URL: https://minhaloja.boticario.com.br/
Submission: On December 23 via manual from BR — Scanned from DE

Summary

This website contacted 19 IPs in 3 countries across 15 domains to perform 89 HTTP transactions. The main IP is 143.204.98.13, located in United States and belongs to AMAZON-02, US. The main domain is minhaloja.boticario.com.br.
TLS certificate: Issued by Amazon on November 26th 2021. Valid for: a year.
This is the only time minhaloja.boticario.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
38 minhaloja.boticario.com.br minhaloja.boticario.com.br
9 www.gstatic.com minhaloja.boticario.com.br
www.google.com
www.gstatic.com
7 www.google.com minhaloja.boticario.com.br
www.gstatic.com
6 fonts.gstatic.com fonts.googleapis.com
6 cdn.cookielaw.org minhaloja.boticario.com.br
cdn.cookielaw.org
4 www.google-analytics.com minhaloja.boticario.com.br
4 fonts.googleapis.com minhaloja.boticario.com.br
3 gb-assets.grupoboticario.digital minhaloja.boticario.com.br
2 cdn-global.configcat.com minhaloja.boticario.com.br
1 vars.hotjar.com minhaloja.boticario.com.br
1 script.hotjar.com minhaloja.boticario.com.br
1 bam.nr-data.net minhaloja.boticario.com.br
1 static.hotjar.com minhaloja.boticario.com.br
1 js-agent.newrelic.com minhaloja.boticario.com.br
1 stats.g.doubleclick.net minhaloja.boticario.com.br
1 meucatalogodigitalresources.grupoboticario.digital minhaloja.boticario.com.br
1 www.googletagmanager.com minhaloja.boticario.com.br
1 geolocation.onetrust.com minhaloja.boticario.com.br
0 www.google.co.uk Failed minhaloja.boticario.com.br
89 19

This site contains links to these domains. Also see Links.

Domain
privacidade.grupoboticario.com.br
Subject Issuer Validity Valid
*.boticario.com.br
Amazon
2021-11-26 -
2022-12-25
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2021-06-01 -
2022-05-31
a year crt.sh
upload.video.google.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.grupoboticario.digital
Amazon
2021-02-04 -
2022-03-05
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2021-02-12 -
2022-02-11
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.configcat.com
AlphaSSL CA - SHA256 - G2
2021-04-29 -
2022-05-31
a year crt.sh
*.gstatic.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
www.google.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.google.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021
2021-10-06 -
2022-11-07
a year crt.sh
*.hotjar.com
Amazon
2021-11-25 -
2022-12-23
a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA
2020-02-05 -
2022-02-08
2 years crt.sh

This page contains 4 frames:

Primary Page: https://minhaloja.boticario.com.br/
Frame ID: A325B7307B6D11CBD0F33D870614EA96
Requests: 72 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5&co=aHR0cHM6Ly9taW5oYWxvamEuYm90aWNhcmlvLmNvbS5icjo0NDM.&hl=de&type=image&v=VZKEDW9wslPbEc9RmzMqaOAP&theme=light&size=invisible&badge=bottomright&cb=109dm0q0v5n9
Frame ID: 678E2BABA6F8C3E6E62CC19B4DB203A0
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=VZKEDW9wslPbEc9RmzMqaOAP&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5
Frame ID: 7952F23B2CCF9A42A2E52A0EBB8BFB1E
Requests: 12 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-a1ae2079824d1c48aa9ce06efb256f18.html
Frame ID: 07123FCBE97CB15DC22F4E7D315EF7B3
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

O Boticário | Minha Loja Digital

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

89
Requests

99 %
HTTPS

56 %
IPv6

15
Domains

19
Subdomains

19
IPs

3
Countries

2087 kB
Transfer

6041 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

89 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
minhaloja.boticario.com.br/
3 KB
3 KB
Document
General
Full URL
https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d4995bdb0d79766a30b0c3af9ba395424f11a67b0a0dcde618c210ba2b67f3df
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html
last-modified
Wed, 22 Dec 2021 13:17:20 GMT
x-amz-server-side-encryption
AES256
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
referrer-policy
same-origin
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
service-worker-allowed
/
content-encoding
gzip
date
Thu, 23 Dec 2021 14:57:07 GMT
cache-control
max-age=300, public
etag
W/"6b9c01986aa681d685438f098e4d97f5"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
O7zgrNlX_bsSIHhnfIWsjZRUP5UAUtUNX5ExYJUrRCpe6LzQ-xYOlw==
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
19 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d2a74d8b25e1ccd4b1294b0b937804bc24aeea7f46edad3f3c1f91604d2708c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
BXRr8anumVFsMvgN5QlueA==
age
8347
vary
Accept-Encoding
content-length
6508
x-ms-lease-status
unlocked
last-modified
Fri, 17 Dec 2021 17:08:36 GMT
server
cloudflare
etag
0x8D9C17FDD6FB88D
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
52c8446c-501e-0127-6d63-f404fa000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c2270c34ffc68f5-FRA
css2
fonts.googleapis.com/
4 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;500&display=swap
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f9714289219fcd069b4b97027f6cc40309ff4b22aa46070c4c03e77ca0df7b05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 23 Dec 2021 14:50:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 23 Dec 2021 14:57:07 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 23 Dec 2021 14:57:07 GMT
css2
fonts.googleapis.com/
2 KB
485 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Red+Hat+Display:wght@500;700&display=swap
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8a883974729df810eb42dda5ee43ba10e8a9be598ed5a97610cfa56358991e8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 23 Dec 2021 14:49:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 23 Dec 2021 14:57:07 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 23 Dec 2021 14:57:07 GMT
css2
fonts.googleapis.com/
4 KB
706 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;500&display=swap
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0ed1c09a270e3ec711b4aaf5b05d2cb99d62c25360e798a1434711bd397de575
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 23 Dec 2021 13:51:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 23 Dec 2021 14:57:07 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 23 Dec 2021 14:57:07 GMT
MaisonNeueExt.css
gb-assets.grupoboticario.digital/eam/font/
586 B
996 B
Stylesheet
General
Full URL
https://gb-assets.grupoboticario.digital/eam/font/MaisonNeueExt.css
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-10.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1582818ac1ba9ee326fa08cdb4db4791a2bf031aaf976a8e121ac535b594c398

