urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
204.2.50.126  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cosmeticcrimal.ca/
Effective URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On August 27 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 67 IPs in 3 countries across 52 domains to perform 224 HTTP transactions. The main IP is 204.2.50.126, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 182297.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.141.88.73 393259 (YOTTAA-AS-1)
1 14 204.2.50.126 393259 (YOTTAA-AS-1)
2 8 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 162.159.138.60 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 2a04:4e42:600... 54113 (FASTLY)
1 162.159.128.61 13335 (CLOUDFLAR...)
3 2607:f8b0:400... 15169 (GOOGLE)
3 151.101.66.133 54113 (FASTLY)
2 35.194.25.57 396982 (GOOGLE-CL...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:21d... 16509 (AMAZON-02)
5 2607:f8b0:400... 15169 (GOOGLE)
2 172.67.74.152 13335 (CLOUDFLAR...)
7 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2600:9000:23c... 16509 (AMAZON-02)
2 2 142.251.35.164 15169 (GOOGLE)
1 2 142.251.40.98 15169 (GOOGLE)
7 108.138.106.81 16509 (AMAZON-02)
2 2600:9000:23c... 16509 (AMAZON-02)
2 2 107.20.26.207 14618 (AMAZON-AES)
2 18.238.80.36 16509 (AMAZON-02)
2 4 68.67.160.75 29990 (ASN-APPNEX)
6 7 35.71.131.137 16509 (AMAZON-02)
1 1 142.250.64.66 15169 (GOOGLE)
1 1 69.173.146.5 26667 (RUBICONPR...)
1 2 104.18.36.155 13335 (CLOUDFLAR...)
2 34.197.85.244 14618 (AMAZON-AES)
1 204.141.89.122 393259 (YOTTAA-AS-1)
1 34.102.147.248 396982 (GOOGLE-CL...)
5 151.101.65.21 54113 (FASTLY)
1 23.204.17.176 16625 (AKAMAI-AS)
1 18.164.116.76 16509 (AMAZON-02)
2 2600:141b:1c0... 20940 (AKAMAI-ASN1)
2 157.240.241.1 32934 (FACEBOOK)
2 2a04:4e42:600... 54113 (FASTLY)
3 2620:1ec:33:1... 8075 (MICROSOFT...)
15 23.206.172.62 20940 (AKAMAI-ASN1)
4 2600:9000:251... 16509 (AMAZON-02)
2 34.120.253.250 396982 (GOOGLE-CL...)
3 2600:141b:1c0... 20940 (AKAMAI-ASN1)
5 34.49.124.132 396982 (GOOGLE-CL...)
1 151.101.65.140 54113 (FASTLY)
2 151.101.129.140 54113 (FASTLY)
4 12 142.251.40.102 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
3 142.251.40.227 15169 (GOOGLE)
2 34.98.67.3 396982 (GOOGLE-CL...)
7 151.101.192.84 54113 (FASTLY)
5 18.232.13.192 14618 (AMAZON-AES)
13 34.98.72.95 396982 (GOOGLE-CL...)
3 151.101.67.1 54113 (FASTLY)
4 2a03:2880:f11... 32934 (FACEBOOK)
1 34.149.239.87 15169 (GOOGLE)
1 34.149.246.67 15169 (GOOGLE)
1 35.244.178.91 15169 (GOOGLE)
2 192.229.210.155 15133 (EDGECAST)
1 151.101.64.84 54113 (FASTLY)
1 99.80.198.22 16509 (AMAZON-02)
2 34.149.130.207 15169 (GOOGLE)
8 34.111.8.32 396982 (GOOGLE-CL...)
2 108.138.106.69 16509 (AMAZON-02)
1 2600:1901:0:5... 396982 (GOOGLE-CL...)
14 192.225.157.157 30286 (THM)
2 2 35.244.154.8 15169 (GOOGLE)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
1 1 142.250.80.66 15169 (GOOGLE)
2 54.76.14.246 ()
1 142.251.40.174 ()
2 2 35.211.178.172 ()
1 1 8.28.7.83 ()
224 67
1    204.141.88.73 (United States)

ASN393259 (YOTTAA-AS-1, US)
cosmeticcrimal.ca
14    204.2.50.126 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
8    2600:141b:1c00:21::1730:e08f (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
cdn.media.amplience.net
1    162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
1    2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)
www.youtube.com
2    2600:141b:1c00:21::1730:e08b (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
cdn.static.amplience.net
1    2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    162.159.128.61 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
3    2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)
www.youtube.com
3    151.101.66.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
2    35.194.25.57 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 57.25.194.35.bc.googleusercontent.com
api.retail.adeptmind.ai
12    2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
3    2600:9000:21dd:5e00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
5    2607:f8b0:4006:822::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    172.67.74.152 (United States)

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
7    2606:4700:4400::6812:266b (United States)

ASN13335 (CLOUDFLARENET, US)
sdk.iad-05.braze.com
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    2600:9000:23ca:e800:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
2    142.251.35.164 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f4.1e100.net
www.google.com
2    142.251.40.98 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net
googleads.g.doubleclick.net
7    108.138.106.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-81.jfk50.r.cloudfront.net
async-px.dynamicyield.com
2    2600:9000:23cb:b200:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
2    107.20.26.207 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-26-207.compute-1.amazonaws.com
pixel.pointmediatracker.com
2    18.238.80.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-36.jfk52.r.cloudfront.net
cdn.blisspointmedia.com
4    68.67.160.75 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
ib.adnxs.com
7    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
1    142.250.64.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f2.1e100.net
cm.g.doubleclick.net
1    69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
2    34.197.85.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-85-244.compute-1.amazonaws.com
api.cquotient.com
1    204.141.89.122 (United States)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
5    151.101.65.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    23.204.17.176 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-204-17-176.deploy.static.akamaitechnologies.com
static.ordergroove.com
1    18.164.116.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-76.jfk50.r.cloudfront.net
t.contentsquare.net
2    2600:141b:1c00:258d::1931 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
s.pinimg.com
2    157.240.241.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-lga3.fbcdn.net
connect.facebook.net
2    2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
15    23.206.172.62 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-206-172-62.deploy.static.akamaitechnologies.com
analytics.tiktok.com
4    2600:9000:2511:9a00:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
2    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
3    2600:141b:1c00:23::1730:e04d (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
elfcosmetics.a.bigcontent.io
5    34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com
sgtm.elfcosmetics.com
1    151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
2    151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
alb.reddit.com
12    142.251.40.102 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f6.1e100.net
ad.doubleclick.net
9231397.fls.doubleclick.net
10742279.fls.doubleclick.net
2    2001:4860:4802:32::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
2    2607:f8b0:4004:c06::9b (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    142.251.40.227 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f3.1e100.net
www.google.ca
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
7    151.101.192.84 (San Francisco, United States)

ASN54113 (FASTLY, US)
ct.pinterest.com
5    18.232.13.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-13-192.compute-1.amazonaws.com
c.contentsquare.net
13    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
3    151.101.67.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
t.paypal.com
4    2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    34.149.239.87 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 87.239.149.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.149.246.67 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 67.246.149.34.bc.googleusercontent.com
page.cdnbasket.net
1    35.244.178.91 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 91.178.244.35.bc.googleusercontent.com
view.cdnbasket.net
2    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
1    151.101.64.84 (San Francisco, United States)

ASN54113 (FASTLY, US)
ct.pinterest.com
1    99.80.198.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-198-22.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
2    34.149.130.207 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
8    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
2    108.138.106.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-69.jfk50.r.cloudfront.net
cdn-scripts.signifyd.com
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
ids.cdnwidget.com
14    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
2    35.244.154.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
2    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
h64.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aawiqcbtxs7dl6k2hf2rugz5yw5a4cd5b7c78683168951c1f5sac.d.aa.online-metrix.net
1    142.250.80.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net
www.googleadservices.com
2    54.76.14.246 (None, )

ASN- ()
k-aeu1.contentsquare.net
1    142.251.40.174 (None, )

ASN- ()
www.youtube.com
2    35.211.178.172 (None, )

ASN- ()
x.bidswitch.net
1    8.28.7.83 (None, )

ASN- ()
simage2.pubmatic.com
Apex Domain
Subdomains		 Transfer
19 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 182297
sgtm.elfcosmetics.com — Cisco Umbrella Rank: 360708
325 KB
17 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
cm.g.doubleclick.net — Cisco Umbrella Rank: 363
ad.doubleclick.net — Cisco Umbrella Rank: 210
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 526628
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 580909
3 KB
16 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 10828
imgs.signifyd.com — Cisco Umbrella Rank: 8265
74 KB
15 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 963
241 KB
14 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 3941
api.bounceexchange.com — Cisco Umbrella Rank: 4107
307 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 554
188 KB
11 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 11274
st.dynamicyield.com — Cisco Umbrella Rank: 10445
async-px.dynamicyield.com — Cisco Umbrella Rank: 10756
261 KB
10 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 17159
cdn.static.amplience.net — Cisco Umbrella Rank: 57868
6 MB
9 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 4388
c.contentsquare.net — Cisco Umbrella Rank: 5416
srm.ba.contentsquare.net — Cisco Umbrella Rank: 27196
k-aeu1.contentsquare.net
84 KB
8 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 1235
7 KB
8 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3677
t.paypal.com — Cisco Umbrella Rank: 4582
128 KB
7 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 3679
715 B
7 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 1486
match.adsrvr.org — Cisco Umbrella Rank: 505
5 KB
7 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3003
1 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
496 KB
5 youtube.com
www.youtube.com — Cisco Umbrella Rank: 84
14 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
5 KB
4 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 73557
external-api.jebbit.com Failed
60 KB
4 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 764
ib.adnxs.com — Cisco Umbrella Rank: 383
4 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 10
analytics.google.com — Cisco Umbrella Rank: 238
103 B
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 35589 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 13943
1 MB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 4355
h64.online-metrix.net — Cisco Umbrella Rank: 2866
w2txo5aawiqcbtxs7dl6k2hf2rugz5yw5a4cd5b7c78683168951c1f5sac.d.aa.online-metrix.net
837 B
3 cdnwidget.com
pd.cdnwidget.com — Cisco Umbrella Rank: 5354
ids.cdnwidget.com — Cisco Umbrella Rank: 5623
idr.cdnwidget.com — Cisco Umbrella Rank: 10862
1 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 6963
page.cdnbasket.net — Cisco Umbrella Rank: 6969
view.cdnbasket.net — Cisco Umbrella Rank: 6981
1014 B
3 google.ca
www.google.ca — Cisco Umbrella Rank: 9677
190 B
3 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 3241
alb.reddit.com — Cisco Umbrella Rank: 1969
859 B
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 309547
8 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 534
15 KB
2 bidswitch.net
x.bidswitch.net
1 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 689
833 B
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 3281
16 KB
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 12290
tags.rd.linksynergy.com — Cisco Umbrella Rank: 8300
697 B
2 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 4990
6 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1561
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
73 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 1417
25 KB
2 cquotient.com
api.cquotient.com — Cisco Umbrella Rank: 54198
516 B
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1102
2 KB
2 blisspointmedia.com
cdn.blisspointmedia.com — Cisco Umbrella Rank: 13225
1 KB
2 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 16688
895 B
2 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 13109
1 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2512
234 B
2 adeptmind.ai
api.retail.adeptmind.ai
675 B
2 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 3381
12 KB
1 pubmatic.com
simage2.pubmatic.com
526 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 176
23 B
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 42859
51 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 9936
15 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 555
2 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 1019
304 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
24 KB
1 cosmeticcrimal.ca
cosmeticcrimal.ca
2 KB
224 52
Domain Requested by
15 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
14 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
14 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
t.contentsquare.net
13 assets.bounceexchange.com www.elfcosmetics.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
8 ct.pinterest.com s.pinimg.com
t.contentsquare.net
www.elfcosmetics.com
8 cdn.media.amplience.net 2 redirects www.elfcosmetics.com
7 events.bouncex.net
7 async-px.dynamicyield.com cdn.dynamicyield.com
7 sdk.iad-05.braze.com cdn-fsly.yottaa.net
5 c.contentsquare.net t.contentsquare.net
5 sgtm.elfcosmetics.com www.googletagmanager.com
t.contentsquare.net
5 www.paypal.com www.elfcosmetics.com
www.paypal.com
5 match.adsrvr.org 4 redirects
5 www.googletagmanager.com www.elfcosmetics.com
5 www.youtube.com www.elfcosmetics.com
4 www.facebook.com
4 10742279.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 9231397.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 ad.doubleclick.net
4 js.jebbit.com www.elfcosmetics.com
3 t.paypal.com
3 www.google.ca
3 elfcosmetics.a.bigcontent.io
3 bat.bing.com www.elfcosmetics.com
3 secure.adnxs.com 1 redirects
3 cdn.dynamicyield.com www.elfcosmetics.com
3 cdn-fsly.yottaa.net www.elfcosmetics.com
2 x.bidswitch.net 2 redirects
2 k-aeu1.contentsquare.net t.contentsquare.net
2 idsync.rlcdn.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 www.paypalobjects.com www.elfcosmetics.com
2 stats.g.doubleclick.net www.googletagmanager.com
2 analytics.google.com www.googletagmanager.com
2 alb.reddit.com
2 tag.wknd.ai www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 api.cquotient.com cdn-fsly.yottaa.net
2 dsum-sec.casalemedia.com 1 redirects
2 insight.adsrvr.org 2 redirects
2 cdn.blisspointmedia.com
2 pixel.pointmediatracker.com 2 redirects
2 js.cnnx.link www.googletagmanager.com
2 googleads.g.doubleclick.net 1 redirects www.elfcosmetics.com
2 www.google.com 2 redirects
2 api.ipify.org cdn-fsly.yottaa.net
2 api.retail.adeptmind.ai cdn-fsly.yottaa.net
2 cdn.static.amplience.net www.elfcosmetics.com
2 player.vimeo.com www.elfcosmetics.com
1 simage2.pubmatic.com 1 redirects
1 www.googleadservices.com 1 redirects
1 w2txo5aawiqcbtxs7dl6k2hf2rugz5yw5a4cd5b7c78683168951c1f5sac.d.aa.online-metrix.net
1 h64.online-metrix.net imgs.signifyd.com
1 h.online-metrix.net imgs.signifyd.com
1 idr.cdnwidget.com
1 tags.rd.linksynergy.com
1 ids.cdnwidget.com t.contentsquare.net
1 api.bounceexchange.com www.elfcosmetics.com
1 pd.cdnwidget.com t.contentsquare.net
1 srm.ba.contentsquare.net t.contentsquare.net
1 view.cdnbasket.net t.contentsquare.net
1 page.cdnbasket.net t.contentsquare.net
1 data.cdnbasket.net t.contentsquare.net
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 pixel-config.reddit.com www.redditstatic.com
1 t.contentsquare.net www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 pixel.rubiconproject.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 ib.adnxs.com 1 redirects
1 st.dynamicyield.com www.elfcosmetics.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 code.jquery.com www.elfcosmetics.com
1 cosmeticcrimal.ca 1 redirects
0 external-api.jebbit.com Failed js.jebbit.com
224 80
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-05 -
2025-08-14		 a year crt.sh
player.vimeo.com
WE1		 2024-07-25 -
2024-10-23		 3 months crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
api.retail.adeptmind.ai
R11		 2024-07-29 -
2024-10-27		 3 months crt.sh
cookielaw.org
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M03		 2024-08-18 -
2025-09-16		 a year crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
ipify.org
WE1		 2024-07-18 -
2024-10-16		 3 months crt.sh
sdk.iad-05.braze.com
WE1		 2024-08-15 -
2024-11-13		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2024-06-09 -
2025-07-08		 a year crt.sh
*.cquotient.com
Amazon RSA 2048 M02		 2024-03-05 -
2025-04-02		 a year crt.sh
tag.rmp.rakuten.com
WR3		 2024-07-28 -
2024-10-26		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2024-08-09 -
2025-08-20		 a year crt.sh
t.contentsquare.net
Amazon RSA 2048 M03		 2024-08-13 -
2025-09-10		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-02 -
2025-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-06-05 -
2024-09-03		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-23 -
2024-11-18		 6 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-19 -
2024-12-16		 6 months crt.sh
*.tiktok.com
RapidSSL TLS ECC CA G1		 2024-07-15 -
2025-07-15		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M02		 2024-04-23 -
2025-05-21		 a year crt.sh
tag.wknd.ai
R10		 2024-07-17 -
2024-10-15		 3 months crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2024-06-13 -
2025-05-03		 a year crt.sh
sgtm.elfcosmetics.com
WR3		 2024-07-09 -
2024-10-07		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-05-30 -
2024-11-26		 6 months crt.sh
*.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google.ca
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2024-01-23 -
2025-01-22		 a year crt.sh
dep.bf.contentsquare.net
Amazon RSA 2048 M03		 2024-02-18 -
2025-03-19		 a year crt.sh
assets.bounceexchange.com
WR3		 2024-07-17 -
2024-10-15		 3 months crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2025-06-20		 a year crt.sh
data.cdnbasket.net
WR3		 2024-07-02 -
2024-09-30		 3 months crt.sh
page.cdnbasket.net
WR3		 2024-07-10 -
2024-10-08		 3 months crt.sh
view.cdnbasket.net
WR3		 2024-07-11 -
2024-10-09		 3 months crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-11-07 -
2024-12-06		 a year crt.sh
pd.cdnwidget.com
R11		 2024-07-10 -
2024-10-08		 3 months crt.sh
*.wunderkind.co
R10		 2024-08-02 -
2024-10-31		 3 months crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M02		 2024-06-02 -
2025-06-30		 a year crt.sh
ids.cdnwidget.com
R11		 2024-07-10 -
2024-10-08		 3 months crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
idr.cdnwidget.com
R11		 2024-07-10 -
2024-10-08		 3 months crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-03-20 -
2024-10-21		 7 months crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-03-20 -
2024-10-21		 7 months crt.sh
dep-malka.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-10-11 -
2024-11-08		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2024-02-14 -
2025-03-16		 a year crt.sh

