pub/media/graphics/icons/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/pub/media/graphics/icons/001-paypal-logo.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
1d5f139d0a9e0e003869a3acbaf494a9d23482016d120a905fa4f6ca295919ad
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:02 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
br
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
x-magento-tags
cat_c,cat_c_172,cat_c_198,cat_c_144,cat_c_153,cat_c_291,cat_c_294,cat_c_302,cat_c_305,cat_c_308,cat_c_310,store,cms_b,mp_smtp_script,cms_b_notice,cms_b_2,cms_b_menu,cms_b_3,cms_b_icons,cms_b_7,cms_b_footer-ie,cms_p_68,FPC
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
pragma
cache
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, no-cache, no-store
expires
Sat, 14 Sep 2024 14:55:01 GMT
stars-4.png
www.plumplay.hk/pub/media/graphics/icons/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/pub/media/graphics/icons/stars-4.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
97749b45800008c6d6bcdacd2a26c0ff94bef2b1d43c59a871ac8cc821ed6f39
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:02 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
br
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
x-magento-tags
cat_c,cat_c_172,cat_c_198,cat_c_144,cat_c_153,cat_c_291,cat_c_294,cat_c_302,cat_c_305,cat_c_308,cat_c_310,store,cms_b,mp_smtp_script,cms_b_notice,cms_b_2,cms_b_menu,cms_b_3,cms_b_icons,cms_b_7,cms_b_footer-ie,cms_p_68,FPC
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
pragma
cache
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, no-cache, no-store
expires
Sat, 14 Sep 2024 14:55:01 GMT
Comodo-trustlogo-500.png
www.plumplay.hk/pub/media/graphics/icons/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.plumplay.hk/pub/media/graphics/icons/Comodo-trustlogo-500.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
869a7370323ba667cbd1fd1d7f563ecc48badb098ce6a9b1a60ded8fc6f14a1c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:02 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
br
content-security-policy-report-only
font-src *.squarecdn.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.klarnacdn.net static.zipmoney.com.au *.s3.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.kaptcha.com portal.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au s3.eu-west-2.amazonaws.com *.s3-ap-southeast-2.amazonaws.com *.s3.ap-southeast-2.amazonaws.com www.google.co.in www.google.co.uk/ jsdelivr.at *.com.au *.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co *.klarnaservices.com *.zipmoney.com.au *.clerk.io *.latitudepayapps.com *.zip.co https://www.plumplay.com.au/admin_12g477/xtento_orderexport/manual/index/ *.klarna.com *.luckyorange.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com *.google.com *.yotpo.com *.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.google.co.in 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.yotpo.com *.klarnaservices.com *.zipmoney.com.au *.amplitude.com *.zip.co *.g.doubleclick.net *.google.co.in *.googlesyndication.com dpe0djwch8671.cloudfront.net *.luckyorange.com wss://accept.bar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
x-magento-tags
cat_c,cat_c_172,cat_c_198,cat_c_144,cat_c_153,cat_c_291,cat_c_294,cat_c_302,cat_c_305,cat_c_308,cat_c_310,store,cms_b,mp_smtp_script,cms_b_notice,cms_b_2,cms_b_menu,cms_b_3,cms_b_icons,cms_b_7,cms_b_footer-ie,cms_p_68,FPC
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
pragma
cache
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, no-cache, no-store
expires
Sat, 14 Sep 2024 14:55:01 GMT
favicon.ico
www.plumplay.hk/media/favicon/stores/3/ 		15 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.plumplay.hk/media/favicon/stores/3/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.1.184.152 Sydney, Australia, ASN133159 (MAMMOTHMEDIA-AS-AP Mammoth Media Pty Ltd, AU),
Reverse DNS
vps1.plumproducts.com.au
Software
nginx /
Resource Hash
78f3795abfcf7f012b273bc163c52c1aab88748d96cfc728b51e867322350b4f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.plumplay.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 14:55:01 GMT
content-encoding
br
last-modified
Wed, 24 Oct 2018 14:23:51 GMT
server
nginx
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/x-icon
cache-control
max-age=31536000, public
expires
Sat, 13 Sep 2025 14:55:01 GMT

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| LOCALE string| BASE_URL function| require function| requirejs function| define object| storageShim object| AEC object| ww object| cookiesConfig object| checkout object| authenticationPopup function| validate_signup object| acc function| fbq function| _fbq function| amlazy function| amlazycallback function| loadDeferredStyles function| _typeof function| ownKeys function| _objectSpread function| _defineProperty function| _toPropertyKey function| _toPrimitive object| KLAVIYO_JS_REGEX function| logFailedKlaviyoJsLoad object| _learnq string| __klKey function| jQuery object| Cookies object| webpackChunk_klaviyo_onsite_modules function| tinycolor function| _ object| _klOnsite object| klaviyo object| cookieStorage function| mediaCheck number| char string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| webpackChunk_klarna_web_sdk_lib object| Klarna number| KlarnaWebSDKScriptLoaded object| KlarnaOnsiteService object| kudt object| OnsiteMessaging object| google_tag_manager function| onYouTubeIframeAPIReady object| litPropertyMetadata object| reactiveElementVersions object| litHtmlVersions object| litElementVersions