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
WrBWy07eUZsh2LrUoSv4F0NiFKk7NZXx
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
last-modified
Wed, 24 Mar 2021 20:46:18 GMT
server
AmazonS3
age
14978
etag
"19e3943c5cbbc9a825de521ca27fe18a"
x-cache
Hit from cloudfront
content-type
text/css
date
Thu, 23 Dec 2021 14:49:50 GMT
x-amz-meta-version-id
XSuhmhsEC3wkBYbURCtRjU1TPBW7XswB
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
586
x-amz-cf-id
VJL5qcLap38UkBYKjNA0gqZj059E1y3PhKpHrIJrTMu4w2sx-4TTwg==
css2
fonts.googleapis.com/
2 KB
503 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
24508b82a87ed41e1dbec0e55a404055cab488d5417d0a0352adb1551ff98aa0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 23 Dec 2021 13:44:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 23 Dec 2021 14:57:07 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 23 Dec 2021 14:57:07 GMT
reset.css
minhaloja.boticario.com.br/container/latest/css/
1005 B
3 KB
Stylesheet
General
Full URL
https://minhaloja.boticario.com.br/container/latest/css/reset.css
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
121e8b47d5e772c09d51347f5ceff9edf192b637d35d454b6fb69acbb3b366af
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91715
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:17:19 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"365d8e12df781834ff2eabf790a8c382"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
59oa4g6uMiHkEviH4VhiiNGsfuxvucTgIaYPaeqd1ep5HL-BWwWMbQ==
normalize.css
minhaloja.boticario.com.br/container/latest/css/
9 KB
5 KB
Stylesheet
General
Full URL
https://minhaloja.boticario.com.br/container/latest/css/normalize.css
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e66647558738216efd2c6a0460f380175b08b7c8407dbbebde8e3f7bbe1eeefb
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91715
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:17:19 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"e1874f392ad93753772d2f8a65dedc6d"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/css
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
al6zDNZXi9SQS3zztZTXpZb2ZecpVPU4rKIsOddyVHvC-lrA9OVAGw==
main.bundle.5a8123f787e0a4950994.js
minhaloja.boticario.com.br/container/latest/js/
9 KB
6 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/container/latest/js/main.bundle.5a8123f787e0a4950994.js?a9abaf2c7acf8ae3beb6
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
11d6ee17bd470d906704e12f6cfe99d1c87519aa9b52239aff003646fa5e6190
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91703
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:17:37 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"5991ee190ca963cdd6ae0243b39417aa"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
3jDRYbxr3ZGeayIgrcIT_zCLQREgB_07bxH6TThs2ShKyA2jQ_UqSg==
newRelicSnippet.js
minhaloja.boticario.com.br/container/latest/scripts/
27 KB
12 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da9ddaf5cac3f0e3e7a3b7df692dd604a9579d5a58e8f0eb08cc4e71581cbf6d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91703
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:17:38 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"f41e2d42ee9366c7fa9d2f2a479fdf44"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
6UHBjiLGJFplUjvKzFIvCTSE_TXFqZ7KUtcG1MaZ4YNaZnVMKIpxvQ==
5c7a925d-2987-4be9-a60b-fc346dae1f61.json
cdn.cookielaw.org/consent/5c7a925d-2987-4be9-a60b-fc346dae1f61/
3 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/5c7a925d-2987-4be9-a60b-fc346dae1f61/5c7a925d-2987-4be9-a60b-fc346dae1f61.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6af7f2a7319a700fa7d79c2ee318a8f468b39325b04b8740f963a2678932beeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
TsaOYtk1a75+WvHucPBJGg==
age
437
vary
Accept-Encoding
content-length
1307
x-ms-lease-status
unlocked
last-modified
Wed, 22 Sep 2021 12:58:20 GMT
server
cloudflare
etag
0x8D97DC8A7A69726
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b1a20eba-a01e-005b-3b14-b6df9a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c2270c39e9f5c0e-FRA
expires
Thu, 23 Dec 2021 18:57:07 GMT
20.bundle.3e6a3d2e9c34190533de.js
minhaloja.boticario.com.br/container/latest/js/
162 KB
47 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/container/latest/js/20.bundle.3e6a3d2e9c34190533de.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee8a8114c7658b7865e50235668f485cb48a22439d8f9afd987eb2a3f9ff1359
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91702
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:17:22 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"e5e20c024c65ed774352af296474f875"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
One_xxYEjKQ5bjEkS58ulnFWIL2XdHHUMiEubSGr1NXNUiOuNHLFHA==
remoteEntry.js
minhaloja.boticario.com.br/admin/latest/
10 KB
7 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/remoteEntry.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0fc5b4dedeb4acc1a01efc2b226aa9a7904a82b9a4cab6e2b90dd26a4068856e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:21:00 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"4885cc14c8ba00cdbbaca1de3fb98b56"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
no-store, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-id
aEoiQLiljg3_YpFg2fSLb4GHWQP8rgPaH2x-HyaDszCKltBzd3X_Cw==
remoteEntry.js
minhaloja.boticario.com.br/vitrine/latest/
8 KB
6 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/vitrine/latest/remoteEntry.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
394f74a2fd40f8a7d48ab0fef108547ce5b4580f4e87ed22cd69f76e6415f2e4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:19:55 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"e2b92fc20ac420bfca16400489953a0f"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
no-store, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-id
tvNEuV8YJz94iVSWbxjp8c5BcLG8pb0N9mk0d75d9sfAo7E3EhPZzA==
354.bundle.69ba24080f07000ff039.js
minhaloja.boticario.com.br/container/latest/js/
23 KB
8 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/container/latest/js/354.bundle.69ba24080f07000ff039.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7f34893a704d4a71da0fa274dd428284f6fb17b549008ae11148b851435a3e51
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91702
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:17:27 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"2654cf521e826cddb21f01d06bf5e41c"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
ruYcfJZBfYPGi6PID0Zb37QiPOH_dpUtLKGz1jp4OFsAViDW8wx7AQ==
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
165 B
388 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77ae4fb56d2da594993ef6f0203c0cef103af28f7e4c5e0ac045909137422cf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6c2270c3dddf4e92-FRA
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.24.0/
317 KB
76 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.24.0/otBannerSdk.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec2f6762f857fdc509ffa369c2b398982af1fa6cd2c0298d6088046fa757b852
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
V5hcbF1dEgrls6P2M61C9g==
age
5669376
vary
Accept-Encoding
content-length
77260
x-ms-lease-status
unlocked
last-modified
Thu, 30 Sep 2021 02:38:37 GMT
server
cloudflare
etag
0x8D983BB67EEBDFE
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
646ab96e-a01e-00d8-5b6c-c47f37000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c2270c3f9a068f5-FRA
pt.json
cdn.cookielaw.org/consent/5c7a925d-2987-4be9-a60b-fc346dae1f61/ab330c12-9ad3-4177-9183-63541ae111ae/
38 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/5c7a925d-2987-4be9-a60b-fc346dae1f61/ab330c12-9ad3-4177-9183-63541ae111ae/pt.json
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
858d3ae73f132b8f3d872db375db917a266b904a671ef12213fe898b038d9237
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
s5rLtE5nBT0RlXFZPJ+G/g==
age
437
vary
Accept-Encoding
content-length
12228
x-ms-lease-status
unlocked
last-modified
Wed, 22 Sep 2021 12:58:23 GMT
server
cloudflare
etag
0x8D97DC8A953ADD6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
eb94c73a-201e-0145-65bc-cb4322000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c2270c448675c0e-FRA
expires
Thu, 23 Dec 2021 18:57:07 GMT
otFloatingFlat.json
cdn.cookielaw.org/scripttemplates/6.24.0/assets/
10 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.24.0/assets/otFloatingFlat.json
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29a93d731434e92cd8081bb2af123c2cea435d7893245a04134d7fbf713518f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
9rK3Ikd9KsAnky96tLlwvw==
age
437
vary
Accept-Encoding
content-length
2675
x-ms-lease-status
unlocked
last-modified
Thu, 30 Sep 2021 02:38:28 GMT
server
cloudflare
etag
0x8D983BB62C7DDA4
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
ba238190-e01e-00b9-4e0c-f63be8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6c2270c478fe5c0e-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.24.0/assets/
20 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.24.0/assets/otCommonStyles.css
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Ye6OeZcNyuFoWog7CYs00A==
age
4872518
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Thu, 30 Sep 2021 02:38:45 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
a790b2cd-001e-0116-45bc-cb5f2d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
6c2270c479005c0e-FRA
truncated
/
817 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
294.bundle.db5a5817d696cd923f92.js
minhaloja.boticario.com.br/vitrine/latest/js/
7 KB
5 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/vitrine/latest/js/294.bundle.db5a5817d696cd923f92.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
437ba48e15c6a06a669c284df1c9516ca2678f6aaae8e080a26a3662c0891c03
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91701
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:19:44 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"eaf67ee7b7d4506295dc159c56606594"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
wANzwpU6knWJ7EmwYfJY5G9-YFRGSoYc-0qGCznKCrix-hiRQfxjdQ==
935.bundle.7cddea9ad86acda3f1f6.js
minhaloja.boticario.com.br/vitrine/latest/js/
121 KB
42 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/vitrine/latest/js/935.bundle.7cddea9ad86acda3f1f6.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e07b00827f5f6d2c71523bac1292216711543a067a8d0f2532454ba28266cfcb
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91701
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:19:52 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"73e5f7497a2659bee49d2195e7a07b2f"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
edRpk7kVQkSGJNwdadxj70Asy439MDlu77My6CpOFip3_VUquLqvTg==
216.bundle.7b0e68737d14c69187ab.js
minhaloja.boticario.com.br/vitrine/latest/js/
11 KB
6 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/vitrine/latest/js/216.bundle.7b0e68737d14c69187ab.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f54a6119d3615df97b64f039557b186019f21742edd3915754aaf88aa7b4e2e9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:25:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91892
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:19:42 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"8b919cf09863b223ac6557d72a8027d7"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
SKRuwCdJt01ALPMIS2lc19AaFqoCkVMAf2UWWefBAnDqWFRLjORtyg==
961.bundle.7f03cc7bc617a1dd06c7.js
minhaloja.boticario.com.br/vitrine/latest/js/
4 KB
4 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/vitrine/latest/js/961.bundle.7f03cc7bc617a1dd06c7.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d723c4ceb0f73b7ebd59aa950a0324f05b8d7d109faf1f27e3b84f47c7d60e0b
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91701
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:19:54 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"c23db646efd40be3aac63a42db660fe7"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
lZjJQzGsBzi3ykQ4QnbMb64qRBfZ1vZkKir375l1C140q2qowdQqwQ==
163.bundle.92211029fba5215177b0.js
minhaloja.boticario.com.br/vitrine/latest/js/
37 KB
16 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/vitrine/latest/js/163.bundle.92211029fba5215177b0.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d9decf32d1f341945c160f048ab3fc63f1d0c6df7f745dd0f49cdfc3117b5b4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91701
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:19:42 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"abb567f08eb6961816e060d91679cc94"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
ItfZF9_MTtBjHBgv-LEEQTls6_lfdvlJJZstkqgUuZHezi4hIRu1WA==
gtm.js
www.googletagmanager.com/
179 KB
63 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PTX3XVW&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1d00fa4e870bfaf3c239ff7b982ca1f164d781e8fbd0eff5730d1cbb74bded2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63831
x-xss-protection
0
last-modified
Thu, 23 Dec 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 23 Dec 2021 14:57:07 GMT
938.bundle.73d6e2ffbf16aeeef39b.js
minhaloja.boticario.com.br/container/latest/js/
641 B
3 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/container/latest/js/938.bundle.73d6e2ffbf16aeeef39b.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bbffe137df9de30504c9a813fff9ee7c6b60b2e802daf9aeb7e3d476ac90614a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:25:40 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
91888
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
641
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:17:34 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"abdffcd62a0de5ceb88da3962097dcff"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
-QM6kjQnMMpBBVa6xHyuk6IKAepao23xpOmKjOabfkhBxu3JoUAC6g==
6802.bundle.ae4335c4b622ec099c60.js
minhaloja.boticario.com.br/admin/latest/js/
59 KB
21 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/6802.bundle.ae4335c4b622ec099c60.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7ff92102b6f813e294c4bbd27c6b2c526f69a5d13636eaecdcd94e92fffc2552
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 14:13:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
89008
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:49 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"4990e4205189ca6326be5f2c04fc7120"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
0CrsYykOEXi5Nr7lIvzbQMxoqYQ0kbK3HKYgsy5FD7c3uRAM59IYjA==
5262.bundle.1d9fd27a7c8de7e1da71.js
minhaloja.boticario.com.br/admin/latest/js/
72 KB
12 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/5262.bundle.1d9fd27a7c8de7e1da71.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e1d3f2ecd8f883d83fb05bca8f430a39877676475b620e6db6eccf61c5fa8daf
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 14:31:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
87932
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:42 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"682355a3a40f677f6ce9e5245bfec437"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
MtRfwmZeYMkvo4opwlIBO7erOzMA5HOFzq4A3Od22bXVKXSXxFEohQ==
3356.bundle.3acb13eb1c89517d2205.js
minhaloja.boticario.com.br/admin/latest/js/
231 KB
66 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/3356.bundle.3acb13eb1c89517d2205.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb9950bf5f0a01a67b38064c58d15a8aff6e674e4f3c494733ffc861fe815912
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 14:31:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
87932
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:37 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"7ac2ee58b82a09d56403ec81565eb0a5"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
7nUYYLQ6Yoa0Gl2avrEveNNp1ZZRLrjUt5EG8d2Ierht2bC_tlvmGg==
3665.bundle.5c51d88d95d8da096ec9.js
minhaloja.boticario.com.br/admin/latest/js/
82 KB
23 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/3665.bundle.5c51d88d95d8da096ec9.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d285fae14a8b969bb0d4e5f10ea88e6ec60610d5090818b1ade3e244a03fc832
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 14:13:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
89007
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:38 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"4d16d9973d3dc30ae6bd2819d6cbc6d5"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
GxbGUCxNzEzLRRK5xa0EdoBc-8vmCvluO4rhNrKv8k7B9uhCnSmyOw==
config_v5.json
cdn-global.configcat.com/configuration-files/9D3YCJhyTUOPJjMCSwiK0g/UwYPlWK-2UGO5uENhLY5gA/ Frame
0
0
Preflight
General
Full URL
https://cdn-global.configcat.com/configuration-files/9D3YCJhyTUOPJjMCSwiK0g/UwYPlWK-2UGO5uENhLY5gA/config_v5.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1b9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
cache-control,x-configcat-useragent
Origin
https://minhaloja.boticario.com.br
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Thu, 23 Dec 2021 14:57:07 GMT
content-type
text/plain; charset=utf-8
content-length
0
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-ConfigCat-UserAgent,If-None-Match,Pragma,Accept-Language
access-control-expose-headers
Content-Length,Content-Range,ETag,Last-Modified,Date,Content-Encoding
access-control-max-age
1728000
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6c2270c7188405f5-FRA
config_v5.json
cdn-global.configcat.com/configuration-files/9D3YCJhyTUOPJjMCSwiK0g/UwYPlWK-2UGO5uENhLY5gA/
22 KB
4 KB
XHR
General
Full URL
https://cdn-global.configcat.com/configuration-files/9D3YCJhyTUOPJjMCSwiK0g/UwYPlWK-2UGO5uENhLY5gA/config_v5.json
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1b9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11007819187396a8ecfea1c297fc53956fd653ec19c02451ef83a814e9acfe0b