This page contains 15 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: 603FF9B66EC81B52D2FF9735410D6DB0
Requests: 194 HTTP requests in this frame

Frame: https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Frame ID: CB564185DE583C0EE1D005DD5B884BEF
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 934263E67D43EA05FA358FACA1510107
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.9&integrationType=SDK
Frame ID: D7F5E9FA4AD26F95C80F8E22A409B48B
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOkur-flYgDFRyNWgUdbfkppg;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=369898411;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 27484B2E42BED5EF4EAD75A9E37BEBBF
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CJmIu7-flYgDFSiOWgUdBMkqHw;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=279420510;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 1D83F09C60AB7ACA271A2327B713BF88
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 646F1DB432F1764E936EF1068D5E5A07
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 1CBD4E8D8C24557ACF697FA328705F72
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 9466554C32BEB77E08E22C9362ECDA75
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Frame ID: DB1EB5988BAA36A98A0848C9B864E545
Requests: 13 HTTP requests in this frame

Frame: https://imgs.signifyd.com/jx_hqKA1ujr4QSBx?53e81e49a0173a9d=hND21DmZM4V3qWf-AlAGG6sLJCTs4SVbeCK1pq-tue0r_o80Fd7oOQgi4hrl_hLq34yTSCy3JqOSdYm_pZXzPpyqE_Mf5r9rl3CHukCW2WLcYhnDysPi8ppBWOmURV5lqoS7QpWREScR7U9cN0639cbj_1ISuQ0Z4HG5jaexO1yQcpWe_S9_pyHkYv_0NejHivdds42nic1r7kO6MEvGiIB9xL7urA
Frame ID: FD7FCD6ABCF0CE7C7AF1E4D6215B3176
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/eahRUD7Ed5U_EZqO?56d7db21602a48a6=s4amOqIIonjIe7PwClpCvSQBex3YhfRCYG1-ZnrXDghohZnln9gfNXq2w9oiNbNlf4VJ8VqtBojipe9DJijVB8PqLcUxF7UZTWDDpxF_i6vT_bu-CZtcO8uhJClQjqQg0HDQvWC5HVgnAh1IhOguKyOFrRt7wcStga4K3JALsmKYGfWJcW9BfxgVAW2XUWlSGZL-OEp5LzENFKR5pDl_lpzq9R63dTQ
Frame ID: 35AAC836DB49FE3B79DBF453AD82C76A
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/ursFfxA-IwZYLFp2?d0edcdf3f9699d3d=F9CCxUNKoUam4cdkaCImpdp8NHacwAep1UPAwAwgtBZS2lI2bKmr7KMxWjh01dddEtnmXyq3YDr6GK-rqKuEqFSrgwUPc3TZZMpUCgh9fpHhhxXrITeYO86ckjZbamrIqeYGMytzcem7pIGW2uLm-07ZDTQnEPJ4fMxPN6MdU6GY_zRiWVhE4rO7K3Zpb3FyAlyffhXL-zn3A9XVy5KrBi3dAibTC5Q
Frame ID: D5385160D9772ADEA2947E851E8CB424
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CIragsOflYgDFaioWgUdZSwh4g;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=285138603;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: FDD43973BAF68F99147521E159A5DA70
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CNn5gsOflYgDFW-0WgUdcAgrmQ;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=53156791;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: C062C7F863976D488BD7F906F55DAE18
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

  1. https://cosmeticcrimal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

224
Requests

94 %
HTTPS

28 %
IPv6

52
Domains

80
Subdomains

67
IPs

3
Countries

9897 kB
Transfer

19644 kB
Size

88
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticcrimal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 13
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 28
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=GhE496oZYiWrhdbBzGAM-kdNYWYb2WLzhf7FVBv86l0 HTTP 303
  • https://www.elfcosmetics.com/callback?usid=918e5d1c-9b38-45db-8715-e589fd99e28f&code=S7csqtScATmuj41hSQ-AGHcsl3Jp2mEr3dbPlafGpk8
Request Chain 38
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=568894914.1724764237&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48q0n81WL3STMXv896608294za200&auid=1729937063.1724764237 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=568894914.1724764237&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48q0n81WL3STMXv896608294za200&auid=1729937063.1724764237
Request Chain 45
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c1df74b2-7a18-4592-aaca-ff5974ed60c4&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1413060263 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 46
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 47
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=5422444420055890537&ttd_tdid=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZDhlNzhkM2ItM2RkNC00NWU5LWIzMmMtNzIyMTBlNzVmM2Nj&gdpr=0&gdpr_consent=&ttd_tdid=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&google_gid=CAESEGT8Zkv7dQlP92Vf7DuI6vQ&google_cver=1 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expiration=1727356240&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expiration=1727356240&gdpr=0&gdpr_consent=&C=1
Request Chain 115
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=369898411;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOkur-flYgDFRyNWgUdbfkppg;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=369898411;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 118
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=279420510;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJmIu7-flYgDFSiOWgUdBMkqHw;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=279420510;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 178
  • https://idsync.rlcdn.com/458359.gif?partner_uid=da2acb3a-f931-4910-9eff-fa28dccca711 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGRhMmFjYjNhLWY5MzEtNDkxMC05ZWZmLWZhMjhkY2NjYTcxMRAAGg0I06C3tgYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=b1b3451fb921479b487fac9d7c1c112b019a1c7015286bf3a58ea29a5be871ad6ac34734d8e453ee
Request Chain 199
  • https://www.googleadservices.com/pagead/conversion/698270988/?tag_exp=0&random=2027402367&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1729937063.1724764237&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?tag_exp=0&random=1328709541&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1729937063.1724764237&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&eitems=ChEI8PK1tgYQhNLQioLhq-uTARIdAPzyqG3pBtXwKn0KAVwvY4b81VTZPVi7cv0SGmk&pscrd=IhMIq9m_wZ-ViAMVUwqICR36exvPMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?tag_exp=0&random=1328709541&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1729937063.1724764237&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIq9m_wZ-ViAMVUwqICR36exvPMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw&is_vtc=1&cid=CAQSKQDpaXnfAzIGn4YWh-lZQ-bBtQa9-FyR3cfBpb2AzH-yb9E1s5LUvJgi&eitems=ChEI8PK1tgYQhNLQioLhq-uTARIdAPzyqG34RAOwPV5t0yx84ojDHv9NCmVoeFp0az4&random=557598468 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/698270988/?tag_exp=0&random=1328709541&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1729937063.1724764237&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIq9m_wZ-ViAMVUwqICR36exvPMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw&is_vtc=1&cid=CAQSKQDpaXnfAzIGn4YWh-lZQ-bBtQa9-FyR3cfBpb2AzH-yb9E1s5LUvJgi&eitems=ChEI8PK1tgYQhNLQioLhq-uTARIdAPzyqG34RAOwPV5t0yx84ojDHv9NCmVoeFp0az4&random=557598468&ipr=y
Request Chain 212
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c1df74b2-7a18-4592-aaca-ff5974ed60c4&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=New&gtmcb=1281502160 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 217
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch HTTP 302
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=93&user_group=1&user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&r=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dpubmatic HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
Request Chain 222
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=285138603;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CIragsOflYgDFaioWgUdZSwh4g;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=285138603;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 223
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=53156791;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CNn5gsOflYgDFW-0WgUdcAgrmQ;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=53156791;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

224 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/en_CA/
Redirect Chain
  • https://cosmeticcrimal.ca/
  • https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
1 MB
262 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ea437427f870a3652f63423f5d3c81b77a0f872b318e4911243134cd8227d65
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
266757
content-type
text/html; charset=utf-8
date
Tue, 27 Aug 2024 13:10:30 GMT
etag
W/"f989b-0rZnsyR85z4CdkmDPS/xgnoFJGw"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 b5a3a07d269412210ea111017ec1157e.cloudfront.net (CloudFront)
x-amz-apigw-id
dK16oFxSCYcEIQg=
x-amz-cf-id
cQVmwzjoBnXtiepn7G8h0jxK9U1Ka98WkN6fZegyxhOvmN4XPEQv6w==
x-amz-cf-pop
IAD79-C3
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
1022107
x-amzn-remapped-date
Tue, 27 Aug 2024 13:10:29 GMT
x-amzn-requestid
51b2e9fd-7ef1-4db2-bd49-9e0543151c1b
x-amzn-trace-id
Root=1-66cdd043-5748bdad1b50583f4b1cae55;Parent=2a758155602535af;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
2321cc8d59d8/[2513,2338,-] 23D1cc02327e/[-,2659.561]
x-yottaa-optimizations
ob/1000000100001000 si/23D1cc02327e-1724757791-3481023481 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Tue, 27 Aug 2024 13:10:27 GMT
location
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658f1ccfd931403bb4ae2fbe rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
26D1cc8d5849/[-,0.222]
x-yottaa-optimizations
ob/0 si/26D1cc8d5849-1724757792-8757893791 tts/1724764227288 ti/0 ai/658f1ccfd931403bb4ae2fbe
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:21::1730:e08f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:31 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
h-pEhIV59,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id
u3126KnTh_
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
server
Unknown
x-frame-options
DENY
x-amp-source-width
3199
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:21::1730:e08f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:31 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
-5msXeyiT,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id
9wBIOw987P
content-length
209440
x-xss-protection
1; mode=block
x-amp-source-height
340
server
Unknown
x-frame-options
DENY
x-amp-source-width
800
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/ 		0
0
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin
https://www.elfcosmetics.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin
https://www.elfcosmetics.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
985935623
player.vimeo.com/video/ Frame CB56 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm-gke.vhx.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://mimir.cloud.vimeo.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

CF-Cache-Status
DYNAMIC
CF-Ray
8b9c4d6288a03773-YYZ
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 27 Aug 2024 13:10:32 GMT
Expires
Fri, 15 Dec 1985 19:30:00 GMT
Link
<https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin, <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin
Server
cloudflare
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 varnish
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm-gke.vhx.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://mimir.cloud.vimeo.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*
x-backend-server
player-backend-edge-entry
x-bapp-server
player-backend-9ff8f9bd9-gc9h9
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-host
player-backend-9ff8f9bd9-gc9h9
x-player-backend
g
x-served-by
cache-yyz4562-YYZ
x-timer
S1724764232.098703,VS0,VE212
x-xss-protection
1; mode=block
rZPCKoUReO0
www.youtube.com/embed/ Frame 9342 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:32 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:21::1730:e08f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:31 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
uSQ4fd5W5,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-req-id
4aJ5Rsa7KK
content-length
2085695
x-xss-protection
1; mode=block
x-amp-source-height
1484
server
Unknown
x-frame-options
DENY
x-amp-source-width
3080
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:21::1730:e08f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:31 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
VZ1BSbptQ,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-req-id
Pmb4CRXb_g
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
server
Unknown
x-frame-options
DENY
x-amp-source-width
2806
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:21::1730:e08f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:31 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
2sqD6qrVA,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-req-id
Ic9d5ZeNlI
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
server
Unknown
x-frame-options
DENY
x-amp-source-width
1952
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:21::1730:e08f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:33 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
cUMOKR_Tu,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-req-id
uYxFLbyN15
content-length
628288
x-xss-protection
1; mode=block
x-amp-source-height
525
server
Unknown
x-frame-options
DENY
x-amp-source-width
3200
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2600:141b:1c00:21::1730:e08b Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:32 GMT
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
etag
"dd3676819bd88a250c875a11e38c307d"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/mp4
access-control-allow-origin
*
Content-Range
bytes 0-1060947/1060948
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
1060948

Redirect headers

date
Tue, 27 Aug 2024 13:10:32 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
1_W_uZnh5,l4p5bDg2e,bgWw7nQ29
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2600:141b:1c00:21::1730:e08b Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:32 GMT
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/mp4
access-control-allow-origin
*
Content-Range
bytes 0-1262366/1262367
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
1262367

Redirect headers

date
Tue, 27 Aug 2024 13:10:31 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
Tz4691wJ9,l4p5bDg2e,fH6Lo3_5e
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:32 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1103942
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
24036
x-served-by
cache-lga21987-LGA, cache-yul1970029-YUL
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1724764232.078398,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
1572, 157
player.js
player.vimeo.com/api/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.61 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
794b9f4fa15362394d9913554121b956f2ee5f5dc368540a8cc761dc9c7668f1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-cache-hits
430
Date
Tue, 27 Aug 2024 13:10:32 GMT
content-security-policy
default-src 'none'; style-src 'unsafe-inline'
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
via
1.1 varnish
Age
1089
x-cache
HIT
Connection
keep-alive
x-backend-server
player-backend-edge-entry
Content-Length
11434
x-served-by
cache-yyz4550-YYZ
x-player-backend
g
Server
cloudflare
x-timer
S1724764232.093143,VS0,VE0
vary
Accept-Encoding
Content-Type
application/javascript;charset=utf-8
access-control-allow-origin
*
Cache-Control
max-age=1800
x-bapp-server
accept-ranges
bytes
CF-RAY
8b9c4d628cfcabdc-YYZ
expires
Tue, 27 Aug 2024 09:22:22 GMT
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
199e8c9a1493fd6960bdc37cac5f96aff4195ef536f270cc9ba375464a6ebdd6
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:32 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script'
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 27 Aug 2024 13:10:32 GMT
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/ 		2 MB
627 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1c837b83e593f154428f1615709ad1146a51818f6973ad5ea0d24c2bb619670

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:31 GMT
via
1.1 12226b9ff01df10d4b735797b17a2a72.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
ATL58-P9
age
9612
x-yottaa-optimizations
ob/1000 si/33118cae0c60-1722432662-925629312 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
840429
content-length
641170
x-amz-meta-bundle
11899
x-served-by
cache-yul1970033-YUL
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1724764232.858824,VS0,VE1
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
33218cae0cea/[37,10,-] 33118cae0c60/[-,154.958]
accept-ranges
bytes
x-amz-cf-id
OIR0mKvySsRW40F1f9ACTeQb6u1uyS4alfC4EdUGhwEV6bpcQ5z5QQ==
x-cache-hits
1
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/ 		2 MB
507 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1961d18c3e6b963bbb09b850a484e8c10fca2938ffe503e4f693c6e673618f87

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:31 GMT
via
1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
age
500163
x-yottaa-optimizations
ob/1010 si/36118cae0e1f-1721912044-567498284 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
840429
content-length
518958
x-amz-meta-bundle
11899
x-served-by
cache-yul1970033-YUL
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1724764232.859030,VS0,VE1
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
36218cae0e39/[-,-,1724264041471] 36118cae0e1f/[-,98.648]
accept-ranges
bytes
x-amz-cf-id
-vn0ingJU6rbbKgXQ9keE4QtF4wG-qHxOZ2ebHOaFXmLMkP_YCIjnQ==
x-cache-hits
1
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
60604eb6ccf99a00d1666b9081d65b4e917ba2b4d295403e2a75887326aa3e15