21 Cookies

Domain/Path Name / Value
www.plumplay.hk/ Name: X-Magento-Vary
Value: 0e356bbc81aaed8dd56d5f3781678a004786c815
www.plumplay.hk/ Name: __kla_id
Value: eyJjaWQiOiJaV0l3WmpBMFlqTXRaVEV3WkMwME5EWTRMV0kyTVRVdFpXTXdNekZtTkRZME5tWmkiLCIkcmVmZXJyZXIiOnsidHMiOjE3MjYyMzkyOTksInZhbHVlIjoiIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vd3d3LnBsdW1wbGF5LmhrLyJ9LCIkbGFzdF9yZWZlcnJlciI6eyJ0cyI6MTcyNjIzOTI5OSwidmFsdWUiOiIiLCJmaXJzdF9wYWdlIjoiaHR0cHM6Ly93d3cucGx1bXBsYXkuaGsvIn19
www.plumplay.hk/ Name: form_key
Value: qVA9DieYAUnCLhF4
www.plumplay.hk/ Name: mage-cache-storage
Value: {}
www.plumplay.hk/ Name: mage-cache-storage-section-invalidation
Value: {}
www.plumplay.hk/ Name: mage-cache-sessid
Value: true
www.plumplay.hk/ Name: mage-messages
Value:
.plumplay.hk/ Name: PHPSESSID
Value: deebecb741c6a6242963ccc0f2c64e4e
.plumplay.hk/ Name: form_key
Value: qVA9DieYAUnCLhF4
.plumplay.hk/ Name: amcookie_policy_restriction
Value: denied
www.plumplay.hk/ Name: recently_viewed_product
Value: {}
www.plumplay.hk/ Name: recently_viewed_product_previous
Value: {}
www.plumplay.hk/ Name: recently_compared_product
Value: {}
www.plumplay.hk/ Name: recently_compared_product_previous
Value: {}
www.plumplay.hk/ Name: product_data_storage
Value: {}
.www.plumplay.hk/ Name: _ga
Value: GA1.3.1389865097.1726239300
.www.plumplay.hk/ Name: _gid
Value: GA1.3.1057713159.1726239300
.www.plumplay.hk/ Name: _gat
Value: 1
.www.plumplay.hk/ Name: _ga_667D7Y0D9F
Value: GS1.3.1726239300.1.0.1726239300.60.0.0
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.plumplay.hk/ Name: _bss_form_key
Value: kCIkQGghZUtjiTWy