Request headers

X-ConfigCat-UserAgent
ConfigCat-JS/a-4.5.0
Cache-Control
no-cache
Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Tue, 21 Dec 2021 22:44:54 GMT
server
cloudflare
etag
W/"61c258e6-56c7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range,ETag,Last-Modified,Date,Content-Encoding
cf-ray
6c2270c738b705f5-FRA
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-ConfigCat-UserAgent,If-None-Match,Pragma,Accept-Language
1762.bundle.d9db2952256f89e1cb19.js
minhaloja.boticario.com.br/admin/latest/js/
285 KB
73 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/1762.bundle.d9db2952256f89e1cb19.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4f99354072168678ad38aeb06685a45f79a18b3136378ad6680625cd60d97cd0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 14:38:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
87548
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"578f2032a104f6b97d129facf35c77e4"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
zfh6-VZWy6nUQz3ND_eRuawjQO_xWe6bRpR-40Q8qjc2b7-fk4rHpA==
2688.bundle.20297ca23e09a6fe705e.js
minhaloja.boticario.com.br/admin/latest/js/
14 KB
6 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/2688.bundle.20297ca23e09a6fe705e.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
18f52f0fa5c52403fdb0afaf3827b883e079d6c4137aa725a4111de217cbd696
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 14:31:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
87930
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:35 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"2bca7dcc36c5545769a6b385c5a9a715"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
FJiMqZQmdIrerUxDzBkjiryZkNW-n3WTzSwk6Jig-t40mk8rnTFfcw==
3082.bundle.f82168288f4d5084ba3b.js
minhaloja.boticario.com.br/admin/latest/js/
8 KB
5 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/3082.bundle.f82168288f4d5084ba3b.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
850f66e3a3525eeadd67a295859122a1ec870b53376d34281e1a88ef06e4d225
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 23:49:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54478
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:36 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"d93884b14522b9b8aa2bde87611da0f8"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
Tlzl7U0BJ3fuU7ku1K-o_fdTmPdtVgX6FqQx47VRwLaHWY5lFdU0XA==
386.bundle.a8a9ae35abd20a5a86d6.js
minhaloja.boticario.com.br/vitrine/latest/js/
60 KB
22 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/vitrine/latest/js/386.bundle.a8a9ae35abd20a5a86d6.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e55d635023217556467008ffd60527fab5337cb0620cd985c18de654dc8d0f99
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91700
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:19:46 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ae131cf40c7a721f9454d45d268973ac"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
vhdP9nH2EN0VQ1zWcxpBmojRNIqgOSkkkh8YRxRpykjkeOoG9Jt7iw==
385.bundle.6231c8d8b583b567d165.js
minhaloja.boticario.com.br/vitrine/latest/js/
2 MB
335 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/vitrine/latest/js/385.bundle.6231c8d8b583b567d165.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
07a5d470d342b317c9184b20856080b4a083f463293971ec7751f0be48039f8f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 13:28:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91695
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:19:45 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"ecb61910e5f3d8fbfbb1cbe8fb9a943d"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
Qx8mptOwnFswa-xDUfg6o-CKs3_r2g3FXH-13d6FkGgONPcpmrlRJQ==
6455.bundle.2f7412c1d35ce8bb5369.js
minhaloja.boticario.com.br/admin/latest/js/
15 KB
7 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/6455.bundle.2f7412c1d35ce8bb5369.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
36cd8ebd7e467fa9ec7416eba5abc3e912e7154dfb17eecf62db02ca53348abb
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 14:38:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
87547
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:47 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"d801dc9311ed287bb9c660179065f642"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
0Q4_UOoA0oaeD6yMiSY7m52J4IA_6CVI7XQaOi2KGSu3OumvSXcCAA==
544.bundle.2221a7f33cd17a48d97b.js
minhaloja.boticario.com.br/admin/latest/js/
27 KB
9 KB
Script
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/js/544.bundle.2221a7f33cd17a48d97b.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e35d3121e39bb7d96a8fbe1bd46b1ea79c1ce954c5e1d6cf3fb6f8117dfa7599
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 19:01:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
71732
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:43 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
W/"cde2588563fa843a8b307bba9314e1f8"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
application/javascript
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
XJurD2FkVt5dKyI6xG_49dfNjuZt_ts0LumIt7y8TmGzzJsr87FiQA==
desk_pattern_bot.jpg
meucatalogodigitalresources.grupoboticario.digital/assets/images/
57 KB
57 KB
Image
General
Full URL
https://meucatalogodigitalresources.grupoboticario.digital/assets/images/desk_pattern_bot.jpg
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-115.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
582b1075b04787e0090c0d6585b647018b4a203a04cb693fe8f4f99b1a0fd1ce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:09 GMT
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
last-modified
Tue, 04 Aug 2020 15:08:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"c2b36391a971727278cbf1059ce6ab06"
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
57992
x-amz-cf-id
9607jQaBgpCiQv8CZwIyO9Jyp5JpvgwnXQcsnLWHtzXavgNoA6SDAw==
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6961
date
Thu, 23 Dec 2021 13:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 23 Dec 2021 15:01:06 GMT
zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v9/
18 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ibmplexsans/v9/zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c540c2421660f25afa9edabf188e3409753d3d94dc01a4fd6662df787a2767f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://minhaloja.boticario.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 11:27:39 GMT
x-content-type-options
nosniff
age
98968
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18940
x-xss-protection
0
last-modified
Wed, 18 Aug 2021 16:52:53 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Dec 2022 11:27:39 GMT
zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v9/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ibmplexsans/v9/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
392f196c197758bafbfb4a917625b5a20a84cd7977433a134140f9c6f745058f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://minhaloja.boticario.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 23:12:51 GMT
x-content-type-options
nosniff
age
143056
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18096
x-xss-protection
0
last-modified
Wed, 18 Aug 2021 16:52:22 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 21 Dec 2022 23:12:51 GMT
rP2Cp2ywxg089UriAWCrCBimCw.woff2
fonts.gstatic.com/s/dmsans/v6/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/dmsans/v6/rP2Cp2ywxg089UriAWCrCBimCw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3411c961b332008c61452f483ada3da4cd0fd06cc264c7f2facfb01bc4b1d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://minhaloja.boticario.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 20:14:44 GMT
x-content-type-options
nosniff
age
67343
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18296
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:00:23 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Dec 2022 20:14:44 GMT
api.js
www.google.com/recaptcha/
909 B
994 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
58341529f6331985c1d3f44df3124f3e047a7403a5077f3311dbeae51a57846c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
581
x-xss-protection
1; mode=block
expires
Thu, 23 Dec 2021 14:57:07 GMT
pack-phones.jpg
minhaloja.boticario.com.br/admin/latest/
92 KB
94 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/pack-phones.jpg
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9658bca2195c58f043af25ae6d94e676a34b1d0a6fc524e28fb68bb40922733
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 17:09:37 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
78451
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
94144
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:21:00 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"64d80cb5fa30576c10e38e420100f8e8"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/jpeg
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
OsSSjYg0zT9jwBXK9Cx6Zu8HDAokfMuPhVFbBhi8knalr8TYX7GixA==
anfora.svg
gb-assets.grupoboticario.digital/boticario/image/
2 KB
2 KB
Image
General
Full URL
https://gb-assets.grupoboticario.digital/boticario/image/anfora.svg
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-10.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
672a9ad399cc43bb9249f7e53bac67a0dff2c85fe47edc6309d38117bbbfd63b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
036mmZVsxq955Ey29PI2Kpa2bdqr2ArY
content-encoding
gzip
last-modified
Fri, 26 Feb 2021 18:49:53 GMT
server
AmazonS3
age
5115
etag
W/"f30938de71b8eb608a92dea0758c43d2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
date
Thu, 23 Dec 2021 14:49:51 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
jvL93IthqfFVmoik0NvecjboTCrPB1nrsRAvz5trFat0rs0bg-IH8A==
logo-black.svg
gb-assets.grupoboticario.digital/eam/logo/
4 KB
2 KB
Image
General
Full URL
https://gb-assets.grupoboticario.digital/eam/logo/logo-black.svg
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-10.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0d92282204c7d00a22f29a05fb6f52dda15db1f76f80a6ed0d91ca95b52bddf8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
xx7LQ_lQKmlr_QTDAYwiZgGCQo0V2RPl
content-encoding
gzip
last-modified
Fri, 26 Feb 2021 18:51:35 GMT
server
AmazonS3
age
5115
etag
W/"6457864a700b1283ef56e437f7989cfd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
date
Thu, 23 Dec 2021 14:49:51 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
4B6yERu4FgymmUCh4Ktxf4qk9-Xm0EQ2WRutX1mjrqw3EdUnGK_FJw==
bot-highlight-estoque.png
minhaloja.boticario.com.br/admin/latest/
23 KB
26 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-highlight-estoque.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8cdf15484b8fac7ba673ff0c21b82efc89484d4a1d6b5a71b5074dcca3fff87f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 19:01:37 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71731