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:31 GMT
via
1.1 6c7ab75e35abaff5e641bcd368abeaf4.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
ATL58-P9
age
500178
x-yottaa-optimizations
ob/1101 si/33118cae0c65-1722432663-497388015 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Miss from cloudfront, HIT
x-amz-meta-deploy
840429
content-length
11984
x-amz-meta-bundle
11899
x-served-by
cache-yul1970033-YUL
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1724764232.859050,VS0,VE1
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
33218cae0c84/[3,-,1724264044466] 33118cae0c65/[hit]
accept-ranges
bytes
x-amz-cf-id
WksumlCeIkNpEkRpfS9dAGfm9lyT_SefExKw0AuVQcfz0nvL-WynRA==
x-cache-hits
0
ga4
api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ga4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.194.25.57 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
57.25.194.35.bc.googleusercontent.com
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-methods
POST,HEAD,OPTIONS,GET,PATCH,PUT,DELETE
access-control-allow-origin
https://www.elfcosmetics.com
date
Tue, 27 Aug 2024 13:10:36 GMT
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy
strict-origin
server
envoy
strict-transport-security
max-age=15768000
x-content-type-options
nosniff
x-envoy-upstream-service-time
20
x-frame-options
DENY
x-xss-protection
1; mode=block
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50377d1d3e7dcb2c8298feb8d2505099df1957e3700a358b993b4cf443fd36e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
p+39a+/XEcZfNKybQjgXjA==
age
82235
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Thu, 22 Aug 2024 17:41:35 GMT
server
cloudflare
etag
0x8DCC2D1AB4814B3
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
8a9bf38e-301e-0026-16c3-f4083e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b9c4d7ce91ca273-YUL
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		584 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:5e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
00c37c179efcf89af86ea2d429f0549526f8a0a0a7a9e8b6470757c50a3f4e90

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:20 GMT
content-encoding
gzip
via
1.1 d8231fd704ad0bc5e49083372d79c2c0.cloudfront.net (CloudFront)
last-modified
Mon, 26 Aug 2024 21:31:39 GMT
server
DYCDN
age
17
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
etag
W/"2b8e1087629a1d405fd0d66f4791caa8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
C6YgOS-ZfWYuF3ezN7sT0YJPW1gZAa4BZs5ROKiKQVehITdy7MQuog==
api_static.js
cdn.dynamicyield.com/api/8772046/ 		391 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:5e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
13806a61e5f705f2c187f8c57d13b7f32fcc96b727bdeea9db57f8dc737d8a2b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 10:57:22 GMT
content-encoding
gzip
via
1.1 d8231fd704ad0bc5e49083372d79c2c0.cloudfront.net (CloudFront)
last-modified
Mon, 26 Aug 2024 21:31:40 GMT
server
DYCDN
age
7995
x-amz-cf-pop
EWR53-C2
etag
W/"781a16c450d777f50dc36f979902a380"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=28800
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
e_hd_nrbwdGAbIF9UxgUX6HfJCssxOX6-tmXETzr_3UvJv8HrxypzA==
gtm.js
www.googletagmanager.com/ 		521 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6f714e5012cf3027f12565c4d480efa2e881de9aaaecc58049eda28ca717baad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:36 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138606
x-xss-protection
0
last-modified
Tue, 27 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 27 Aug 2024 13:10:36 GMT
ga4
api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ 		105 B
675 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ga4
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.194.25.57 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
57.25.194.35.bc.googleusercontent.com
Software
envoy /
Resource Hash
5c41249b07f6d2204e589edfef8d16a1ff0839497e1612465772cb096f078ec4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 27 Aug 2024 13:10:36 GMT
strict-transport-security
max-age=15768000
referrer-policy
strict-origin
x-content-type-options
nosniff
server
envoy
x-frame-options
DENY
access-control-allow-methods
POST,HEAD,OPTIONS,GET,PATCH,PUT,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
x-envoy-upstream-service-time
0
access-control-allow-headers
*
content-length
105
x-xss-protection
1; mode=block
/
api.ipify.org/ 		24 B
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
8b9c4d7d7e38ab39-YYZ
content-length
24
/
api.ipify.org/ 		24 B
76 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:36 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
8b9c4d7dce6fab39-YYZ
content-length
24
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=918e5d1c-9b38-45db-8715-e589fd99e28f&code=S7csqtScATmuj41hSQ-AGHcsl3Jp2mEr3dbPlafGpk8
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=918e5d1c-9b38-45db-8715-e589fd99e28f&code=S7csqtScATmuj41hSQ-AGHcsl3Jp2mEr3dbPlafGpk8
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:37 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 3072c658bb2e308b174aea92028efcd6.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
IAD79-C3
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
7988719c-a30e-4a52-bb66-b0a68757f753
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023639 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
dK18IF9DiYcENGw=
content-length
0
alt-svc
h3=":443"; ma=86400
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-66cdd04d-312a5a7d0fec566872fdb2a0;Parent=18aabbcecc21afb1;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
23214047a15f/[189,184,-] 23D1cc02327e/[-,191.266]
x-amzn-remapped-date
Tue, 27 Aug 2024 13:10:37 GMT
x-amz-cf-id
yQFOTUU1TYxfyAsga3wbu8oXz8ht3S-iYp5AtFx__IYc9c0iNh7UlA==

Redirect headers

date
Tue, 27 Aug 2024 13:10:36 GMT
x-correlation-id
8b9c4d8059748844
via
1.1 b5a3a07d269412210ea111017ec1157e.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD79-C3
age
0
x-yottaa-optimizations
ob/0 si/23D1cc02327e-1724757791-3481023595 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
22970, 1959951
x-ratelimit-1m-reset
23116, 23116
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=918e5d1c-9b38-45db-8715-e589fd99e28f&code=S7csqtScATmuj41hSQ-AGHcsl3Jp2mEr3dbPlafGpk8
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=GhE496oZYiWrhdbBzGAM-kdNYWYb2WLzhf7FVBv86l0
x-yottaa-metrics
23214047a149/[92,87,-] 23D1cc02327e/[-,93.501]
cf-ray
8b9c4d8059748844-IAD
x-amz-cf-id
9RCM5Qdv-P_fkuq4XgNxW3yySKwP11inz_xp4E_rRp-pZPVBIXyGcQ==
/
sdk.iad-05.braze.com/api/v3/data/ 		611 B
649 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:266b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e479ef02ef57f29c4749eed4b55cb041db228a2da706dd6539427f5bf52e3ee6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
7200000
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-Req-Attempt
1

Response headers

date
Tue, 27 Aug 2024 13:10:36 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
b48268ce-efc2-4a0d-9eaa-62cc364cade5
x-runtime
0.194317
server
cloudflare
etag
W/"e479ef02ef57f29c4749eed4b55cb041"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1724764239
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8b9c4d7eae1ba2f3-YUL
x-ratelimit-remaining
499.0
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:266b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8b9c4d7e5deca2f3-YUL
content-encoding
gzip
date
Tue, 27 Aug 2024 13:10:36 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
78195
content-md5
aY7kJA0jlzEL9QWHODNZDw==
content-length
1832
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 20:25:14 GMT
server
cloudflare
etag
0x8DCA5D566A7B63C
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1f48b12c-701e-004c-14be-d75495000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b9c4d7e58f3a2c0-YUL
expires
Wed, 28 Aug 2024 13:10:36 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
304 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8b9c4d806c5ca2d5-YUL
access-control-allow-headers
Content-Type
st
st.dynamicyield.com/ 		154 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=c2f53iqoty8lep3z95xeor3k60v7ml6b&ref=&scriptVersion=2.40.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:e800:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f7e0da0cea4c5b100c7e83638272993d24a54a146647b2bf996fb738ed0cc5f4

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:37 GMT
content-encoding
gzip
via
1.1 d3041c3025b9205db460853b5b9626bc.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
vary
Accept-Encoding
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
access-control-allow-origin
*
content-type
text/javascript; charset=utf-8
cache-control
no-cache
x-amz-cf-id
30aPoi4W0NpuQ7tfuDYDyZ26yjztz3XHSglfYN2wlz0UN8OFLF-Tmw==
expires
Tue, 27 Aug 2024 13:10:36 GMT
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:266b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8b9c4d822893a2f3-YUL
content-encoding
gzip
date
Tue, 27 Aug 2024 13:10:37 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
221 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:266b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e9110c3a64c056c73f8c293722f625830baaefffd31f71250f21bfd182cacd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Req-Tokens-Remaining
29
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
7200000
BRAZE-SYNC-RETRY-COUNT
0
X-Requested-With
XMLHttpRequest
Referer
https://www.elfcosmetics.com/
X-Braze-Req-Attempt
1
X-Braze-ContentCardsRequest
true

Response headers

date
Tue, 27 Aug 2024 13:10:37 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
92e1ecab-e547-4419-a5e4-a814ed7bc113
x-runtime
0.077382
server
cloudflare
etag
W/"7e9110c3a64c056c73f8c293722f6258"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1724764239
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8b9c4d8288dea2f3-YUL
x-ratelimit-remaining
499.0
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ 		20 B
180 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:266b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Req-Tokens-Remaining
28
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
7200000
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-FeatureFlagsRequest
true
X-Braze-Req-Attempt
1

Response headers

date
Tue, 27 Aug 2024 13:10:37 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
0b71530d-cdb3-42ac-b821-62c7b014e809
x-runtime
0.054174
server
cloudflare
etag
W/"e92f434a50c76d6e52d0d3cc91cdf185"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1724764239
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8b9c4d8288dca2f3-YUL
x-ratelimit-remaining
498.0
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:266b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8b9c4d82289aa2f3-YUL
content-encoding
gzip
date
Tue, 27 Aug 2024 13:10:37 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
landing
googleads.g.doubleclick.net/pagead/
Redirect Chain
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=568894914.1724764237&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48q0n8...
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=568894914.1724764237&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&g...
42 B
65 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=568894914.1724764237&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48q0n81WL3STMXv896608294za200&auid=1729937063.1724764237
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Server
142.251.40.98 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=568894914.1724764237&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48q0n81WL3STMXv896608294za200&auid=1729937063.1724764237
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202406.1.0/ 		451 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
7I5y/rp4ODu7ul89ty+epQ==
age
75776
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
112027
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:20:01 GMT
server
cloudflare
etag
0x8DCA5E56F667161
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
c05e064f-501e-009c-79cf-d7e837000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b9c4d82ed21a273-YUL
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.40.0/ 		196 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:5e00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
851023e8e196d0e90861b94b5fe9bf3d9c4fb03062e3b4cb23e5b3d486a0bbae

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 19 Aug 2024 07:49:58 GMT
content-encoding
gzip
via
1.1 d8231fd704ad0bc5e49083372d79c2c0.cloudfront.net (CloudFront)
last-modified
Mon, 05 Aug 2024 12:53:39 GMT
server
DYCDN
age
710440
x-amz-cf-pop
EWR53-C2
etag
W/"ee44de75017c16457be88357c51e4aea"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
nR4Bvh7XukYkvoEoXfZQxDOHMb_S9amLeduxRE5j9dk4pddKosw-rQ==
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
8568585bc1376991ed92a1af254d960252acfd61a24aa9ade0999d5afbf64a0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Authorization
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 27 Aug 2024 13:10:37 GMT
content-encoding
gzip
x-correlation-id
8b9c4d85ae37c936
cf-cache-status
DYNAMIC
via
1.1 d93f61c3371a812d64846df2034f9796.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD79-C3
age
0
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023694 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
x-ratelimit-1m-remaining
22948, 1959086
x-ratelimit-1m-reset
22261, 22260
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
23214047a160/[92,91,-] 23D1cc02327e/[-,95.283]
cf-ray
8b9c4d85ae37c936-IAD
x-amz-cf-id
IU45pQ6Ar-5_9b1oc7XvDGg1pPfzAuiLYNZ6488QSpwenF6wpMNI1w==
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/ 		227 KB
39 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
71713
content-md5
8kCXQkwViL618LYUH092ww==
content-length
39839
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 20:25:21 GMT
server
cloudflare
etag
0x8DCA5D56AD873B6
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
5813acbe-201e-00ba-6ebe-d77383000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b9c4d85eebba2c0-YUL
expires
Wed, 28 Aug 2024 13:10:37 GMT
uia
async-px.dynamicyield.com/ 		0
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1724764238008
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-81.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 e7e95bff6b1d430c678b4f86ab211a1a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
vcuSsbiZ3R4JVEMWb9xdXyh8FZ0oZLHzLBTiaCS3qgcJQORcfUw5ow==
expires
0
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:b200:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:08:43 GMT
via
1.1 google, 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
JFK50-P1
age
114
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
1BCklS7ket_4PuAECzd0fb9UBUlf6hZXjlIzARlw8e8CFEiJ1jFYsw==
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c1df74b2-7a18-4592-aaca-ff5974ed60c4&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
18.238.80.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-36.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
date
Tue, 27 Aug 2024 06:05:49 GMT
via
1.1 4b70da48eda82f2df6875ba8bf8f89ba.cloudfront.net (CloudFront)
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P5
age
25491
etag
"18b3e43abad26bdac6f4cea944777b62"
x-cache
Hit from cloudfront
content-type
image/gif
accept-ranges
bytes
content-length
807
x-amz-cf-id
wU5-CTRO4SfBnYxL-BgJ14nNTSfOniscg_VMp1WdPOKo-wA-LV8TSQ==