6 Console Messages

Source Level URL
Text
network error URL: https://www.plumplay.hk/pub/media/graphics/icons/004-mastercard.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.plumplay.hk/pub/media/graphics/icons/002-visa.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.plumplay.hk/pub/media/graphics/icons/stars-4.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.plumplay.hk/pub/media/graphics/icons/Comodo-trustlogo-500.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.plumplay.hk/pub/media/graphics/icons/001-paypal-logo.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.plumplay.hk/pub/media/graphics/icons/003-mastercard-1.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
connect.facebook.net
eu-library.klarnaservices.com
fast.a.klaviyo.com
fonts.googleapis.com
fonts.gstatic.com
na-library.klarnaservices.com
static-forms.klaviyo.com
static-tracking.klaviyo.com
static.klaviyo.com
stats.g.doubleclick.net
td.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com.au
www.googletagmanager.com
www.plumplay.hk
103.1.184.152
13.35.122.102
142.250.204.2
142.250.66.234
142.250.76.99
142.251.221.78
151.101.194.133
151.101.2.133
157.240.8.23
157.240.8.35
172.217.167.72
172.217.24.35
172.217.24.46
18.155.192.82
74.125.68.155
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
0f4688ec905c296f35add7ffca39646aaf1130e3741c312032cb1a0c6c748f7e
1325fbbd83887b4b56f821607648184ecaf3f1ee716363657064055fece579b4
1798b766e52f762de4692d25cc08794b6f4675e2f2de93e9c7731676765901b7
185a97333db58fa341a3cbb7c1e36ee73eb0970aeefeaebb11baf5b307b7b2a1
18725ea5eb42cb9adc7c72cc03aacfa42c58f0fbf0ddfd57603d54e3c7e068a7
19d74e37f65998cd340c68d7ddbc03d4f250cabb90c8bb844c16d9d61257e9ae
1d5f139d0a9e0e003869a3acbaf494a9d23482016d120a905fa4f6ca295919ad
1e10739ee1044e12b20f2b864bc40c0cabfac51fe58e98f0058d51294d27f3f2
223c72af255c49f96510003d042349309ebd8e461703fd1f77da17f5124cd0f7
23fe962bf16a9f345bb381c669f07e057b4a0633fa559acfb8988c52a63f8a43
2a6d90b55a4309d0187331c8d18508768f3f4e0efff92c1645e8f3ef248ed3f5
33a84153136c8f750cb5025c5ecb07b4fb55df652252951b59cb5ddbd9e1e908
3564d2a8881b0176ce312f4715a118172f306bf9ecdf30d08fc49360a78e7cb4
3a8064f60be8d5091bbd24ebac2fac924f2bfa1fd48b7cb06fd8c08c8be8e198
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3dcb4591244884349e320fc6121f938c903b11df04a441b19627800863f2e506
4083521115423de0f016a4730f6c11562e423f85c5654d5853d5c38c3a278ced
45db7c5e260a663b0b8cdeb32f641ebe2d32527e771cb848d5a2d5d4ce79e998
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4ff03ade0aca405db5eae97a4833302e7d32b77b48afbe9f950700cd8f24dbd2
518958d7a215c2d98b1fd57baf69fe0d8ada51a05f50f066cb7ec0d27452c0d2
5436162cb3cc1ae9477b03c7f207f41f028d611d17f462d5d597ae5d573da804
54a95e5381069af1c1ffe30d039643382c05ebd59d587161b142d5f29290c909
59a917f5f13939685d6eb54697444de63055b34fcb71c4fd1e3a017b76292081
641ee9a0782dda9c71935f7551bb16cf4100855eea82342050892824967afbac
6555e27455c576ab39a1c014e7cace104d6922f9b73a083e158094e6c9b4b775
69fd4fd58ab3812b5b43a91478b13191fee58a0a438a5901345c89ea4991e9ca
6b1e66a5d3aa15663540fb94ddbd682659026bf4269f11544f08651638a41e75
6ca843c8152080da9858beb844feafe1264162fa3285d61286251ef9be1537e6
6dad622df29b8349e401bdd3d4337a51e0536e02635c33c10342b0c9f4bdd13c
6eaa7d84867f4a3f58d1cff2d44b4d4adfcc58072a48d761fe092b7e6172b253
71543b7776396e7d6f972065127f716d415da47b048fd72c68c52a4f375af021
7498f40feeaef69ac94f0f2d840168a2f9a6b3d3abcede595a8f92de6624a07e
75e379756ebeeec1f0e43429578a0a52de9503ed0689d9ab745c73c485de4b6d
78f3795abfcf7f012b273bc163c52c1aab88748d96cfc728b51e867322350b4f
796de1bd57056646e70e7749841a0f1f15043f263e63cd41f252e238e3a40b1c
811c13b5ffa267fe2b53adbf1d40cc42ee7cffa7374297297159d629051fcefa
869a7370323ba667cbd1fd1d7f563ecc48badb098ce6a9b1a60ded8fc6f14a1c
8d7d2922afbb7aeb4815edfb4393e0fea0132bfbcce9246ce278c43f8067f2d6
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
97749b45800008c6d6bcdacd2a26c0ff94bef2b1d43c59a871ac8cc821ed6f39
a1e99ef68d59d112f3226be242cb668ca03da717fd7d4b424b422b6d0226afd2
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b367d278abdbff97dcca334e31b1714fae2f7922f2347c5e76a6fd2c67f15079
b525505ca81706232d6ce6b2e4465499176006c5ba647503762fa019251f4ed3
b5df71e6c523ca4a4909e0978de9c9510e8d6eeaef8145584d9e72007766f1e7
b857b838282384530c4a0888c9edcc7aa7359b1bae16973185a9ff902835a95b
c3061c3788ad5783ef8a5d10c454bafe7eb942c48200dccc852cc6d3c9f303d4
c5d459a0ae76ff2d5933eacfb90d15b4d65dd4bf5175cad65f91825569f90f5c
c853e00afaed8f5bc00f96b24ea685eeb960433abf7dd98a79df91e591301231
caefc900beabcb8b438e7e4861b34f560d256675a09c417fd201574cd257741c
d05d99855a4a36fae10f21cbdbabb289dd4798c1bca69d78a9034ed17fb8c417
d2586e045767a0379e2072dc2fd04a86e9b2514620ffab62af46318aa20e2f01
d7b7d3bdc9ea58a43d84c8ccab2a828dee8ae25fbe3b12386ded5a80aa445ecc
d8b9038b18584e05247d582ff33c313fd6449d148f203c9630bef0a50573051b
da90484142079a67f8609c50324de041125ee49ca7eff1dff04527f393b082c9
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
e970869c33bf34e4efdffeed811711d5e1d3956d08ed64a85865d544099b3395
e970f71749c0f7892047ea34c7d9a50b30fb1794249679d89a3f0f40748217b6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f73c578afd4839c471623755979976453bc91f26c0cf24a9f302e0024bf30a7f