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
23818
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:25 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"1b6ea699a4de39800ff661f0921460f5"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
u1cappnKF6j6oNCd96_vaBAGQ-gBEZrafqIUS28R3vl6CSx81zIajA==
bot-highlight-filtro.png
minhaloja.boticario.com.br/admin/latest/
32 KB
34 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-highlight-filtro.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f269023a49d89d46d2fab43a6a8f014112775912a166a91ad34296f802281b1a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 19:01:37 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71731
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
32564
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:25 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"40f46f382008507325e7bda7a77efaec"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
U0zIUEzrkvrvsY398k6M-6bEolv2gazhZ5WoSAfVm92oWEaqj4bfmQ==
bot-highlight-pedidos.png
minhaloja.boticario.com.br/admin/latest/
25 KB
27 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-highlight-pedidos.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
095e9d3805dae1c743e5c9d8405467d0b333547d4228d45d349921a6c588fd24
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 19:01:37 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71731
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
25385
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:25 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"7a3df3e8032e8b8a6b775788c5b43d77"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
6BadoRVfWQJdbdHI4b9jXbQqOGPPZQWTEnpmZmRPaoO8Df9uLrDePQ==
bot-item-1.png
minhaloja.boticario.com.br/admin/latest/
6 KB
8 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-item-1.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb685b96686de6581ceab6d5651013085e9fd8cbdce3c19931efc5186e625de6
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 19:01:37 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71731
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
5845
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:26 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"dace377229ea1e5cdba3a958ec2d7a85"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
KdmsYtvVjfEBusHpOF7CBjJAC3QbGpMPmKHn_dhF5zEvzCYIyFHpsw==
bot-item-2.png
minhaloja.boticario.com.br/admin/latest/
2 KB
4 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-item-2.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0f99f0ee4b5a89a6d1478e40a0624b299db2aa8abe07af223bf0a56f62e3c377
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 19:01:37 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71731
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2235
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:26 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"2215382bb78bd51954e691dd9cb6e7ee"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
RSzOdufBjBHmdp3iOnsAVJdid7YfQGYR-xIOdT0JwUkY0wZUfMA8gw==
bot-item-3.png
minhaloja.boticario.com.br/admin/latest/
3 KB
5 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-item-3.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4640b89ad8c3d0b2f461f0a2fdc32f92bea359847930664af0d5d0534e1c04a4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 23:49:11 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
54477
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
3058
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:27 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"57861ec17f1553d79e6163bb11fd526f"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
Hw54Jmrc5S9_q38zoa0Ihj5UyG-rX8Rt7Arbyon20pm6CKs1iItW5g==
bot-item-4.png
minhaloja.boticario.com.br/admin/latest/
4 KB
6 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-item-4.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
54bb80435ce3ae2318083218742a1812eb896a9f723eeca7d969d648c40bb039
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 23:49:11 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
54477
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
4062
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:27 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"2242e2e4105fa71c7972c070dbe45e52"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
jI3_ibGNcsScXexZFXaf7T7zYwjDbDF19UaIf2NRugl737G8n-F97g==
bot-highlight-pwa.png
minhaloja.boticario.com.br/admin/latest/
14 KB
16 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-highlight-pwa.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8df17bf92140c0d62dced6b505f313f18cc791ef8724b650fd22edad73f409d1
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 19:01:37 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71731
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
13947
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:26 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"40b99a5c441c889570b449444cccf40a"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
IPpK605N5HkHNJz8_N81r3In2HQ5b_ZcxnmIYFYZyuBq1m5wdDTPHg==
bot-highlight-informacoes.png
minhaloja.boticario.com.br/admin/latest/
20 KB
22 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-highlight-informacoes.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8b3131e6870e949cadfc22b61edc1c9fa1aec159e5a5269d223af01310620773
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 23:49:11 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
54477
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
20322
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:25 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"4bae0fd3cf2824490ed1b41b89bc4287"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
aywGN4__v2sXgH329vUiCPSwNpkMynFIxHjabMsp9YYcUgn9OllEZA==
bot-highlight-promocao.png
minhaloja.boticario.com.br/admin/latest/
38 KB
40 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-highlight-promocao.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
07a7abe9a9b0f78881290bbf7ccdc79bb726010ea4d133e78dbdbed922d897c9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 23:49:12 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
54476
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
39105
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:25 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"9eeaae744545df663bacfdec7355f06b"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
nyGNLVVnTPXtygAtYZhRVohD_Dqja9KSCAeqVo5mfrJ7PU6Dum4pjA==
bot-highlight-zoom.png
minhaloja.boticario.com.br/admin/latest/
23 KB
25 KB
Image
General
Full URL
https://minhaloja.boticario.com.br/admin/latest/bot-highlight-zoom.png
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-13.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0c0a47ff752b5b8a8dca61bcaf2bd3f37e0c199cf1dc78c7839085ebce0e04c5
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://minhaloja.boticario.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 19:01:37 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71730
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
23377
x-xss-protection
1; mode=block
service-worker-allowed
/
referrer-policy
same-origin
last-modified
Wed, 22 Dec 2021 13:20:26 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"7d58e6ae449e6d8868d88289ec6e4bd3"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
image/png
cache-control
max-age=604800, public
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
content-security-policy
default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
elwXKPBc7OAFK11cTPtQqN5ep_JT1dGLN1pWzdyN-4GuNrFAxGkB_w==
js
www.google-analytics.com/gtm/
87 KB
34 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-T7T2928&t=gtm9&cid=783337912.1640271428
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1bd676cab9220ff0e8cae87b2a0733be9c22c4b13c60d5314c638e7d4caac389
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:07 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34980
x-xss-protection
0
last-modified
Thu, 23 Dec 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 23 Dec 2021 14:57:07 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/
348 KB
137 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__de.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
295409307a58f3d19608932eac3c022cff1cacc8671dd26b5614a28f7e25e0b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://minhaloja.boticario.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:31:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1567
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
139097
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 05:04:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 23 Dec 2022 14:31:00 GMT
collect
stats.g.doubleclick.net/j/
7 B
452 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-158569306-2&cid=783337912.1640271428&jid=1466447323&gjid=1921127370&_gid=878500109.1640271428&_u=aGDAgEADQAAAAE~&z=970779448
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 23 Dec 2021 14:57:08 GMT
content-type
text/plain
access-control-allow-origin
https://minhaloja.boticario.com.br
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=114080312&t=pageview&_s=1&dl=https%3A%2F%2Fminhaloja.boticario.com.br%2F&ul=en-us&de=UTF-8&dt=O%20Botic%C3%A1rio%20%7C%20Minha%20Loja%20Digital&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQ~&jid=1466447323&gjid=1921127370&cid=783337912.1640271428&tid=UA-158569306-2&_gid=878500109.1640271428&gtm=2wgc10PTX3XVW&cd4=boticario&cd7=0ebf36-023-af5-1b3-4ad2c507ac5f&cd9=revendedor&cd15=web&z=1083051178
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Dec 2021 19:32:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
69885
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
anchor
www.google.com/recaptcha/api2/ Frame 678E
40 KB
20 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5&co=aHR0cHM6Ly9taW5oYWxvamEuYm90aWNhcmlvLmNvbS5icjo0NDM.&hl=de&type=image&v=VZKEDW9wslPbEc9RmzMqaOAP&theme=light&size=invisible&badge=bottomright&cb=109dm0q0v5n9
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
cded725ef4cb4717440ef87bbd92231dccffe2e4504b9c285938658d61f1d853
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-g8DpqggQ7iowVsjpbzvh1A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 23 Dec 2021 14:57:08 GMT
content-security-policy
script-src 'report-sample' 'nonce-g8DpqggQ7iowVsjpbzvh1A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
20783
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ga-audiences
www.google.com/ads/
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-158569306-2&cid=783337912.1640271428&jid=1466447323&_u=aGDAgEADQAAAAE~&z=227637646
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Dec 2021 14:57:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.uk/ads/
0
0