Redirect headers

date
Tue, 27 Aug 2024 13:10:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-requestid
0f4e8fa9-01cb-438a-a62c-f2b00c86241a
x-amzn-trace-id
Root=1-66cdd04e-5e73a30d20d9fdb912e18b11;Parent=191a0fc6c7a1de13;Sampled=0;lineage=07bbc27a:0
content-type
application/json
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
access-control-allow-origin
*
x-amz-apigw-id
dK18TGhUoAMEflQ=
content-length
2
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.160.75 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
an-x-request-uuid
6282ba8d-6da6-41c6-94d2-bb3aed2767dd
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
167.114.209.103; 167.114.209.103; 673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
an-x-request-uuid
3c498e82-4112-4bd0-8fa6-3e4a8154eafe
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control
no-store, no-cache, private
x-proxy-origin
167.114.209.103; 167.114.209.103; 673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=5422444420055890537&ttd_tdid=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZDhlNzhkM2ItM2RkNC00NWU5LWIzMmMtNzIyMTBlNzVmM2Nj&gdpr=0&gdpr_consent=&ttd_tdid=d8e78d3b-3dd4-45e9-b32c-72210...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&google_gid=CAESEGT8Zkv7dQlP92Vf7DuI6vQ&google_cver=1
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expiration=1727356240&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expiration=1727356240&gdpr=0&gdpr_consent=&C=1
43 B
736 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expiration=1727356240&gdpr=0&gdpr_consent=&C=1
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:40 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aCU%2FL8Qb66x7n5WgGcyJY9Dw0B6w%2BDYhJwjhHbBPiMD4%2BpoBzb6ai%2Bft%2BVvxniJfjwwvYGuwHF52SDPdBK19GVm8w4GyvPspkgUhAMMxLw5LsRUTo4Q4hmj0kHGzXctqxP4zAmkLZbjD7g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8b9c4d981c44ab46-YYZ
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:40 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=My4getxtQo8aJJcw4E7%2FSQsxIX7t1LjoN48t8GtHPBZR8FKy%2F0wmin1aBybXBYZyOJXEKtgR48Qx%2FpxNb%2BpOxO%2BaVnzdfN9akyXBsBwwGoHGPZQaOGMv3aCG7w2aQEFmnv%2ByDvT44aqXpg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=39&external_user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expiration=1727356240&gdpr=0&gdpr_consent=&C=1
cache-control
no-cache
cf-ray
8b9c4d96cb5cab46-YYZ
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
batch
async-px.dynamicyield.com/ 		0
385 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1724764238270_689435
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-81.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 134f499632d1e15750219cb766bdc50c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
ogNzzyZqNbDTAJb_2f8brROETwew9GGSm7Q_dR7xpcMOy6BxPxuqcg==
expires
0
otFlat.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sHJXWIgDpMKY35PyRRy4zQ==
age
77986
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3003
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:19:54 GMT
server
cloudflare
etag
0x8DCA5E56B3084E2
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
efcd7bdf-201e-0054-7b77-d87900000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b9c4d89d99ca2c0-YUL
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
LtDYZmcfPNW39lMw/Yu0RQ==
age
328
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12723
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
server
cloudflare
etag
0x8DCA5E56C7CC8BB
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
125efa87-d01e-00e0-3577-d87502000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b9c4d89d99fa2c0-YUL
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
QnaHNt7KvNcyo6Q1ZDZObg==
age
68299
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1738
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
server
cloudflare
etag
0x8DCA5E56C38B888
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
441122d6-a01e-00e4-20fb-d78080000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b9c4d89d9a0a2c0-YUL
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
HyPJ72TNHxdfOI82cqKVqA==
age
78196
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:20:07 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
c2721718-001e-00c0-0f77-d819ce000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b9c4d89d9a1a2c0-YUL
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=1284&uid=5953758945331761229&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=efcc2d1ac1d4ae2aeaebdbea095bb651&expSes=40090&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=9107464777410515427&cgtgDecisionId=9107464779174965558&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1724764238366&rri=3308338
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-81.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 e7e95bff6b1d430c678b4f86ab211a1a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
EbuIfhzFCob4lC5pjtUfKIBJjVFAKW4CB938NSLPFqUbB_Pf6OYf6g==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=302410&uid=5953758945331761229&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=efcc2d1ac1d4ae2aeaebdbea095bb651&expSes=40090&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=9107464778663502610&cgtgDecisionId=9107464779785751306&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1724764238370&rri=8945781
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-81.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 e7e95bff6b1d430c678b4f86ab211a1a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
7L5H65MNf8kQFpPsOd-QrGJUM0X-ydUEmed8pjax2UEm_G4P1X21jA==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=528977&uid=5953758945331761229&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=efcc2d1ac1d4ae2aeaebdbea095bb651&expSes=40090&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=9107464779716411505&cgtgDecisionId=9107464778336456450&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1724764238372&rri=8227241
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-81.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 e7e95bff6b1d430c678b4f86ab211a1a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
XkHjLKjVb4ZBW3lrFFFdoyJJFdWuhQRNYJyOUm-tzwV34l7UYSmzqw==
expires
0
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjkxOGU1ZDFjLTliMzgtNDVkYi04NzE1LWU1ODlmZDk5ZTI4ZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQ3NjQyMDcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibXJjMnhydElrdWtSbXVnWG1hWVlsdXBHOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDc2NjAzNywiaWF0IjoxNzI0NzY0MjM3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMzNDM5MDE0NTA2NTU5Nzk4In0.h6H31ha4h3KJrgfQNNLm_ttWbSkyjMyt2K6QnNL7RN_DlsgVGtXf4LPfmapvUtyq5mjoCE8jAARm_ZJ2vJ-eng
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 bd54236b6457f0995f0667aa772c5aae.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-yottaa-metrics
23214047a189/[102,99,-] 23D1cc02327e/[-,104.878]
x-amz-cf-pop
ORD53-C3
age
0
x-yottaa-optimizations
ob/0 si/23D1cc02327e-1724757791-3481023715 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
8b9c4d8a3aa887a9-IAD
x-dw-request-base-id
fJSWtU7QzWYBAAB_
x-amz-cf-id
MBX07Jhb8jTSjKquPcMze_nZP_wqJDjc0bCaeG8c4rpu7_SotXiNMQ==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/ 		155 B
894 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjkxOGU1ZDFjLTliMzgtNDVkYi04NzE1LWU1ODlmZDk5ZTI4ZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQ3NjQyMDcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibXJjMnhydElrdWtSbXVnWG1hWVlsdXBHOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDc2NjAzNywiaWF0IjoxNzI0NzY0MjM3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMzNDM5MDE0NTA2NTU5Nzk4In0.h6H31ha4h3KJrgfQNNLm_ttWbSkyjMyt2K6QnNL7RN_DlsgVGtXf4LPfmapvUtyq5mjoCE8jAARm_ZJ2vJ-eng
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 75bba5dfd2aa92cc6ca63ecca3b5248c.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
155
content-encoding
gzip
x-amz-cf-pop
IAD79-C3
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
77c11b00-c987-4c76-a231-f4dd5cbc90c4
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023716 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
dK18TFTPiYcEuKQ=
content-length
131
alt-svc
h3=":443"; ma=86400
etag
W/"9b-kxf9yVg30tXuCGFtxK1Gzr92WYg"
x-amzn-trace-id
Root=1-66cdd04e-29644ea86e641e870d9eb9c3;Parent=0399ad5545dcca08;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
23214047a116/[403,400,-] 23D1cc02327e/[-,405.719]
x-amzn-remapped-date
Tue, 27 Aug 2024 13:10:38 GMT
x-amz-cf-id
2ZeS5hbVCYvKqu1SSsF3WUOJHMPacSgxVAnoBZAaW9E7oC3uRpbj2Q==
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
251 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:266b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8390cf3fa78601363cc38ddff850cfafa2b29fae036f268f7e017a91d08a9e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Req-Tokens-Remaining
27
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
1260
BRAZE-SYNC-RETRY-COUNT
0
X-Requested-With
XMLHttpRequest
Referer
https://www.elfcosmetics.com/
X-Braze-Req-Attempt
1
X-Braze-ContentCardsRequest
true

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
22846358-5ce0-4a1e-ba48-a49e30bba325
x-runtime
0.062879
server
cloudflare
etag
W/"b8390cf3fa78601363cc38ddff850cfa"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1724764239
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8b9c4d8a0e08a2f3-YUL
x-ratelimit-remaining
497.0
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
900 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
via
1.1 1299a022d10cdc620f209ba0440a48e8.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD79-C3
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023717 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-yottaa-metrics
23214047a119/[208,206,-] 23D1cc02327e/[-,211.263]
cf-ray
8b9c4d8c6c0a8024-IAD
x-dw-request-base-id
cD17yU7QzWYBAAB_
x-amz-cf-id
hnOHb7dAVJFpv65y6MEcIz3ktJmmtpNZh-sd9yaFh5Jo-cObxMu3Fw==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
904 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 27 Aug 2024 13:10:39 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
via
1.1 ff57be90471f9a747547dbdeaf42a3ea.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD79-C3
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023720 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-yottaa-metrics
23214047a161/[68,65,-] 23D1cc02327e/[-,72.777]
cf-ray
8b9c4d8de81c5848-IAD
x-dw-request-base-id
fJSitU7QzWYBAAB_
x-amz-cf-id
R0smZRYTonOxzGF5NPR-QNp5Ci844rBQnIOOd_1kE0emLrMdhk_zuQ==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abmrc2xrtIkukRmugXmaYYlupG/ 		11 B
876 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abmrc2xrtIkukRmugXmaYYlupG/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjkxOGU1ZDFjLTliMzgtNDVkYi04NzE1LWU1ODlmZDk5ZTI4ZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQ3NjQyMDcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibXJjMnhydElrdWtSbXVnWG1hWVlsdXBHOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDc2NjAzNywiaWF0IjoxNzI0NzY0MjM3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMzNDM5MDE0NTA2NTU5Nzk4In0.h6H31ha4h3KJrgfQNNLm_ttWbSkyjMyt2K6QnNL7RN_DlsgVGtXf4LPfmapvUtyq5mjoCE8jAARm_ZJ2vJ-eng
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
sfdc_customization
HOOK
dnt
0
cf-cache-status
DYNAMIC
x-correlation-id
8b9c4d8cab7937f9
x-content-type-options
nosniff
via
1.1 7f2634ab02503490a050083667b6ffd4.cloudfront.net (CloudFront)
x-amz-cf-pop
ORD53-C3
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023718 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
sfdc_load
1
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abmrc2xrtIkukRmugXmaYYlupG/baskets?siteId=elf-us
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
8b9c4d8cab7937f9-IAD
x-amz-cf-id
2mVxbVjrMZFzagxNAsqh3ja7RlYzySsTDXWYOa83geTMkJYDjwHDAw==
x-yottaa-metrics
23214047a14e/[172,168,-] 23D1cc02327e/[-,174.630]
viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ 		98 B
516 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.85.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-85-244.compute-1.amazonaws.com
Software
envoy /
Resource Hash
f1daa19942da2a1dfcacafbf393f7ed1b89ab9e6451dbe73af31ee52a8c5af1f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

x-cq-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 27 Aug 2024 13:10:39 GMT
strict-transport-security
max-age=15552000; includeSubdomains
server
envoy
etag
W/"62-Yoa6sXJ5VIvjHF11OmFBChLgghw"
access-control-allow-methods
GET, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
content-length
98
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.141.89.122 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 27 Aug 2024 13:10:39 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/19828c26/www-widgetapi.vflset/ 		31 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/19828c26/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d2ba0e8a74340c429355e9260d453136d7b097666415b43f7ffbdce7af607542
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 09:49:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
12077
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10546
x-xss-protection
0
last-modified
Thu, 22 Aug 2024 04:19:39 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 27 Aug 2025 09:49:21 GMT
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:39 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Tue, 27 Aug 2024 13:10:39 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
js
www.paypal.com/sdk/ 		425 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c054e588dc71a88bdbc0611820b4bfb0604c35f787a4d3952a402469abc1bc04
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-yff1UfjwJA36VrqzoKySa00iZdI1Rkk2GEdOGQo2JVmNil2G' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-yff1UfjwJA36VrqzoKySa00iZdI1Rkk2GEdOGQo2JVmNil2G' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-yff1UfjwJA36VrqzoKySa00iZdI1Rkk2GEdOGQo2JVmNil2G' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-yff1UfjwJA36VrqzoKySa00iZdI1Rkk2GEdOGQo2JVmNil2G' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 27 Aug 2024 13:10:39 GMT
age
7047
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, HIT, MISS
p3p
true
paypal-debug-id
f93498881bb51
server-timing
"traceparent;desc="00-0000000000000000000f93498881bb51-db1e562df9183226-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
120848
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200163-BUR, cache-yul1970042-YUL, cache-yul1970042-YUL
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f93498881bb51-5ca06520ed48ffd3-01
x-timer
S1724764239.358861,VS0,VE6
etag
W/"1d810-XOJ+vYxa2aeJ4BUEGfW75APX2pI"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 6, 0
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		146 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.204.17.176 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-204-17-176.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
89ee8a62e7f8e07e4c7e8c20c2fc8455ef15d5048c7cd25df9ad044e410b3151
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Tue, 27 Aug 2024 13:10:39 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"e3856d6053946a012c02e9bb75664e2f988b2748"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, max-age=900
Connection
keep-alive
Content-Length
51687
Expires
Tue, 27 Aug 2024 13:25:39 GMT
batch
async-px.dynamicyield.com/ 		0
382 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1724764238789_138140
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-81.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 134f499632d1e15750219cb766bdc50c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
WyafBXntSwCizAiiBTht31se4i6kdyPjvmsPJtxEYT0DYFy03Fi95A==
expires
0
js
www.googletagmanager.com/gtag/ 		302 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
029ac9fc571f530db20e8ce203c404029ceb6f04ba92f29597bf206c7277bdba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
102987
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 27 Aug 2024 13:10:38 GMT
js
www.googletagmanager.com/gtag/ 		318 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
062ce8075b1f0923a531feaf3462900bfcb6780ec8cf731a25c73765a4d9589f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
107111
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 27 Aug 2024 13:10:38 GMT
iframe_api
www.youtube.com/ 		993 B
589 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
199e8c9a1493fd6960bdc37cac5f96aff4195ef536f270cc9ba375464a6ebdd6
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script'
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 27 Aug 2024 13:10:38 GMT
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		340 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-76.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
41a4ae32970d1743c55807d0469c2a67af849b97c0c1c80efd2aca8be01a80d8

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 25 Aug 2024 12:25:21 GMT
content-encoding
br
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P6
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
83164
last-modified
Thu, 22 Aug 2024 12:24:28 GMT
server
AmazonS3
etag
"7ff06089a725d37af9dd8529a5828c77"
vary
Accept-Encoding, Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
uX_39qfsRI1GsvGon7sULzqH7dC6hXRHoc8phUKR8-EE_r_bu7mhvA==
destination
www.googletagmanager.com/gtag/ 		216 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
57fd2b686de9acb957045f0a64d249de4e2878ff82e95c7017acc5d35a4d735e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79143
x-xss-protection
0
last-modified
Tue, 27 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 27 Aug 2024 13:10:38 GMT
destination
www.googletagmanager.com/gtag/ 		216 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
21c421f171575bdba65a4ee518ff7cff95fe92d0cf8a5ced52ff8d1d40f3095e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79169
x-xss-protection
0
last-modified
Tue, 27 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 27 Aug 2024 13:10:38 GMT
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:258d::1931 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
98ea26191ffc6155103762f2a7205b0b1af5f0e8d4e26cb4b539e581e2e48686

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
br
x-cdn
akamai
etag
"e5ca9645e8d8c8a937d77f8658e7bab1"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=7200
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
content-length
1880
fbevents.js
connect.facebook.net/en_US/ 		225 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 27 Aug 2024 13:10:39 GMT
document-policy
force-load-at-top
x-fb-server-load
53
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58912
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=32, rtx=0, c=23, mss=1232, tbw=4534, tp=13, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
Gu/h4JRgMwAnYVqbPehZZPXirlHr62niyaE41T5HP9Nq3vf4al+KfGKd1kgh4Qa+a2j872CUL2Umd2yfV70yqw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:39 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 20 Jun 2024 19:23:03 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
12116
bat.js
bat.bing.com/ 		49 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Tue, 27 Aug 2024 13:10:39 GMT
last-modified
Sat, 13 Jul 2024 20:42:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9F2D5EE75B8B431BABCF97C910713B99 Ref B: YMQ01EDGE0410 Ref C: 2024-08-27T13:10:39Z
etag
"044982565d5da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14183
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=746086&uid=5953758945331761229&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28646951%5D&ses=efcc2d1ac1d4ae2aeaebdbea095bb651&expSes=40090&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=9107464776951462270&cgtgDecisionId=9107464780091821252&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1724764238815&rri=4748966
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-81.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 e7e95bff6b1d430c678b4f86ab211a1a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
3BEAP89EZ_W1PxFFPkJl7qtweVTj4x9tXtbdSfyLJbQSaXCQzEfhEQ==
expires
0
events.js
analytics.tiktok.com/i18n/pixel/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BRR4GA0I9JJBU29G8GF0&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
584494f125ab645a555fa503cb4f7ab48e451713fbe70ab7af56f2e744dd5dfa

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
3a47f31
date
Tue, 27 Aug 2024 13:10:39 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240827131039D63068EFFB9AD24F7780-02E83915526FA30F-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=19
content-length
2340
pragma
no-cache
server
nginx
x-tt-logid
20240827131039D63068EFFB9AD24F7780
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
19,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b7835bf4b8ba23b0177c6cf21aa84a2c8338b33c1493ca99bf8424a3f1b438fd80b5924ae40f6c0dd959293db5ee7cbce7071ee8268dcae05be2c774a0676b273
expires
Tue, 27 Aug 2024 13:10:39 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
76ab827077bc7fb918d9f6cf3b8d01ad6012ebeb21177a602ad35e67fb567919