styles__ltr.css
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/ Frame 678E
51 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5&co=aHR0cHM6Ly9taW5oYWxvamEuYm90aWNhcmlvLmNvbS5icjo0NDM.&hl=de&type=image&v=VZKEDW9wslPbEc9RmzMqaOAP&theme=light&size=invisible&badge=bottomright&cb=109dm0q0v5n9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1ac5bc2d2f0c446b2d5bc135db7414a2662ade7b701bc199456d05f51bfc261
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:31:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1556
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24152
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 05:04:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 23 Dec 2022 14:31:12 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/ Frame 678E
348 KB
136 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5&co=aHR0cHM6Ly9taW5oYWxvamEuYm90aWNhcmlvLmNvbS5icjo0NDM.&hl=de&type=image&v=VZKEDW9wslPbEc9RmzMqaOAP&theme=light&size=invisible&badge=bottomright&cb=109dm0q0v5n9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
295409307a58f3d19608932eac3c022cff1cacc8671dd26b5614a28f7e25e0b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:31:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1568
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
139097
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 05:04:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 23 Dec 2022 14:31:00 GMT
nr-spa-1209.min.js
js-agent.newrelic.com/
42 KB
16 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-spa-1209.min.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
49cd7e514d20a427de78b14e516213d02b2c7ec0cee399584eab79f889c55964

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
d4wwExyN0N4Ag7LHjGXgHn7eRha876Bt
content-encoding
gzip
etag
"0a1d4ac0ed6107cdf844f28cc3ba3b82"
x-amz-request-id
QQ4FS7V4RPFE46MS
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
15799
x-amz-id-2
ewB1A1tIEAtnm2v4G7x83yG7vXnNNwgUr2BOXI5GWRslKllsaYudiFL1cQPle38sUrpSJEqH6T0=
x-served-by
cache-fra19124-FRA
last-modified
Thu, 20 May 2021 23:21:19 GMT
server
AmazonS3
x-timer
S1640271428.197147,VS0,VE0
date
Thu, 23 Dec 2021 14:57:08 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
51
webworker.js
www.google.com/recaptcha/api2/ Frame 678E
102 B
134 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=VZKEDW9wslPbEc9RmzMqaOAP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6644e1c59baf705e99dacc5acb0a1eae7687b5ba94e66a1cdb74959837d17a63
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5&co=aHR0cHM6Ly9taW5oYWxvamEuYm90aWNhcmlvLmNvbS5icjo0NDM.&hl=de&type=image&v=VZKEDW9wslPbEc9RmzMqaOAP&theme=light&size=invisible&badge=bottomright&cb=109dm0q0v5n9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Thu, 23 Dec 2021 14:57:08 GMT
hotjar-1745554.js
static.hotjar.com/c/
9 KB
3 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1745554.js?sv=7
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-82.fra50.r.cloudfront.net
Software
/
Resource Hash
5c1f18bffa486f29df6730b9e9c9edb6e07ff76bc9f7e9ee6cfb8be7eaf7ddf7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:08 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
FRA50-C1
etag
W/7e4139bc7d1ff4e3d7fc9749267b17ae
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
v2DIaq4coZxtLicUF5RRwW4s3_fOpmri68w4EOWVGIuqxNLQpOKVag==
via
1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=114080312&t=event&ni=1&_s=1&dl=https%3A%2F%2Fminhaloja.boticario.com.br%2F&ul=en-us&de=UTF-8&dt=O%20Botic%C3%A1rio%20%7C%20Minha%20Loja%20Digital&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll&ea=scrolling&el=25&_u=aGDAgEADQAAAAE~&jid=&gjid=&cid=783337912.1640271428&tid=UA-158569306-2&_gid=878500109.1640271428&gtm=2wgc10PTX3XVW&cd4=boticario&cd7=0ebf36-023-af5-1b3-4ad2c507ac5f&cd9=revendedor&cd15=web&z=1089850049
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Dec 2021 19:32:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
69886
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
bframe
www.google.com/recaptcha/api2/ Frame 7952
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=VZKEDW9wslPbEc9RmzMqaOAP&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f6ee6c21b41cae1c6850ad9b172c83ef238b42729d5e34126da6f4344a850ca5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-KdG0ckHA8PpHPLFXju56/w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 23 Dec 2021 14:57:08 GMT
content-security-policy
script-src 'report-sample' 'nonce-KdG0ckHA8PpHPLFXju56/w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1111
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
NRJS-d142cb7d067b4c9c598
bam.nr-data.net/1/
57 B
322 B
Script
General
Full URL
https://bam.nr-data.net/1/NRJS-d142cb7d067b4c9c598?a=514334442&sa=1&v=1209.f04e2b9&t=Unnamed%20Transaction&rst=1712&ck=1&ref=https://minhaloja.boticario.com.br/&be=588&fe=1643&dc=598&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1640271426533,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:53,%22c%22:53,%22s%22:59,%22ce%22:75,%22rq%22:75,%22rp%22:512,%22rpe%22:513,%22dl%22:515,%22di%22:593,%22ds%22:598,%22de%22:598,%22dc%22:1643,%22l%22:1643,%22le%22:1644%7D,%22navigation%22:%7B%7D%7D&fp=793&fcp=793&jsonp=NREUM.setToken
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Cross-Origin-Resource-Policy
cross-origin
Content-Type
text/javascript;charset=iso-8859-1
Content-Length
57
Expires
Thu, 01 Jan 1970 00:00:00 GMT
modules.6d5409da698bc5e020b1.js
script.hotjar.com/
228 KB
60 KB
Script
General
Full URL
https://script.hotjar.com/modules.6d5409da698bc5e020b1.js
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-39.fra50.r.cloudfront.net
Software
/
Resource Hash
9c4e5748b76ca33caac131e0225d2e86ccbf6e156ad007145f6a9c4d34cecbf9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 16:10:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
168422
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
61259
access-control-allow-origin
*
last-modified
Tue, 21 Dec 2021 16:09:54 GMT
etag
"a250696209ae851dce97a4101057f333"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
X1Q3pvIdEWfznws5jxXMbnFr-4L1CwPhVjl5xO5ApUmHKd2qFHB5-A==
styles__ltr.css
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/ Frame 7952
51 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=VZKEDW9wslPbEc9RmzMqaOAP&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1ac5bc2d2f0c446b2d5bc135db7414a2662ade7b701bc199456d05f51bfc261
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:31:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1556
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24152
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 05:04:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 23 Dec 2022 14:31:12 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/ Frame 7952
348 KB
136 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=VZKEDW9wslPbEc9RmzMqaOAP&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
295409307a58f3d19608932eac3c022cff1cacc8671dd26b5614a28f7e25e0b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:31:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1568
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
139097
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 05:04:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 23 Dec 2022 14:31:00 GMT
reload
www.google.com/recaptcha/api2/ Frame 7952
37 KB
22 KB
XHR
General
Full URL
https://www.google.com/recaptcha/api2/reload?k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e3e0d3ac60eed9ba93b48649ebed7a2a5bb4c5b5425223c2aa0455c14edbc887
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/api2/bframe?hl=de&v=VZKEDW9wslPbEc9RmzMqaOAP&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-protobuffer

Response headers

date
Thu, 23 Dec 2021 14:57:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
private, max-age=0
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22578
x-xss-protection
1; mode=block
expires
Thu, 23 Dec 2021 14:57:08 GMT
box-a1ae2079824d1c48aa9ce06efb256f18.html
vars.hotjar.com/ Frame 0712
2 KB
1 KB
Document
General
Full URL
https://vars.hotjar.com/box-a1ae2079824d1c48aa9ce06efb256f18.html
Requested by
Host: minhaloja.boticario.com.br
URL: https://minhaloja.boticario.com.br/container/latest/scripts/newRelicSnippet.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-69.fra50.r.cloudfront.net
Software
/
Resource Hash
d39c7ff4103007338040282460b2eb0e5adadd9fb80f986fb4c8a3d41785a6ca