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
3a47f32
date
Tue, 27 Aug 2024 13:10:39 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240827131039AB124A9A0AADF05A8126-56EBD930ABDD06E4-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=5, cdn-cache; desc=MISS, edge; dur=7, origin; dur=31
content-length
2349
pragma
no-cache
server
nginx
x-tt-logid
20240827131039AB124A9A0AADF05A8126
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
31,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1bf2f27b91acb1a8a4ae1d71f1c4ef0fdafc2a0e5ede78071fb4a16764883f6c6e49e754e2ac06ebedb3f033f297f3f9230589b099b895f456215662eb4ff1ce3f
expires
Tue, 27 Aug 2024 13:10:39 GMT
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:9a00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
caab06b6d9e22bd3f5e606d7c52d61833bb08498c02ef96bb2155852c391249c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Ni7Av1nwUFjdEeEmV3bxRPsr0NJvxctr
date
Tue, 27 Aug 2024 01:28:03 GMT
via
1.1 1d45cc40d1dd29d2b3aaefb9f85bceee.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jul 2024 20:26:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
age
42157
x-amz-server-side-encryption
AES256
etag
"abd610d978a61075b07e166fe2d53c26"
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45338
x-amz-cf-id
aF9XDBVywtwDtCdGLGAvkK3obdow-Yc4dhysuBYyH-VPZ2tMsPyBzw==
i.js
tag.wknd.ai/6664/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e6c250a89828b98d6bd8623d692bcece54330fbbbbf8f5eb90a1799eaa016fc0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:07:18 GMT
content-encoding
gzip
x-envoy-decorator-operation
tag-router.tag-router.svc.cluster.local:80/*
via
1.1 google
age
201
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5691
server
istio-envoy
etag
6ba40c6cb81087
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
favicon.ico
www.elfcosmetics.com/ 		34 KB
34 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:38 GMT
via
1.1 b38c85b91efc7fa1238f9c75e1e5d932.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
34494
x-amz-cf-pop
IAD79-C3
age
126, 126
x-amzn-remapped-connection
close
x-amzn-requestid
18495d76-0b0d-4660-90ec-25c5ae0d901a
x-yottaa-optimizations
ob/100 si/23D1cc02327e-1724757791-3481023719 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront
x-amz-apigw-id
c9JpbGduiYcETEQ=
content-length
34494
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 21 Aug 2024 18:19:36 GMT
x-amzn-trace-id
Root=1-66c8563c-6cc50dc63c4d084c1e28ec5c;Parent=3f2a4607f4a58f59;Sampled=0;lineage=2b75b0e9:0
etag
W/"86be-191762a66c0"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
max-age=600, s-maxage=600
x-yottaa-metrics
23214047a15e/[9,-,1724764096022] 23D1cc02327e/[-,11.387]
accept-ranges
bytes
x-amzn-remapped-date
Fri, 23 Aug 2024 09:28:28 GMT
x-amz-cf-id
0HPEaEHsjBWIFCgvMxO6eiYcXpP9k5c185wBn7BOteRLSaWi6c6RFQ==
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
54389
x-ms-lease-status
unlocked
last-modified
Mon, 26 Aug 2024 02:10:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
bfac6b7a-901e-0009-54bc-f78904000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b9c4d8ddc60a273-YUL
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
538 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
54225
x-ms-lease-status
unlocked
last-modified
Mon, 26 Aug 2024 02:10:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
6bd579a8-d01e-002c-72c1-f711b7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b9c4d8e2d1fa2c0-YUL
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
68877
content-length
4036
x-ms-lease-status
unlocked
last-modified
Thu, 22 Aug 2024 17:41:37 GMT
server
cloudflare
etag
0x8DCC2D1AC84FD7B
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
1e3383c6-001e-00c0-77c9-f419ce000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b9c4d8e6cb2a273-YUL
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 27 Aug 2024 13:10:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
54390
x-ms-lease-status
unlocked
last-modified
Mon, 26 Aug 2024 19:34:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
204ec2da-e01e-00e8-18f3-f76e71000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b9c4d8e7cb7a273-YUL
viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.85.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-85-244.compute-1.amazonaws.com
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-cq-client-id
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization, content-type, x-cq-tenant, x-cq-client-id
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
content-length
0
date
Tue, 27 Aug 2024 13:10:39 GMT
server
envoy
strict-transport-security
max-age=15552000; includeSubdomains
x-envoy-upstream-service-time
1
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:23::1730:e04d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
date
Tue, 27 Aug 2024 13:10:39 GMT
server
Unknown
x-amz-server-side-encryption
AES256
x-amp-srv
A
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
5378
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:23::1730:e04d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Tue, 27 Aug 2024 13:10:39 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
996
icon-noun-drop-1235517%201
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:23::1730:e04d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Tue, 27 Aug 2024 13:10:39 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
838
700232
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/ 		78 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/700232?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
971c7f532b7574e788af8699656a455b6b4639deb30c4600bbfcc1b8a299eed5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
cache-control
no-cache
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 27 Aug 2024 13:10:39 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
gzip
via
1.1 b5bce7fabeec0dac262b157c938965fc.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD79-C3
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023725 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 27 Aug 2024 13:10:39 GMT
allow
GET,HEAD,OPTIONS
vary
accept-encoding
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/products/700232?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
x-yottaa-metrics
23214047a181/[187,180,-] 23D1cc02327e/[-,188.869]
cf-ray
8b9c4d927c115848-IAD
x-dw-request-base-id
fJSttU_QzWYBAAB_
x-amz-cf-id
8BYh0oBDII_AYqBKUU23J1F6RkJ16Wqbhk9KBqp9nBoBw7k8Iaz8xg==
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
406df21a316e057fbfc965b5d56b720e7ad95a7da2440f9714f6c764360c5be8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjkxOGU1ZDFjLTliMzgtNDVkYi04NzE1LWU1ODlmZDk5ZTI4ZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQ3NjQyMDcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibXJjMnhydElrdWtSbXVnWG1hWVlsdXBHOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDc2NjAzNywiaWF0IjoxNzI0NzY0MjM3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMzNDM5MDE0NTA2NTU5Nzk4In0.h6H31ha4h3KJrgfQNNLm_ttWbSkyjMyt2K6QnNL7RN_DlsgVGtXf4LPfmapvUtyq5mjoCE8jAARm_ZJ2vJ-eng
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 27 Aug 2024 13:10:40 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 8b91488fa62e73ed6328bc389e6d1cbe.cloudfront.net (CloudFront)
x-yottaa-metrics
23214047a188/[124,121,-] 23D1cc02327e/[-,126.402]
x-amz-cf-pop
IAD79-C3
age
0
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023730 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
1100
pragma
no-cache
etag
58ac03f6429b50f05625444ae4b7f2bdbba68538f3d819b78e3c456234aef957
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.elfcosmetics.com
x-dw-resource-state
58ac03f6429b50f05625444ae4b7f2bdbba68538f3d819b78e3c456234aef957
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
8b9c4d95db09c958-IAD
x-dw-request-base-id
cD2wyVDQzWYBAAB_
x-amz-cf-id
nZxIzFJa1_FOvEjDAYR-1Q6GU_Ej3S2y0IFDLP853MeZWRLtGL_X4A==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
main.1b182128.js
s.pinimg.com/ct/lib/ 		81 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.1b182128.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:258d::1931 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6515981ad814530ea37bc6838f8d8cc3074eaf22dffef1b8f207959afd0a492b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
br
x-cdn
akamai
etag
"2ede1d70eab18c6ab52837a878fb9264"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=1209600
accept-ranges
bytes
content-length
23553
collect
sgtm.elfcosmetics.com/g/ 		941 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48q0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=1770142216.1724764240&ecid=2109739991&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=568894914.1724764237&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=1&sid=1724764240&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=13429&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
f2baf0a77cdada03b42bda8a43f7e4a5d008974906392aae714783af6c8ce6a0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:40 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/ 		65 B
398 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48q0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=1770142216.1724764240&ecid=2109739991&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=568894914.1724764237&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=2&sid=1724764240&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&ep.event_id=1724764378773_17247643999388&ep.external_id=&_et=7&tfd=13465&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:40 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/ 		65 B
466 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48q0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=1770142216.1724764240&ecid=2109739991&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=568894914.1724764237&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=3&sid=1724764240&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1724764378773_172476439993810&ep.email=&ep.phone=&_et=2&tfd=13465&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:40 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
config
pixel-config.reddit.com/pixels/t2_16331p/ 		3 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/t2_16331p/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:40 GMT
content-encoding
gzip
via
1.1 varnish
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
content-length
27
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:40 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
97
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1724764240652&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=2fa933e146a1e5d089c11122c60b6878f01dbeb7c8cdc5c81a0e0af9609fa004&uuid=5b58d77a-6cf0-49a5-b300-1b3f889ef299&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:40 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=369898411;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.102 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:40 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"13855701593325440405"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0x115ee3d8b87ca431","source_keys":["12","13","14","15","16","17","18","19","20","21","18263372","18263373","18263374","18263375","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","634786564","634786565","634786566","634786567"]},{"key_piece":"0x50a279298ca5ab49","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","18263372","18263373","18263374","18263375","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","634786564","634786565","634786566","634786567"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"18263372":34,"18263373":34,"18263374":34,"18263375":3345,"19":65,"20":65,"21":6356,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628613572":32,"628613573":32,"628613574":32,"628613575":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"634786564":32,"634786565":32,"634786566":32,"634786567":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"14589976076390409186","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"13855701593325440405","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"13855701593325440405","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"13855701593325440405","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"13855701593325440405","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
main.MTcwODM0ODQ4MA.js
analytics.tiktok.com/i18n/pixel/static/ 		326 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f2fc4f1cd87c40b0d83ea0542ba613b4337450bbdc0ef30c7f033ac04e4fac70