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html
content-length
1044
date
Thu, 02 Dec 2021 15:53:06 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
etag
"6215abf691a11c2f451680e635d30daa"
last-modified
Thu, 02 Dec 2021 15:52:57 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 ef13dd533b8dc9dcfdc35449cf88f808.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
BdGbvTJSvg9p3iuCxUGS9_b8a7NTqPSFLFBjroF6tUTXaF1kX5-bMQ==
age
1811042
canonical_car.png
www.gstatic.com/recaptcha/api2/ Frame 7952
11 KB
11 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/canonical_car.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 06:31:11 GMT
x-content-type-options
nosniff
age
548757
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11174
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Fri, 24 Dec 2021 06:31:11 GMT
refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 7952
600 B
624 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 19:52:10 GMT
x-content-type-options
nosniff
age
155098
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
600
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Tue, 28 Dec 2021 19:52:10 GMT
audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 7952
530 B
554 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/audio_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 05:44:53 GMT
x-content-type-options
nosniff
age
119535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
530
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Wed, 29 Dec 2021 05:44:53 GMT
info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 7952
665 B
689 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/info_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 22 Dec 2021 11:26:47 GMT
x-content-type-options
nosniff
age
99021
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
665
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Wed, 29 Dec 2021 11:26:47 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7952
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 11:18:05 GMT
x-content-type-options
nosniff
age
185943
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 21 Dec 2022 11:18:05 GMT
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7952
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 06:37:10 GMT
x-content-type-options
nosniff
age
548398
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15340
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:16 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 17 Dec 2022 06:37:10 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7952
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 06:37:08 GMT
x-content-type-options
nosniff
age
548400
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 17 Dec 2022 06:37:08 GMT
payload
www.google.com/recaptcha/api2/ Frame 7952
39 KB
39 KB
Image
General
Full URL
https://www.google.com/recaptcha/api2/payload?p=06AGdBq25JTwSUEhdC3Iw_PoRTuEOol6TWq6uHGNGJVPh5o91Y_5X5I1U5klOc-b_mQW-RR_R2P-TdaKBkEydxrfhnrlr3gMt7IRNDibE0yI13ON6jTOrPdeRsy2f8sUNykMsyPuJ7II1i9RNT2utruN5ziUbXjCsyuZQE23QyDGWVORQL8fgjH2cfYzB6f_7D30B0zNSZJR1wzfUUeRZpYBPSPFNSpfOVTg&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
408e5c7a3b9da26d5d951741f8b8db5a3ce7a51ff6b546ad4fa61d5b36ccd08a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/bframe?hl=de&v=VZKEDW9wslPbEc9RmzMqaOAP&k=6Leoe7oZAAAAACyDwF4Q4kLm08evbEee2_9Trxp5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:57:08 GMT
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=30
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40320
x-xss-protection
1; mode=block
expires
Thu, 23 Dec 2021 14:57:08 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.co.uk
URL
https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-158569306-2&cid=783337912.1640271428&jid=1466447323&_u=aGDAgEADQAAAAE~&z=227637646

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper object| NREUM object| newrelic function| __nr_require object| webpackChunkcontainer function| jsonFeed object| otStubData object| Optanon object| OneTrust object| admin object| webpackChunkadmin object| vitrine object| webpackChunkvitrine number| 2f1acc6c3a606b082e5eef5e54414ffb object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaplugins object| gaGlobal object| gaData object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_optimize object| recaptcha object| closure_lm_607853 function| hj object| _hjSettings object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules

12 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ABBMTcPHy14NlEulidYnOUjkKfR8_TfIYmas7zCmmZmrq-lIPLcS-89FenPmPY2ZDeX_-aGJyTP1ZYu2VXA4qCE
.minhaloja.boticario.com.br/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Dec+23+2021+14%3A57%3A07+GMT%2B0000+(GMT)&version=6.24.0&isIABGlobal=false&hosts=&consentId=1dc1f73a-daff-4cf6-aa4e-9bb624cc8243&interactionCount=0&landingPath=https%3A%2F%2Fminhaloja.boticario.com.br%2F&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.boticario.com.br/ Name: _gcl_au
Value: 1.1.1083142516.1640271428
.boticario.com.br/ Name: _ga
Value: GA1.3.783337912.1640271428
.boticario.com.br/ Name: _gid
Value: GA1.3.878500109.1640271428
.boticario.com.br/ Name: _dc_gtm_UA-158569306-2
Value: 1
.boticario.com.br/ Name: _hjSessionUser_1745554
Value: eyJpZCI6ImMxMmFmM2VlLWI1MTQtNTNmZi04ZWFkLTExNGI2OTRhYTljMiIsImNyZWF0ZWQiOjE2NDAyNzE0MjgzNjIsImV4aXN0aW5nIjpmYWxzZX0=
.boticario.com.br/ Name: _hjFirstSeen
Value: 1
.boticario.com.br/ Name: _hjSession_1745554
Value: eyJpZCI6IjlkODJkOThkLWFmNTItNGFmZS1hOWQ4LTE3YzFhNjdmNjdiZiIsImNyZWF0ZWQiOjE2NDAyNzE0MjgzODl9
minhaloja.boticario.com.br/ Name: _hjIncludedInSessionSample
Value: 0
.boticario.com.br/ Name: _hjAbsoluteSessionInProgress
Value: 0
.nr-data.net/ Name: JSESSIONID
Value: d64a785dddc21173

1 Console Messages

Source Level URL
Text
security error URL: https://minhaloja.boticario.com.br/
Message:
Refused to load the image 'https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-158569306-2&cid=783337912.1640271428&jid=1466447323&_u=aGDAgEADQAAAAE~&z=227637646' because it violates the following Content Security Policy directive: "img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: *; img-src 'self' s3.us-east-1.amazonaws.com *.e-boticario.com.br *.cookielaw.org *.hotjar.com *.hotjar.io *.eudora.com.br *.hybrid.ai *.frontend.weborama.fr *.adnxs.com *.bestssp.com *.onaudience.com *.hybrid.ai *.admixer.net *.onaudience.com *.adriver.ru *.openx.net *.betweendigital.com *.yandex.ru *.doubleclick.net *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.boticario.com.br *.oboticario.com.br *.googleapis.com *.google.com *.google.com.br *.googleapis.com *.grupoboticario.digital *.grupoboticario.com.br edbr.vteximg.com.br res.cloudinary.com *.google-analytics.com *.s3.amazonaws.com *.googletagmanager.com *.facebook.com *.pinterest.com *.github.com *.prismic.io pipelines.actions.githubusercontent.com data: blob: ; connect-src 'self' *.eudora.com.br *.prismic.io *.microsoftonline.com *.microsoft.com *.boticario.com.br *.documentforce.com *.force.com *.salesforce.com *.salesforceliveagent.com *.oboticario.com.br *.google.com *.google.com.br *.grupoboticario.digital *.grupoboticario.com.br cdn.cookielaw.org *.hotjar.com analytics.strapi.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.googleapis.com *.onetrust.com *.s3.amazonaws.com *.g.doubleclick.net *.googletagmanager.com *.configcat.com *.nr-data.net *.pinterest.com *.tiktok.com *.github.com pipelines.actions.githubusercontent.com dmomoufq3m.execute-api.us-east-1.amazonaws.com blob:; script-src 'self' *.grupoboticario.digital *.grupoboticario.com.br *.ouiparis.com *.ouiparis.com.br *.hybrid.ai *.force.com *.documentforce.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.hotjar.com *.hotjar.io *.onetrust.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.configcat.com *.nr-data.net *.google-analytics.com cdn.cookielaw.org *.google-analytics.com cdn.cookielaw.org cdn.tiny.cloud *.dwin1.com *.googleadservices.com *.facebook.net *.facebook.com *.cloudfront.net *.pinimg.com *.shoptarget.com.br *.tiktok.com *.linximpulse.net *.shopback.com *.chaordicsystems.com *.shopconvert.com.br *.shopback.net *.github.com pipelines.actions.githubusercontent.com https://polyfill.io dmomoufq3m.execute-api.us-east-1.amazonaws.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
cdn-global.configcat.com
cdn.cookielaw.org
fonts.googleapis.com
fonts.gstatic.com
gb-assets.grupoboticario.digital
geolocation.onetrust.com
js-agent.newrelic.com
meucatalogodigitalresources.grupoboticario.digital
minhaloja.boticario.com.br
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.gstatic.com
www.google.co.uk
143.204.98.10
143.204.98.115
143.204.98.13
143.204.98.39
143.204.98.69
143.204.98.82
151.101.194.137
162.247.242.18
2606:4700:10::6814:b944
2606:4700:10::6816:1b9f
2606:4700::6810:9540
2a00:1450:4001:803::200e
2a00:1450:4001:808::200a
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2003
2a00:1450:4001:811::2008
2a00:1450:400c:c0c::9b
07a5d470d342b317c9184b20856080b4a083f463293971ec7751f0be48039f8f
07a7abe9a9b0f78881290bbf7ccdc79bb726010ea4d133e78dbdbed922d897c9
095e9d3805dae1c743e5c9d8405467d0b333547d4228d45d349921a6c588fd24
0c0a47ff752b5b8a8dca61bcaf2bd3f37e0c199cf1dc78c7839085ebce0e04c5
0d92282204c7d00a22f29a05fb6f52dda15db1f76f80a6ed0d91ca95b52bddf8
0ed1c09a270e3ec711b4aaf5b05d2cb99d62c25360e798a1434711bd397de575
0f99f0ee4b5a89a6d1478e40a0624b299db2aa8abe07af223bf0a56f62e3c377
0fc5b4dedeb4acc1a01efc2b226aa9a7904a82b9a4cab6e2b90dd26a4068856e
11007819187396a8ecfea1c297fc53956fd653ec19c02451ef83a814e9acfe0b
11d6ee17bd470d906704e12f6cfe99d1c87519aa9b52239aff003646fa5e6190
121e8b47d5e772c09d51347f5ceff9edf192b637d35d454b6fb69acbb3b366af
1582818ac1ba9ee326fa08cdb4db4791a2bf031aaf976a8e121ac535b594c398
18f52f0fa5c52403fdb0afaf3827b883e079d6c4137aa725a4111de217cbd696
1bd676cab9220ff0e8cae87b2a0733be9c22c4b13c60d5314c638e7d4caac389
1d00fa4e870bfaf3c239ff7b982ca1f164d781e8fbd0eff5730d1cbb74bded2b
24508b82a87ed41e1dbec0e55a404055cab488d5417d0a0352adb1551ff98aa0
295409307a58f3d19608932eac3c022cff1cacc8671dd26b5614a28f7e25e0b0
29a93d731434e92cd8081bb2af123c2cea435d7893245a04134d7fbf713518f9
2d9decf32d1f341945c160f048ab3fc63f1d0c6df7f745dd0f49cdfc3117b5b4
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
36cd8ebd7e467fa9ec7416eba5abc3e912e7154dfb17eecf62db02ca53348abb
392f196c197758bafbfb4a917625b5a20a84cd7977433a134140f9c6f745058f
394f74a2fd40f8a7d48ab0fef108547ce5b4580f4e87ed22cd69f76e6415f2e4
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
408e5c7a3b9da26d5d951741f8b8db5a3ce7a51ff6b546ad4fa61d5b36ccd08a
437ba48e15c6a06a669c284df1c9516ca2678f6aaae8e080a26a3662c0891c03
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
4640b89ad8c3d0b2f461f0a2fdc32f92bea359847930664af0d5d0534e1c04a4
49cd7e514d20a427de78b14e516213d02b2c7ec0cee399584eab79f889c55964
4d2a74d8b25e1ccd4b1294b0b937804bc24aeea7f46edad3f3c1f91604d2708c
4f99354072168678ad38aeb06685a45f79a18b3136378ad6680625cd60d97cd0
54bb80435ce3ae2318083218742a1812eb896a9f723eeca7d969d648c40bb039
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
582b1075b04787e0090c0d6585b647018b4a203a04cb693fe8f4f99b1a0fd1ce
58341529f6331985c1d3f44df3124f3e047a7403a5077f3311dbeae51a57846c
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c1f18bffa486f29df6730b9e9c9edb6e07ff76bc9f7e9ee6cfb8be7eaf7ddf7
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
6644e1c59baf705e99dacc5acb0a1eae7687b5ba94e66a1cdb74959837d17a63
672a9ad399cc43bb9249f7e53bac67a0dff2c85fe47edc6309d38117bbbfd63b
6af7f2a7319a700fa7d79c2ee318a8f468b39325b04b8740f963a2678932beeb
77ae4fb56d2da594993ef6f0203c0cef103af28f7e4c5e0ac045909137422cf9
7f34893a704d4a71da0fa274dd428284f6fb17b549008ae11148b851435a3e51
7ff92102b6f813e294c4bbd27c6b2c526f69a5d13636eaecdcd94e92fffc2552
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
850f66e3a3525eeadd67a295859122a1ec870b53376d34281e1a88ef06e4d225
858d3ae73f132b8f3d872db375db917a266b904a671ef12213fe898b038d9237
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8a883974729df810eb42dda5ee43ba10e8a9be598ed5a97610cfa56358991e8d
8b3131e6870e949cadfc22b61edc1c9fa1aec159e5a5269d223af01310620773
8cdf15484b8fac7ba673ff0c21b82efc89484d4a1d6b5a71b5074dcca3fff87f
8d3411c961b332008c61452f483ada3da4cd0fd06cc264c7f2facfb01bc4b1d5
8df17bf92140c0d62dced6b505f313f18cc791ef8724b650fd22edad73f409d1
9c4e5748b76ca33caac131e0225d2e86ccbf6e156ad007145f6a9c4d34cecbf9
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
bbffe137df9de30504c9a813fff9ee7c6b60b2e802daf9aeb7e3d476ac90614a
c540c2421660f25afa9edabf188e3409753d3d94dc01a4fd6662df787a2767f3
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805
cded725ef4cb4717440ef87bbd92231dccffe2e4504b9c285938658d61f1d853
d285fae14a8b969bb0d4e5f10ea88e6ec60610d5090818b1ade3e244a03fc832
d39c7ff4103007338040282460b2eb0e5adadd9fb80f986fb4c8a3d41785a6ca
d4995bdb0d79766a30b0c3af9ba395424f11a67b0a0dcde618c210ba2b67f3df
d723c4ceb0f73b7ebd59aa950a0324f05b8d7d109faf1f27e3b84f47c7d60e0b
d9658bca2195c58f043af25ae6d94e676a34b1d0a6fc524e28fb68bb40922733
da9ddaf5cac3f0e3e7a3b7df692dd604a9579d5a58e8f0eb08cc4e71581cbf6d
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
e07b00827f5f6d2c71523bac1292216711543a067a8d0f2532454ba28266cfcb
e1d3f2ecd8f883d83fb05bca8f430a39877676475b620e6db6eccf61c5fa8daf
e35d3121e39bb7d96a8fbe1bd46b1ea79c1ce954c5e1d6cf3fb6f8117dfa7599
e3e0d3ac60eed9ba93b48649ebed7a2a5bb4c5b5425223c2aa0455c14edbc887
e55d635023217556467008ffd60527fab5337cb0620cd985c18de654dc8d0f99
e66647558738216efd2c6a0460f380175b08b7c8407dbbebde8e3f7bbe1eeefb
ec2f6762f857fdc509ffa369c2b398982af1fa6cd2c0298d6088046fa757b852
ee8a8114c7658b7865e50235668f485cb48a22439d8f9afd987eb2a3f9ff1359
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ac5bc2d2f0c446b2d5bc135db7414a2662ade7b701bc199456d05f51bfc261
f269023a49d89d46d2fab43a6a8f014112775912a166a91ad34296f802281b1a
f54a6119d3615df97b64f039557b186019f21742edd3915754aaf88aa7b4e2e9
f6ee6c21b41cae1c6850ad9b172c83ef238b42729d5e34126da6f4344a850ca5
f9714289219fcd069b4b97027f6cc40309ff4b22aa46070c4c03e77ca0df7b05
fb685b96686de6581ceab6d5651013085e9fd8cbdce3c19931efc5186e625de6
fb9950bf5f0a01a67b38064c58d15a8aff6e674e4f3c494733ffc861fe815912