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
3a483c3
date
Tue, 27 Aug 2024 13:10:40 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202408230056227E55C79B231EC7DB0481
x-tt-trace-id
00-2408230056227E55C79B231EC7DB0481-570954D32658B296-00
vary
Accept-Encoding
x-cache
TCP_HIT from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01fa67b1b1941d38bd1467913c3f54c4d8f2e5e065898d6f0c602ac7dc462d88a6f5a7c1061f0fa04951a4344f2c018cc6fafa2115249040c0e540078328a9c479dd42398406aec0d99fea35a362b7f7babde794d2acf27878952d7d82673d1a77
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length
93248
main.MTcwODM0ODQ4MQ.js
analytics.tiktok.com/i18n/pixel/static/ 		331 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
de0a685865e11857eb59fc72c7bc426af104c0307e099ba7377d4afe6503058d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
3a483c4
date
Tue, 27 Aug 2024 13:10:40 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202408230056233E19F1031BD116E70851
x-tt-trace-id
00-2408230056233E19F1031BD116E70851-3359091D65EB56D1-00
vary
Accept-Encoding
x-cache
TCP_HIT from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
017f14c8a4d566d6bb225815e09579b7e3a0c2eb774d5d6211da30ba983883da42cf282f57b67bd229fe982e6dc6cc5c858b16693ec769baa4a65d0acb8b9ff92e890491425074b1b469f72c7c3b04f0a78cd8b0981552172489b34aad55b34dfe
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=6
content-length
97610
local
www.paypal.com/credit-presentment/experiments/ Frame D7F5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.9&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
86468
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1526
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Tue, 27 Aug 2024 13:10:40 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-2Xvej+mDcQNMI4C2IgjEonngTKA"
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f81796337d9af
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f81796337d9af-dcbdea22561960ab-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f81796337d9af-4b10fda427a403bd-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
14344, 825, 0
x-served-by
cache-bur-kbur8200139-BUR, cache-yul1970021-YUL, cache-yul1970021-YUL
x-timer
S1724764241.913437,VS0,VE6
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.456&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
443e125b9fdcb2380d0a60bf26b2acee7113490edcae3c9c5ca43c7405c24f45
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-almShfLgNHjdKYYBcq8ZHREJ2ivwc79ZiR9QtKzEm6O856Sc' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-almShfLgNHjdKYYBcq8ZHREJ2ivwc79ZiR9QtKzEm6O856Sc' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 27 Aug 2024 13:10:40 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
97278
x-cache
HIT, HIT, MISS
paypal-debug-id
f770420a87577
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4789
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200020-BUR, cache-yul1970042-YUL, cache-yul1970042-YUL
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f770420a87577-a5a6a202ebdb843b-01
x-timer
S1724764241.874943,VS0,VE5
etag
W/"36a7-5qyGkjSez4jFgdOY2ogcwzDH1us"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
672, 31, 0
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=279420510;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.102 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:40 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"15154823361685615327"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0xbd1012ef80cc6620","source_keys":["12","13","14","15","16","17","18","19","20","21","18241288","18241289","18241290","18241291","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","638131352","638131353","638131354","638131355","640975368","640975369","640975370","640975371","902568420","902568421","902568422","902568423"]},{"key_piece":"0xeb70ab5bf57c8882","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","18241288","18241289","18241290","18241291","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","638131352","638131353","638131354","638131355","640975368","640975369","640975370","640975371","902568420","902568421","902568422","902568423"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"18241288":32,"18241289":32,"18241290":32,"18241291":3177,"19":65,"20":65,"21":6356,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628504556":32,"628504557":32,"628504558":32,"628504559":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"638131352":327,"638131353":327,"638131354":327,"638131355":31784,"640975368":218,"640975369":218,"640975370":218,"640975371":21189,"902568420":34,"902568421":34,"902568422":34,"902568423":3345},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"2724965696296963301","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"15154823361685615327","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"15154823361685615327","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"15154823361685615327","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"15154823361685615327","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je48q0v879088318z8896608294za200zb896608294&_gaz=1&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=1770142216.1724764240&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1724764240&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=14021
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=1770142216.1724764240&gtm=45je48q0v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=1770142216.1724764240&gtm=45je48q0v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=2095668991
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:9a00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Dtf.9Q_1CbcuUz2YOVUdf.z9UL2wO11I
date
Tue, 27 Aug 2024 01:28:03 GMT
via
1.1 1d45cc40d1dd29d2b3aaefb9f85bceee.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jul 2024 20:26:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
age
42159
x-amz-server-side-encryption
AES256
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
ru01PsDqugIvzdt9gtsLy0tie0v4CQuxfHdjnWYOkDpI9x8UXh2rAA==
launcher_configs
external-api.jebbit.com/moments/v2/ 		0
0
1638306756445368
connect.facebook.net/signals/config/ 		75 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.165&r=stable&domain=www.elfcosmetics.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
333ef29526d75c034c9ca5a45d975eab9ae5c4620c56174118270bd70222643d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 27 Aug 2024 13:10:41 GMT
document-policy
force-load-at-top
x-fb-server-load
34
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
15314
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=26, rtx=0, c=68, mss=1232, tbw=67142, tp=66, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
11AEw9QY483iQnG/XYiHPHDIC3HwY8Xhi1PqS9Un6OoM/lgaoTURSol6so5dwz/JZmLggfLbLXUao/CzevQpFQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
5013978.js
bat.bing.com/p/action/ 		334 B
406 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Tue, 27 Aug 2024 13:10:41 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: AEB1DE11535F416B84F1210CCE9F5999 Ref B: YMQ01EDGE0410 Ref C: 2024-08-27T13:10:41Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=1800
activityi;dc_pre=CNOkur-flYgDFRyNWgUdbfkppg;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
9231397.fls.doubleclick.net/ Frame 2748
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefi...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOkur-flYgDFRyNWgUdbfkppg;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOkur-flYgDFRyNWgUdbfkppg;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=369898411;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.102 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
439
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:41 GMT
expires
Tue, 27 Aug 2024 13:10:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CNOkur-flYgDFRyNWgUdbfkppg;src=9231397;type=retarget;cat=globa0;ord=9677612129960;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=369898411;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
jsp
ut.rd.linksynergy.com/ 		148 B
404 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
ea86093ac024fe290a4b49d511cd38522ef98f6abcefaa4e2f494e4b063d6620
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-samesite
secure
date
Tue, 27 Aug 2024 13:10:41 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
content-type
text/plain; charset=utf-8
logger
www.paypal.com/xoplatform/logger/api/ 		977 B
890 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1f14f0318172a72d0004ccfe871ae3fed5a6675d70390fe062d98bbfa291e074
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 27 Aug 2024 13:10:41 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS, MISS
paypal-debug-id
f34786797069e
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200102-BUR, cache-yul1970032-YUL, cache-yul1970032-YUL
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f34786797069e-91185595002576ea-01
x-timer
S1724764242.557251,VS0,VE123
etag
W/"3d1-0dUx8Eaf7uBYqm2aenBxt1fimKw"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
x-cache-hits
0, 0, 0
activityi;dc_pre=CJmIu7-flYgDFSiOWgUdBMkqHw;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-c...
10742279.fls.doubleclick.net/ Frame 1D83
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmeti...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJmIu7-flYgDFSiOWgUdBMkqHw;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfc...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJmIu7-flYgDFSiOWgUdBMkqHw;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=279420510;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.102 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
375
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:41 GMT
expires
Tue, 27 Aug 2024 13:10:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJmIu7-flYgDFSiOWgUdBMkqHw;src=10742279;type=elf8j0;cat=glo_flap;ord=6892001655377;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=279420510;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-length
0
date
Tue, 27 Aug 2024 13:10:41 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f411557f23e28
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f411557f23e28-b9656deb5409dc39-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-served-by
cache-bur-kbur8200122-BUR, cache-yul1970032-YUL, cache-yul1970032-YUL
x-timer
S1724764241.410251,VS0,VE124
collect
analytics.google.com/g/s/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.google.com/g/s/collect?tag_exp=0&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&_gsid=5D80LRC85Nu0IpOuJN9vUd4YjmdBck0w
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tag_exp=0&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=BxLmesa6pvY7nb43O32obcbLFZvNpKY%2BVgpi0mg8ExE%3D.1724764240&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&aip=1&z=1196380043
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tag_exp=0&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=BxLmesa6pvY7nb43O32obcbLFZvNpKY%2BVgpi0mg8ExE%3D.1724764240&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&aip=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
e47576c7-c43d-4718-8305-4a6dccf82894
https://www.elfcosmetics.com/ Frame 		0
0
/
ct.pinterest.com/user/ 		321 B
677 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1724764241598&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.1b182128.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:41 GMT
content-encoding
gzip
x-cdn
fastly
x-envoy-upstream-service-time
0
alt-svc
h3=":443";ma=600
x-pinterest-rid
1730933616326400
content-length
186
pin-unauth
dWlkPU56WTBNMlZoWVdZdFl6ZGhaUzAwWVRReExXSmpZamd0TlRrME1EQTRNRFk1WmpWaA
pragma
no-cache
referrer-policy
origin
x-pinterest-rid-128bit
9144f84494a81058f0371d881d2c7c58
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
93d6a1d867f8b0734f174cc8ed92086bf0be681a
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/user/ 		321 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221724764378773_172476439993810%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1724764241600&dep=5%2CEVENT_TAGS_ABSENT
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.1b182128.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:41 GMT
content-encoding
gzip
x-cdn
fastly
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
x-pinterest-rid
1489296211151079
content-length
186
pin-unauth
dWlkPU9UVTRORGhqWlRVdE5qZ3daUzAwWWpRMUxXRXpZekF0WVRnd056RTVNRGMxTkRsaA
pragma
no-cache
referrer-policy
origin
x-pinterest-rid-128bit
89d39018827d8ea6ceae6e2255f3d6c3
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
93d6a1d867f8b0734f174cc8ed92086bf0be681a
expires
Sat, 01 Jan 2000 00:00:00 GMT
pageview
c.contentsquare.net/ 		0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&dt=655&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6759&ww=1600&wh=1200&sw=1600&sh=1200&uu=94199b51-d241-a4f6-85e8-43276b6cfa10&sn=1&hd=1724764241&v=15.9.0&pid=1926&pn=1&r=543191
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.232.13.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-13-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
runtime_6459738026535cda4232dc813c61447d.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_6459738026535cda4232dc813c61447d.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 15:26:09 GMT
content-encoding
br
ad-auction-allowed
true
age
769472
x-guploader-uploadid
AHxI1nN4fx5On9N9Yca-fZHHl4H5T2yz5pSmcMnmLEQdhUH1SRQgDSrRx2BevdIp-G8OTEv7QFIcgC6W3g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1316
last-modified
Wed, 14 Aug 2024 20:02:40 GMT
server
UploadServer
etag
"09512239cb2a22728ca9f8608dfc2181"
x-goog-generation
1723665760849812
x-goog-hash
crc32c=BS9gKg==, md5=CVEiOcsqInKMqfhgjfwhgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1316
accept-ranges
bytes
content-type
text/javascript
/
ct.pinterest.com/v3/ 		35 B
210 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%221b182128%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1724764241636
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.1b182128.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
referrer-policy
origin
x-cdn
fastly
x-pinterest-rid-128bit
1db05a23f59dbf214d2c6700a3f7c6fb
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
93d6a1d867f8b0734f174cc8ed92086bf0be681a
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
alt-svc
h3=":443";ma=600
x-pinterest-rid
5560932892344305
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:41 GMT
content-encoding
gzip
via
1.1 18a2ff1d0c4298d4844e4dea761f1d6c.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
ORD53-C3
age
0
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023739 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-yottaa-metrics
23214047a107/[217,213,-] 23D1cc02327e/[-,219.414]
cf-ray
8b9c4d9e9d665772-IAD
x-dw-request-base-id
cD3hyVHQzWYBAAB_
x-amz-cf-id
1UbHY6S5EjWgDjk3EcfrWgGuQL47icarPSNxyxcOM7PqLtm-47U7RA==
expires
Thu, 01 Dec 1994 16:00:00 GMT
identify_c2008b8c.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
3a48718
date
Tue, 27 Aug 2024 13:10:41 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202408061913258435689CE415E98077BB
x-tt-trace-id
00-2408061913258435689CE415E98077BB-195B090BBF7C9BCF-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01e10cb6773c2b58095eeee787d98a6c6cd1faf5375857e19be7389d71fac41f461d6add66d502e5160f2a482999dbfaa1924d08666268999c55dd10ce86a8b1a994e58b6b0cb129c18bcbf1c6cc18af01f6503f5a19064d77be3454f9f673ae03
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length
40268
performance_interaction
analytics.tiktok.com/api/v2/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/performance_interaction
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a4873d
date
Tue, 27 Aug 2024 13:10:41 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082713104163E0F8F715C7B75BDCB7-62AEFAAEF105A16D-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=14, cdn-cache; desc=MISS, edge; dur=6, origin; dur=23
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082713104163E0F8F715C7B75BDCB7
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
23,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b59393d8fdaf411b6e06d15f8af5af548927c0a0911f8929fb1557ab768d0aa187cc12be28fd4855ed7c68d63074880763469df552a5571e4a6dcf57f798e17cc
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:41 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a4873e
date
Tue, 27 Aug 2024 13:10:41 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408271310412093D05AD0D3EA5CA6AC-4DEEC06E2CB04A4A-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=111, cdn-cache; desc=MISS, edge; dur=7, origin; dur=121
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408271310412093D05AD0D3EA5CA6AC
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
121,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b5a0e73e2c38b3c3a0df7dcd73f5d7e7da37945e0618e652136cccad098d5440089557570be9149db8d2ca27e44f1e74666a8e9f065cba9b66d083a31cba506ef
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:41 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
714 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a4873f
date
Tue, 27 Aug 2024 13:10:41 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082713104114DF2F27741F475392DD-0EC12AAC92FA34B1-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=30, cdn-cache; desc=MISS, edge; dur=6, origin; dur=40
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082713104114DF2F27741F475392DD
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
40,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b54b5b9d71ecf1b3ba5edd0b9216ac8a189eaca38f8aaeee110c16c22541ccd8000acb5c351e2d34d7aaa10b3a44f537a93c81e3a4c95e7d72a691da238663056
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:41 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a48740
date
Tue, 27 Aug 2024 13:10:41 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408271310415755BB20FDF8CF532792-3966C9777EB22381-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=224, cdn-cache; desc=MISS, edge; dur=22, origin; dur=233
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408271310415755BB20FDF8CF532792
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
233,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1bc892099f93f93192fc3e9953911fd1048bfa39de9d92bfbad6ec3a2f69983be91953ea1aa04b4da863e47d15a2df8a743643bfdeb04748739d99ba873f21d87c
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:41 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
717 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a48741
date
Tue, 27 Aug 2024 13:10:41 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240827131041EBAAF5CE3F76895CA708-07BA16DB92EB17EF-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=24, cdn-cache; desc=MISS, edge; dur=8, origin; dur=33
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240827131041EBAAF5CE3F76895CA708
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
33,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b5f61775977ef625908c8c75a0e53bb180a47ce3653e31c0ad3674ddc0ecbd368c15754cd82824aba74464e7383a9913d6e95c69444e452c6d01eda191535bd4f
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:41 GMT
ts
t.paypal.com/ 		42 B
640 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1724764241744&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Tue, 27 Aug 2024 13:10:41 GMT
date
Tue, 27 Aug 2024 13:10:42 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
dc102166b1cd8
server-timing
"traceparent;desc="00-0000000000000000000dc102166b1cd8-97aac9a7ba70f8ff-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200026-BUR, cache-yul1970045-YUL
pragma
no-cache
correlation-id
dc102166b1cd8
traceparent
00-0000000000000000000dc102166b1cd8-41e45857127e8a70-01
x-timer
S1724764242.941942,VS0,VE97
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
0
bat.bing.com/action/ 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=56566f48-c72f-4446-a7ee-441f88a96ca6&sid=c3034ae0647511ef9c1bf519e25b6f5f&vid=c3041680647511ef91771f5a621bc508&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=11098&evt=pageLoad&sv=1&cdb=AQET&rn=233071
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 27 Aug 2024 13:10:41 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: F7F87214AB4C49CB85C2E2C2EA80FD40 Ref B: YMQ01EDGE0410 Ref C: 2024-08-27T13:10:41Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1724764241782&sw=1600&sh=1200&v=2.9.165&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1724764241772.942062052502332363&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1724764241164&coo=false&eid=1724764378773_172476439993810&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=10, mss=1297, tbw=2826, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 27 Aug 2024 13:10:41 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1724764241782&sw=1600&sh=1200&v=2.9.165&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1724764241772.942062052502332363&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1724764241164&coo=false&eid=1724764378773_172476439993810&tm=1&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Tue, 27 Aug 2024 13:10:41 GMT
document-policy
force-load-at-top
x-fb-server-load
42
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7407806010535835625", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=15, mss=1297, tbw=3144, tp=-1, tpl=-1, uplat=58, ullat=0
pragma
no-cache
x-fb-debug
wAuYOoU8jXu4h3BxUMN7LY7TYAszXmifTFWmpEjYbsShGTkb2FlUApReQ9gEMDptKu9wkRqDPOrAPY4uk4h4VQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7407806010535835625"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
716 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a48788
date
Tue, 27 Aug 2024 13:10:41 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240827131041E635761F70B15956C18B-7FD029B71DFB1092-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=63, cdn-cache; desc=MISS, edge; dur=7, origin; dur=72
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240827131041E635761F70B15956C18B
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
72,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b74fe4ac99e3a0fe248312552fe475e0aa06f6e209d1f50951f4745733721455b089b08780407b5edbf256e8e3315571feac4b0291893af78c4850ed64c49db12
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:41 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
717 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a4878a
date
Tue, 27 Aug 2024 13:10:42 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408271310418442672E3810B25DDBCE-613381AC531BEE12-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=187, cdn-cache; desc=MISS, edge; dur=8, origin; dur=212
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408271310418442672E3810B25DDBCE
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
212,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b0e7bb1d882bfbb2b39a19dfe90abafeaf4f55ce160146b8ad643bdf15e1e79db583ed7e84b084831bc09c9eb403f4f6f6805a390056e3577e179fb11a0eea834
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:42 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
722 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a487b7
date
Tue, 27 Aug 2024 13:10:42 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240827131041EBAAF5CE3F76895CA71C-31DBB86F65916D48-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=210, cdn-cache; desc=MISS, edge; dur=23, origin; dur=250
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240827131041EBAAF5CE3F76895CA71C
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
250,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b5f61775977ef625908c8c75a0e53bb18bc685e74cf32234547d5a4ba02b1da056523ba69171bcf4936a9901fe3334df67ac399bba4c7b6e9109a141ab920a844
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:42 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
717 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a487b8
date
Tue, 27 Aug 2024 13:10:42 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082713104188168688C099805E77D3-68F02A68E956E17D-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=98, cdn-cache; desc=MISS, edge; dur=13, origin; dur=113
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082713104188168688C099805E77D3
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
114,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1bf2f27b91acb1a8a4ae1d71f1c4ef0fda53be3d8223fa304fe59b3292989dc0e29aee5bc8de707b9bff5074df3c8cd16e0a2494e9396016bceb118adbc62e1585
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:42 GMT
/
ct.pinterest.com/v3/ 		35 B
356 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221724764378773_172476439993810%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1724764241907&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPU56WTBNMlZoWVdZdFl6ZGhaUzAwWVRReExXSmpZamd0TlRrME1EQTRNRFk1WmpWaA%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%221b182128%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
referrer-policy
origin
x-cdn
fastly
x-pinterest-rid-128bit
5cbb10f6ef45df4aecef74fa0a1e376f
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
93d6a1d867f8b0734f174cc8ed92086bf0be681a
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
x-pinterest-rid
1707299332964523
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
dvar
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=15.9.0&pid=1926&pn=1&sn=1&uu=94199b51-d241-a4f6-85e8-43276b6cfa10&dv=H4sIAAAAAAAAA6tWcnSKd4mMd8%2FJT0rMUXDOzyspys9RCEktLlGyUnKpzEvMzUxWiMxMzUlRcK0oSC3KTM1LTi1W0oHqQ4gpGAI1hCUWZSaWZObnAXkwJT755QqeeSWpeSATA%2FILSnOAikoqlWoB8S1cunwAAAA%3D&ct=2&r=410266
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.232.13.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-13-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:41 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
717 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.172.62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-206-172-62.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3a4881c
date
Tue, 27 Aug 2024 13:10:42 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240827131042A0A26679958D0D57F276-75FCAB906EF23F54-00
x-cache
TCP_MISS from a23-58-89-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=48, cdn-cache; desc=MISS, edge; dur=8, origin; dur=57
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240827131042A0A26679958D0D57F276
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
57,23.58.89.76
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386c8c4508cd897c66f2216849c78e0ef1b58d99fa57d6f9ad5f1174ecafc859d2f07e3b40089e820d6f1f4e9a7d036680c557e7f2463999ff6a1c77765520b65c4b7d7fa88df4a9a9ff062cd9e50b3c1f5
access-control-allow-headers
Authorization,*
expires
Tue, 27 Aug 2024 13:10:42 GMT
main-v2_966f7271f44a49315727a23ccae07eb6.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		506 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_966f7271f44a49315727a23ccae07eb6.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9148c84828ef7d35bcb5b561b49d796bd8a421bbdef2e414bf8dfdea116cf6b3

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 12:42:22 GMT
content-encoding
br
ad-auction-allowed
true
age
1699
x-guploader-uploadid
AHxI1nMfQ56XqKut36oLrzUrKX9sTN0agMqIR07wZqFsdftSn_wwfJ_R9rsH-YRgUmyVVzXzfM0
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
113163
last-modified
Tue, 27 Aug 2024 12:42:13 GMT
server
UploadServer
etag
"e0d8304034a6ccbf38f6e5188d96e50b"
x-goog-generation
1724762533391260
x-goog-hash
crc32c=0M3U3w==, md5=4NgwQDSmzL849uUYjZblCw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
113163
accept-ranges
bytes
content-type
text/javascript
cjs_min_3a843477d8e318f67237a66d0a58c542.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_3a843477d8e318f67237a66d0a58c542.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 21 Aug 2024 11:25:44 GMT
content-encoding
gzip
ad-auction-allowed
true
age
524697
x-guploader-uploadid
AHxI1nPvc_HHmV4pGjVZQ6uYCnon8tgguuPRwiziM4jiie1AB6ys2ID0l_zD6k3WAhULXy4TuEY
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15748
last-modified
Mon, 22 Apr 2024 20:59:52 GMT
server
UploadServer
etag
"1eb885454ea6bef1c9747800702959de"
x-goog-generation
1713819592631797
x-goog-hash
crc32c=Joap5g==, md5=HriFRU6mvvHJdHgAcClZ3g==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15748
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
7e1dd19ea33b9d3fd18d1628c9
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/7e1dd19ea33b9d3fd18d1628c9
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.50.126 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
69548a6d1c2b225ca8d48f1bb426747c7338c537be7eaad87fba6cd2e6213738
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjkxOGU1ZDFjLTliMzgtNDVkYi04NzE1LWU1ODlmZDk5ZTI4ZiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQ3NjQyMDcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFibXJjMnhydElrdWtSbXVnWG1hWVlsdXBHOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDc2NjAzNywiaWF0IjoxNzI0NzY0MjM3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMzNDM5MDE0NTA2NTU5Nzk4In0.h6H31ha4h3KJrgfQNNLm_ttWbSkyjMyt2K6QnNL7RN_DlsgVGtXf4LPfmapvUtyq5mjoCE8jAARm_ZJ2vJ-eng
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

x-yottaa-profileid
5a0c9b7632f01c35d4210220
date
Tue, 27 Aug 2024 13:10:42 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 46dd9daa6209c4a2b51ec7ba64ab699e.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD79-C3
age
0
x-yottaa-optimizations
ob/1000 si/23D1cc02327e-1724757791-3481023740 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
993
etag
266870e8f65b9828231264799ad9f4e01b0289c431e09cba1b9b6d0ebba5e47d
allow
DELETE,GET,HEAD,OPTIONS,PATCH
content-type
application/json;charset=UTF-8
x-dw-resource-state
266870e8f65b9828231264799ad9f4e01b0289c431e09cba1b9b6d0ebba5e47d
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-os
200
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/7e1dd19ea33b9d3fd18d1628c9
accept-ranges
bytes
cf-ray
8b9c4da0fb4f2d24-IAD
x-dw-request-base-id
fJTwtVLQzWYBAAB_
x-amz-cf-id
MCHWOBHh3oNPguISDnzaUexsdIW_6WCexcFpf8sESF3lcyBN49hQdA==
x-yottaa-metrics
23214047a108/[187,184,-] 23D1cc02327e/[-,190.128]
inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 12:42:26 GMT
content-encoding
br
ad-auction-allowed
true
age
1696
x-guploader-uploadid
AHxI1nNnVbCOe4bxvhsNbpkull3_DxsZT55Oz7U65nEvpNoz1_2HdbTTib8bjrTVGutKBKkcHrzVKV6yuA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5475
last-modified
Tue, 27 Aug 2024 12:42:08 GMT
server
UploadServer
etag
"0a2858f64e1bb28926cd4f2404ec0a43"
x-goog-generation
1724762528130326
x-goog-hash
crc32c=df/Fww==, md5=CihY9k4bsokmzU8kBOwKQw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
5475
accept-ranges
bytes
content-type
text/javascript
onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 00:02:09 GMT
content-encoding
br
ad-auction-allowed
true
age
1084113
x-guploader-uploadid
AHxI1nOHINMIrH5uzo07S1sFRiiavc6C2dW398kz-y0KaJgWNqa-7KOWhNVJce30lkQ_5_MpcgfYrBnJwg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5003
last-modified
Wed, 14 Aug 2024 20:02:34 GMT
server
UploadServer
etag
"7ff99b6f1cea743cef749de91009e764"
x-goog-generation
1715884607531854
x-goog-hash
crc32c=qFvE1Q==, md5=f/mbbxzqdDzvdJ3pEAnnZA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
5003
accept-ranges
bytes
content-type
text/javascript
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.239.87 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
87.239.149.34.bc.googleusercontent.com
Software
/
Resource Hash
5930c52386428cfc5a608b256ce54b1688495c985d54500dce5b7cc18af7d01c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:42 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.246.67 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
67.246.149.34.bc.googleusercontent.com
Software
/
Resource Hash
23ac35020fdab2032bde632a9083fc2249f78d3eee113d283e6440440bb43792

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:42 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.244.178.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
91.178.244.35.bc.googleusercontent.com
Software
/
Resource Hash
13a0263c808264c2ef74e9722a768d55fb4164224e1554bf8d982547c9a57bb0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:42 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D10C) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
726cedd156e2a
dc
ccg11-origin-www-1.paypal.com
content-length
16355
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (nyd/D10C)
traceparent
00-0000000000000000000726cedd156e2a-2ad24785e35a533a-01
etag
W/"64f25363-daa8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Tue, 27 Aug 2024 14:10:42 GMT
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:42 GMT
x-cdn
fastly
age
24
etag
"16d5d552603d86726ae439fc61299d42"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200
timing-allow-origin
https://ct.pinterest.com
alt-svc
h3=":443";ma=600
content-length
4103
ct.html
ct.pinterest.com/ Frame 646F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443";ma=600
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Tue, 27 Aug 2024 13:10:42 GMT
pinterest-version
93d6a1d867f8b0734f174cc8ed92086bf0be681a
referrer-policy
origin
x-cdn
fastly
x-envoy-upstream-service-time
1
x-pinterest-rid
1792044746235442
x-pinterest-rid-128bit
e24cd325abe6c036027ca9852c18cbb6
jquery-3.7.1.min.js
assets.bounceexchange.com/assets/bounce/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.7.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 16:32:19 GMT
content-encoding
br
ad-auction-allowed
true
age
419903
x-guploader-uploadid
AHxI1nPKPQo9ojGugB_HCMjTqlhwtNcxEGzJcckQVR2a3fNv2XzUuJKk3Qqjwn75139aXlRX41j1S-Vw5w
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31011
last-modified
Wed, 21 Aug 2024 15:38:07 GMT
server
UploadServer
etag
W/"2c872dbe60f4ba70fb85356113d8b35e"
vary
Accept-Encoding
x-goog-generation
1724254687045348
x-goog-hash
crc32c=fsBEgw==, md5=LIctvmD0unD7hTVhE9izXg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
87533
accept-ranges
none
content-type
text/javascript; charset=UTF-8
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 1CBD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
ad-auction-allowed
true
age
281544
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Sat, 24 Aug 2024 06:58:18 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Wed, 21 Aug 2024 15:38:06 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1724254685943919
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
AHxI1nMvE3fuJceFTDvSnypB0wsRKfeg0LOXlwSO7fW43CN235Jdu6Pfy9URwKh6dG4oDmYY0ts
index.html
www.paypalobjects.com/muse/analytics/ Frame 9466 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D191) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16754
content-type
text/html
date
Tue, 27 Aug 2024 13:10:42 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc+gzip"
expires
Tue, 27 Aug 2024 14:10:42 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
e32c7877084c1
server
ECAcc (nyd/D191)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000e32c7877084c1-27b6e0e81837ae0b-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=15.9.0&pid=1926&pn=1&sn=1&uu=94199b51-d241-a4f6-85e8-43276b6cfa10
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.198.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-198-22.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 27 Aug 2024 13:10:43 GMT
content-length
2
content-type
application/json
lookup
pd.cdnwidget.com/ 		74 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=undefined&bxwid=6664&bxdid=2857280596590499844&visitID=1724764242744642&enableUID2=false
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:42 GMT
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
server
istio-envoy
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74
ts
t.paypal.com/ 		42 B
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1724764242853&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Tue, 27 Aug 2024 13:10:42 GMT
date
Tue, 27 Aug 2024 13:10:42 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
c9ae0c2332df0
server-timing
"traceparent;desc="00-0000000000000000000c9ae0c2332df0-819b2cc979b4ef64-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200063-BUR, cache-yul1970045-YUL
pragma
no-cache
correlation-id
c9ae0c2332df0
traceparent
00-0000000000000000000c9ae0c2332df0-9392ab46e47b9ef3-01
x-timer
S1724764243.860914,VS0,VE97
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
init1.js
api.bounceexchange.com/bounce/ 		108 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=921&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAmAFkIDZSziAOWgTk2AC8QpqAGTAdwFMARjlTA+AfVQATKBVmlMAJz44QAGzhoMBCp04APfMV2K+MPgqUKo2AIarVqBAHMxcBaqgALYMAAOOAFIAZgBBAOIAMXCInliAOj5VGCQQHABbPjQkHDiUtOi+BDEAYTDIxJgAWhT0zNQkaoVUNMc7HEwAN1RhYDEUkABrVD4oAMIAIXDiVV8p4LLibz9A4gBWUPDVyM3I2J4EpJqMrJy8nYjCkrKti6Tq1OP6xubW1RXicOKphTmN4g--mMACLYECDYajCZTSRSX4LOirEi0TirBgUVGcUgMBi0UikObEL7-LqSOFEMiUajUQh4qgAonEDpwsaTf6qEBOJx8SQSBBwmBtPifKZ8DrmMTsznc3n8wXC-5IGwKXoAR2AAE84Zx5cQcHABC0fNKMD0hYDQgK3maGZKuTzHBJJIU0DBhqTzSFLThrVNFcrZVadX7eh07HAzR8LXLCECdb5JBFUAocMAADIgGzuyMhYAKcM6yROZlQ-7dAAKSi6IDgOGKNdAGR+Hq9PtLOAAyvqcEgmgJzAHvTrugAVPh6YCdoQ91B9pvZltBmxITziYDvebk8h06j0WjA4GdJU4ADatuljgAurBBYfk8fReKz-aEFeW7eT8GxGr1VfuKG73qBoiKIPImiIfCvje-4nk+vKOs6qCutykFWu+x7Bih3poZ+obqBB16odBx6+DYXJiBqvj4W+HROjAp4cnacFSAhSGSJhfCdLR6FKiGYZUTe-RDKuYISkqXIEVhAi+FA3CZNJx4AETBgpAA0Sk2KITggAo6qqUpK5IAM1bAHpnggBkem+AoICSHAKB6d6SrLgpF6YL4a7WHkvgODYyDiDAqikdYHSeDYUBAA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
b230f59b5f6080019501e91cfea4a1169a579cb553c184873f7a9148c98283ca

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:43 GMT
content-encoding
gzip
x-envoy-decorator-operation
legacy-api-tier1.legacy-api.svc.cluster.local:80/*
last-modified
Tue, 27 Aug 2024 13:10:43 GMT
via
1.1 google
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
29
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 12:42:10 GMT
content-encoding
gzip
via
1.1 6741f9acf28bc52b25f06e9986a71e26.cloudfront.net (CloudFront)
last-modified
Tue, 23 Apr 2024 14:51:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
1714
x-amz-server-side-encryption
AES256
etag
W/"73ca6f23f3e08738233832c7a7a0c30c"
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
tzpHFrthfFX8iqhWHdIhIwGKAueWHVo-THH3vZtKb7BFve0zQu7cpA==
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 12:42:10 GMT
content-encoding
gzip
via
1.1 6741f9acf28bc52b25f06e9986a71e26.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
1714
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
7eTXxNUCtlhhCGgMiDtpA_q0Br7MEXbY-I37Ma_RS1RuVMaW3B_CkQ==
c
ids.cdnwidget.com/ 		438 B
775 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=186143075&GCS2=MTcyLjE3LjAuNywxMC4xLjE5LjI0MSxmZGJmOjFkMzc6YmJlMDo6MTc6Mzo6ZjEsZmRiZjoxZDM3OmJiZTA6OjE3OjM6OmYx&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22Iwk3D5WLZaqqagD%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A26%2C%22IDStageStart%22%3A26%2C%22obsReqdata%22%3A374%2C%22obsReqpage%22%3A381%2C%22obsReqview%22%3A382%2C%22netComplete%22%3A482%2C%22IDStagePrefire%22%3A482%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-7%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%222857280596590499844%22%2C%22visitid%22%3A%221724764242744642%22%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
6083ca8345fc7969108b48127c2efc9f1874524c6408c5c2e99e2e51b1298e8d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:43 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
438
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 15:05:01 GMT
content-encoding
gzip
ad-auction-allowed
true
age
425142
x-guploader-uploadid
AHxI1nOD9HtKibqbc50vB7q1gQ-wbiRlV3oFCprLBBAEPZJOuakzjjFLidOj77PFkMdCG0AqUb9v5TiYEg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6053
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
server
UploadServer
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
vary
Accept-Encoding
x-goog-generation
1670951542233151
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
6053
accept-ranges
bytes
content-type
text/css
visit
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoANARm8oGYAQmwAyITLAAebSQA4AbAH15AFgCUbAIIAHbaQQB1BACMA0lBoN+Adkb95bdqYASAFTwiaAYTakQAawQ2AHEEAGN-Ag1qZi8ACyQCAFsgum5qWRYs1hiAZRQAMxQkEEt6Gzt5ADJQCBgkBALkBqQcGvAoaApMABNxNG10BFgkUhw4yEhtMBpyzVm6BdoAd1XGBFICsIIwFMgQMLBGbaSlrEUveep6Og2CgFpt3YR9sMeSpPEUUjB2uugGmACKRYPsCJhJDhuPJmMw-p1AcDQSBwQBPKExOG1TpheCQZLAYogFDGfRgHCUazCajUUgENAYHqKcQ0agCK7UIo-VJs6g+GkIYDIRR0hkIJksmns1lcxCs7yssLFSCKACOkFR8v4HJyvP51DAsGMn0m4sU4LqPOlNNlVr5rNFjOZmGZPSw+wKIHFWo5tvl9ppSqQkB9Mu+cqlAeoQZVhJBVu1Ye5-v1gwwig12gTvvDVusABF4TBtgR-F6KVTWX0eqGaRl6NYMsx6ABOeSt5gqFst2QqFQp1mgGtS7XcRsqayqagqfi8WTMRsKmnAUOVgtL6jaHq0EBIMCQEQEFDDtnayBIWCpfU9NCr6nUcAABQaoAI8C8eOSyB9fqj4FyRpgGEJTGN+I6aL++rgK4CCSJAAHGEBIFgaeEG5huSphHECAZjM4FjtOk4qNOGSyLIlL5huBTACG+HjkR078BuKAED6OT6qQ2i1tQExTHhcxLEsqzLOsmxPHsBxHCcZwupcZybI8OwSW8wEgJ8mDhgONIoHhqHsYO2grvhG4nta1CmVGSDcVp0Y0T6BETlOM4bhApnavcfBRmgwE+rOG6nOB+k0qQdl0YRTlMVGSpJIMIBoJgunSpWdYqPQ8jTv24GUvewBGXpG4hbRqEOQxznrlG07pdQNh3oOeXskFtKhcV9ERRRG6VTS-DkVlyXULlbEFc17IlW167jYW8DIEM2DQMYiTLIgrTxIkKRVFNqAYLNQp7iimAYpkzDZOtS0zTAegoJABQEEgSQ4GIEiSCd01bTAbqgGELyolmOBumA-j4toVS4vuX5INAcQ6dsmA7ZA4o4HCGAENA2ywNgSCotsbo4JcVRIyjb7o5jBBuvwOOaAAcnjCDI6jRMaSkOMoBpPQoNTyMNGge04AAil47MAggXPggzCC85eoFhALYRQOihDowg3wC9oOyQN8WNi842oCxQ+yQLA2OpYw9A6+CXP69j9zWPwjDVPj0P7Jg7oazgFOaFUDR0seXgoDFKBxQlABq1AI1USQk2LcLLCYlogD0ODyInKhFnHUKtcRM5zgu1BVO9BwIKn9aNvOrbti2nbdr2ydpoKXrLKn3BVIgqqXpgn2p3CYR+O6+wpPuvvaGn4UZ-w-AqI3XdetgKDaCAO0QOCOBq2g-C57Xn2-VUkBxLuTKDMGqKKKDm04X0YAkvo8e2lvRAEDgxFwkCIwb9HxhVGdOAbUAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:43 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/ 		42 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmAAbKQACz-MxAywgSSDIQGHD4IgFWj0RjwFjsNT8QTCUR2CQyeQSdiqHjkzQcbS6fSGZGAiwg8EvWxcDKOSCYbZc8zArhguCvervTCkYCc54SyxSvnSKEwqgAVgRXiMYmAll4wEwLUNdmNuA4bHNltNKEIZotRsQYGALqMqFYXBAIVkIFNIBgYCGADUqPbeFxlvb4BBnMNRks4bDYUjYMnUwBGLxUfUZgukHM5gAcLXzRmWsA4EFTVDLOvzFZ1AE5Ye2Wgi222ywikSqgbmjPEajdJHWRxx0HBJPgdO5cEGzXmC14iwjSKQdaRDbOViBgDAoGlhoNMMuwHua0IYSEjLhsDBUGFQAd6prbKgAdIQjBCBcNwQlFE5H0hLhMARKgLUILg0DrTAE2cIwAXnTBrDSIA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:43 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
c65r1crseoee6igh.js
imgs.signifyd.com/ 		96 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/c65r1crseoee6igh.js?pz1rpcgg7n1d4gdz=w2txo5aa&hvlej9rwx4um5c7p=L2VuX0NBLzdlMWRkMTllYTMzYjlkM2ZkMThkMTYyOGM5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
f67ee31e6a7b1e019ebb6f300faa0aa0cad7425a6b085e877132aa881ae96c0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 27 Aug 2024 13:10:43 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 15:59:36 GMT
ad-auction-allowed
true
age
421867
x-guploader-uploadid
AHxI1nNAlG9T0JMdl2k1rdtyP0jQf4evSwaGNAbWyJJIjFPAA4FEC2OsvAawcQbKj3w9X6E8L5pVgf6cJg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
93895
last-modified
Mon, 08 Apr 2024 16:27:35 GMT
server
UploadServer
etag
"6aa18944a3ad2c224d37dafb46afa35f"
x-goog-generation
1712593655184176
x-goog-hash
crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
93895
accept-ranges
bytes
content-type
image/jpeg
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 04:11:38 GMT
ad-auction-allowed
true
age
291545
x-guploader-uploadid
AHxI1nOq4z9yJbrbg-sShBavRaTJTygxnFLPMeuljHouUYKvqCuu3bOxOVMNEEKm9yztvPWMclI
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 12:56:56 GMT
ad-auction-allowed
true
age
260027
x-guploader-uploadid
AHxI1nNwyGpAqtQ3zWHK9pnfY5_E80t2kseFnSGtNGyym9AeKBJd3wHdUPK8nrwyVXEiAxI6IkBoW7m8ww
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2419
last-modified
Thu, 01 Apr 2021 03:01:32 GMT
server
UploadServer
etag
"16f45df19355361dc1c101036c0035b0"
x-goog-generation
1617246092060079
x-goog-hash
crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
2419
accept-ranges
bytes
content-type
image/png
eligible
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=E4UwNg9ghgJgwlAtgBygSwOYDsDOA1AJgF4AGAMhgwC40cBlAVwCMcBjYNJkYIgMyjA4QFarQAKoAG5oIDHHDkAXCIm58BQkVVZRWACxAAVOkQCMAdgIAWcwDYr1ggA4XZBgEczZIRlVZFAPpoMDhEZDoo6NjBRNa2BAQAzObessCsIERMslgZAB5kUBgg-kQAVjhkiBAwmeQA7iAsaIogMbYdVmTSOC0xFtZ2DlaJpqZOJJYUINIZMc4ArJYTCwCctmskVqurTlZdqMXSIPX93iDuDCVzMLHhYGgliopoqjiKSMhmljb21onbVb3R7+KDINCSbi9CBYIgfDCJaazTIwMiKPRoYAwAKoYCKACeAXeEGARRAARgtCgTDAIFu-EEwkUAC8IEQHOQcBBeIF5mAAGKJdwAJQAWgBpK4cJzMgByAEUnKsxPiwFgABK8AAyAFFJGQ9FAsUFbgQBRMcAApEh5EDmWUkAAiAHkIAANADWwtYJBwOowiiYiCAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:43 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pop
events.bouncex.net/track.gif/ 		42 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMn1wBsRIATAYUm2EngHM0BnANQCYMAGQp3CHDQQAVzSx8ATxGVcGagEF+g8CSbx0GAIrUVQkRPhpcE2fIByy0QEcMARkLQ6DZmniUMnACwA2TpwAzADshKxi+NDyAEZiaFEAHoSQAhIYAFashNggcryEAO640azwsLgeGL7V3oSI8KUInvbBPsG+3j6B9vYAHDythHL1UZWcvQCsrf0TAJy+czzes7O93rUMAvW4BZWOrLg2oqajnoFOpPCmsDi4rLAuDq3e7Z3egRNLF1cSkMBIBFKWgeTHOw3gUQwlEIsAAFvB8JQAPoMfCwKRI+4gfApXBIygNSDRUi4TwAM0gpAOMIAXiAMJ0+OEybAkWNSAAxQI2ABKAC0ANLHfDwXo0izaXqzAAKUlIaAAEmSADIAUUQhFhkERbM8nE5-VYACkeAlcMELDwACIAeRAAA0ANY86A8ViqpiwaLYIA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:43 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
eligible
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=E4UwNg9ghgJgwlAtgBygSwOYDsDOA1AJgF4AGAMhgwC40cBlAVwCMcBjYNJkYIgMyjA4QFarQAKoAG5oIDHHDkAXCIm58BQkVVZRWACxAAVOkQCMAdgIAWcwDYr1ggA4XZBgEczZIRlVZFAPpoMDhEZDoo6NjBRNa2BAQAzE7essCsIERMslgZAB5kUBgg-kQAVjhkiBAwmeQA7iAsaIogMbYdVmTSOC0xFtZ2DlaJpqZOJJYUINIZMc4ArJYTCwCctmskVqurTlZdqMXSIPX93iDuDCVzMERdrGBoJYqKaKo4ikjIZpY29taJBYEWzhR7PKDINCSbi9CBYIifDCJaazTIwMiKPRoYAwAKoYCKACeAQ+EGARRAARgtCgTDAIFu-EEwkUAC8IHcCOQcBBeIF5mAAGKJdwAJQAWgBpK4cJysgByAEUnKsxISwFgABK8AAyAFFJGQ9FAcUFbgQhRMcAApEh5EDmeUkAAiAHkIAANADWotYJBweowiiYiCAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:43 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=da2acb3a-f931-4910-9eff-fa28dccca711
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGRhMmFjYjNhLWY5MzEtNDkxMC05ZWZmLWZhMjhkY2NjYTcxMRAAGg0I06C3tgYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=b1b3451fb921479b487fac9d7c1c112b019a1c7015286bf3a58ea29a5be871ad6ac34734d8e453ee
37 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=b1b3451fb921479b487fac9d7c1c112b019a1c7015286bf3a58ea29a5be871ad6ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-samesite
secure
date
Tue, 27 Aug 2024 13:10:43 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
content-type
image/gif

Redirect headers

date
Tue, 27 Aug 2024 13:10:43 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=b1b3451fb921479b487fac9d7c1c112b019a1c7015286bf3a58ea29a5be871ad6ac34734d8e453ee
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ts
t.paypal.com/ 		42 B
343 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfo&cust=9TG8HQ6LLAJMU&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=6&identifier_used=DFP&e=im&t=1724764243839&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Tue, 27 Aug 2024 13:10:43 GMT
date
Tue, 27 Aug 2024 13:10:43 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
83fe0f64c4d7a
server-timing
"traceparent;desc="00-000000000000000000083fe0f64c4d7a-fa345c7c3c865188-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200051-BUR, cache-yul1970045-YUL
pragma
no-cache
correlation-id
83fe0f64c4d7a
traceparent
00-000000000000000000083fe0f64c4d7a-95ccf915df848416-01
x-timer
S1724764244.846077,VS0,VE111
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
EmGLvcdmmFWXwD-5
imgs.signifyd.com/ Frame DB1E 		302 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/c65r1crseoee6igh.js?pz1rpcgg7n1d4gdz=w2txo5aa&hvlej9rwx4um5c7p=L2VuX0NBLzdlMWRkMTllYTMzYjlkM2ZkMThkMTYyOGM5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
a0e85eecfc2549e54b304a48663a5773cd85b537d08108d8ef0ba37e15bfba76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 27 Aug 2024 13:10:43 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
c78683168951c1f5
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
cF-fIDpiNPoo27OF
imgs.signifyd.com/ Frame DB1E 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/cF-fIDpiNPoo27OF?4bfa43c809979977=mqAjqjI4AIekOsy2E8kK-Nt9SxReLajPYmFMowtO1pRNpExzpHgxso3V-LuXgxEEyQM5YJBP31U2HDHoqlU2Bzys6nQJg1XZBCZ45FDf_IeasRuAFcX7bwFBqxA19YxRKATnmnIb3r3Yty-VTYS9XBNydrgH9VLl9DXrU8QIiHYNrUykgA
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mU0fs1HmRz-kTyjj
imgs.signifyd.com/ Frame DB1E 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/mU0fs1HmRz-kTyjj?ee78f0d09985f232=HyxaWKkzy2sz1HCaoiKS3zUT-F4j9z4h-VaOjHCl16rpPGiizw9jawHPXlmP76QO_tFb053ZgqE8f3OS8VcN5khiFgoD5WaemtiCbRdk6w2OfCMWJU6JMCdLEOERIx7OQdM1jsAx0SP-18iC-rIZG7eZU-8LhL2KyVAzvx9tTB-336o16Q
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
graph
idr.cdnwidget.com/ 		0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2lF80sJ0xe7N0DOoXkRc0sEgtbm&deviceID=2lF3qRZKueri8zNQ89PylnHfLEv&bxdid=2857280596590499844&bxvid=1724764243118072&bxwid=6664&gm=true&apikey=2^HIykD&loadID=Iwk3D5WLZaqqagD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:44 GMT
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
server
istio-envoy
access-control-allow-origin
*
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
clear.png
imgs.signifyd.com/fp/ Frame DB1E 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*, w2txo5aa/c78683168951c1f5l2vux0nblzdlmwrkmtllytmzyjlkm2zkmthkmtyyogm5
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 27 Aug 2024 13:10:44 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Tue, 27 Aug 2024 13:10:44 GMT
Server
Apache
Etag
4a5c48654eaf49ceb88a284083f73063
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Sun, 26 Aug 2029 13:10:44 GMT
jx_hqKA1ujr4QSBx
imgs.signifyd.com/ Frame FD7F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/jx_hqKA1ujr4QSBx?53e81e49a0173a9d=hND21DmZM4V3qWf-AlAGG6sLJCTs4SVbeCK1pq-tue0r_o80Fd7oOQgi4hrl_hLq34yTSCy3JqOSdYm_pZXzPpyqE_Mf5r9rl3CHukCW2WLcYhnDysPi8ppBWOmURV5lqoS7QpWREScR7U9cN0639cbj_1ISuQ0Z4HG5jaexO1yQcpWe_S9_pyHkYv_0NejHivdds42nic1r7kO6MEvGiIB9xL7urA
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Tue, 27 Aug 2024 13:10:44 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
PwuyWhpHEWYqCLlg
imgs.signifyd.com/ Frame DB1E 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/PwuyWhpHEWYqCLlg?c9616b769cb4c5ba=h9hC0sOsBqLZ8RIyuXaRBn2klq8UPwqY2i8VHYV4yyQ1N_wv4c-ylTl-ghTLPBoqZcRqGppxE37O7lrPkSNDy7XTcYHd-ffgR-PdpvdCXEKOE6EczTS83bsEw6stGofXx9JF9zye5-rcMZTxJVCHAcirzeaT5xUYxItSKA&jb=3b34246c7b613764386c393e6d30343b39386d3c31653c6b6b6c693f3935383d3c356b3b6d616c
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
MDcY_n-jg0QgI_UF
imgs.signifyd.com/ Frame DB1E 		134 B
654 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/MDcY_n-jg0QgI_UF?9acc67f8f2260e55=5pZKZQ8IPaSJS5AUIoPv-v7YRbimfzEK4L9_iSrJHR7yNWefeS1CXMZoCjB3Kj35BKY1_HiPA3XE8_IUdWlom4h00v8fP7o6C-gckZ6VAv-f6GoVl2skwA70olbDPNZob6eWATSAjKxhNrXt-j56D9FZNkyusSQ1
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
94b1effc982b81aac817a216cfa9e00499d63e5213fa72bdafa0d85ae736d5a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
eahRUD7Ed5U_EZqO
h.online-metrix.net/ Frame 35AA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/eahRUD7Ed5U_EZqO?56d7db21602a48a6=s4amOqIIonjIe7PwClpCvSQBex3YhfRCYG1-ZnrXDghohZnln9gfNXq2w9oiNbNlf4VJ8VqtBojipe9DJijVB8PqLcUxF7UZTWDDpxF_i6vT_bu-CZtcO8uhJClQjqQg0HDQvWC5HVgnAh1IhOguKyOFrRt7wcStga4K3JALsmKYGfWJcW9BfxgVAW2XUWlSGZL-OEp5LzENFKR5pDl_lpzq9R63dTQ
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Tue, 27 Aug 2024 13:10:44 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
ursFfxA-IwZYLFp2
imgs.signifyd.com/ Frame D538 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ursFfxA-IwZYLFp2?d0edcdf3f9699d3d=F9CCxUNKoUam4cdkaCImpdp8NHacwAep1UPAwAwgtBZS2lI2bKmr7KMxWjh01dddEtnmXyq3YDr6GK-rqKuEqFSrgwUPc3TZZMpUCgh9fpHhhxXrITeYO86ckjZbamrIqeYGMytzcem7pIGW2uLm-07ZDTQnEPJ4fMxPN6MdU6GY_zRiWVhE4rO7K3Zpb3FyAlyffhXL-zn3A9XVy5KrBi3dAibTC5Q
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Tue, 27 Aug 2024 13:10:44 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
VjQ8iz6vynkmqSbF
h64.online-metrix.net/ Frame DB1E 		0
399 B 		Script
General
Check archive.org
Download Go to
Full URL
https://h64.online-metrix.net/VjQ8iz6vynkmqSbF?ab4ea702aabb8f59=d52Fnphscf0aMbmPqZEm-0sfKae4gzQOgDRrTTANpTQnLUPWGBJvUaaxiKrGhTSTWjP0O1G3yuiU_mE4RhkjDEhMJS4WPbm0neSYcTWLa6j4MLd9TuK7KqyfvdjM_RZA-5LuuHspzwT8lr5MpOtZZJVOsuiui_XqFp7p9mZSZnM
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:45 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
PwuyWhpHEWYqCLlg
imgs.signifyd.com/ Frame DB1E 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/PwuyWhpHEWYqCLlg?c9616b769cb4c5ba=h9hC0sOsBqLZ8RIyuXaRBn2klq8UPwqY2i8VHYV4yyQ1N_wv4c-ylTl-ghTLPBoqZcRqGppxE37O7lrPkSNDy7XTcYHd-ffgR-PdpvdCXEKOE6EczTS83bsEw6stGofXx9JF9zye5-rcMZTxJVCHAcirzeaT5xUYxItSKA&ja=3a323a362e26693f253e38382e783f3c38266e353936383a703b3a3a38246b6c35313e3a3878393a3a322e73707b3f3139323a7a393b32382e667278353124393e3038263938383a24333c3a382c3938383024393c32382c3930323024313c323826313a30372e3b3932382439313a3a2e677c373a356c3f39643b3b3c396d3e68643a30316034366a64393a3f6830696e31613e2e6d66353a267b696c373a3e2e6e623760747c7a7b253b492f304e253a4475777f2e6f6e6e696f7b656776636b73266b676d2d384e6f66554b432f384e65646c2563677b67677c696b2f6172616d636c6966732e786e3f3f2e7060356d3838386c6c693f3d373b333b663c6f6a65303133316d623c633b393a393a662e6268356c36676f3b666a3a30303a323f6b3d396e63323f6a353c6931303b6e686431342e68716f354c636c7d7226627b603f49607267656d253a3a3938302c6271657f354c61647d782e6279607d3d4b6a706f65652c6c60693d393e246c6e653d302e666d7c7a353a2e7e7266374b65657a636b612d3a4c54696e6b6d77766d722c6f697e687a3536323a3b64396b3a626d6938386d3c6b613f3c383030386964393d3f3638316e66363530383b36396e366d6963303e6c63313c69666a6e3f383b3b3b33333c69266c7835687c7c7a712d33492730462d324c757f7d2e6d646461657b6d6d7c61637b246b65652f3a446f645743492f3a466d646c2f6b6f7b6f6774616327617a636d6166636e792e70357864756f6366556e666971622f3d456e6b64736d297a6e7d67616c5d77616e6e6d7f795f656d666b6b5770646971657a2f3d4f6e6b64716f2b786c7d6d616e57696e6d6a655763617267626b762d3f456e696e716f2970647d6f696655797f6169637663676d253d4f6e61647b6f23786c7d656b6e5773626d6b6177697e67273f4d6669647b65297a647f6f63665d786f696c786669796d7a2f374d66696e7165297066776f636e577e6e6155786c69716d722d3f4d6c69667b672b7a64756f63665f6c6d7c6364767a2737456e6166716d2b70647d656b6457737e6f5776616f7f6f7a2f3d476c6b64736d2b786c7d6f636c576a697463253d456c636479652e6f6e5d6935776d6a6f6c5f6f6a4d442f3a323b2438253a3a204f786d644544253a3247532d323a30263a253a38416a78676d617d65295f6f6a4d442f3a324d465b4c2d3838455b2d3832392e38273030204f7a67664d4c2d3a3247592d32384f4453442f3a3a4d592d303a3b26302d383843607a656f6175652b55656a4b63765f6f62436176273838576d6a4f4c49444f464d55616c797e696e6b6f6c5f697a786371732d3140253a304f5a5c5562646d6c66556569666569782d394a2f3a3a4d5a5e556b6c617a576367667e70676c2d3140253a304f5a5c556367646d70556a756e6e6d72576269666e556e6e656b7c253b482d32384d525657646d72766857636663657a253b4a27303a4d585c576e6c676b7c556a666d6c6e2f3b422d383845505c55647a616f5d6665787462273b48253a38475a5e577067647167676457656e6c7b677e556b6c696778253b4a2f30384550565d7360616e677a55746d707677786d5f64676c253b482d38384f5056557e6d787c7f7a65576b656f78726d717169676e5560787e632d3b4027383845505c57746d727c7f7a6f5761656778726d797b69676655706f746b2731422d323a47505e5f7c6d7a767f7a65576e616c7c6f7a5569646171657e7a6f78636b253b4a2f30384550565d746d787e777a6f5f65617070657a5f6b64696d78557c65576f6c656f2f3b422d383845505c55715a474a2731422d323a4d4d595f6d64676f6f6674576166646d72577f61647c2739482d3238454d53576e686d57726d6c66657a5f676b786761782d31402f3a30474d5b5f7b7e69646c6b7a66556e6d72617c6974617e6f712d334a2730304745595d7c6f787c7d7067556e6c67697c253b482d3838454d51557e6d787c7f7a65576e666d6974576e6b6e6d6178273b48253a384d475957746d707c757a6f576269666e5d6c6667617c2f3b422d3a3a4d4d53577667787c757867576261646e5d646667617c576469666f69782d394a27383a47455b557e657a7c6f7a57617a706379576f68686d69742d3b40273838574d4a4f4c57696766677857607f6c6e657a556e6c67697e273b422d3032574d424d4e57696f65787067797b656c577c65707e7d786d5569717e692d334a2f3a305f4d4845445f6b6d6f707a6579716d6e5f7c6d7a767f7a65576d7c632d394a2f3a3a5f47484d445f6b6565707a6d79716d64577667787c757867576f746b392731482d32385f4d424f465769676778706f797b656c557c65707c7f706d5f7b3176632d3348273a3a574d4a454e556b6f65787a657b796d6e577e6d7a7e7f7a6557793b746b5779706f622d3140253a305d474a4d4c576c67607f6f5f7a6d66646d786d7857636664652f3b422d3838574d4a4d4e57646d607767577362636c6f727b2d31402f3a305f4d4a4744556c6f787e605d7e6f70747d786d253b4a2f3038574d40454c576478637f55627d6e6467787b253b4a2d32385d4d484f46576e65796d5f6b6566746d707e273b422d3032574d424d4e576775647c6b5d6e7a617f2d3b422d38385d4d484f4e557a676c716d676e576565666d313e24656c5768373a3e6c336b303663323f316a3c3065696e303e3e3369663e6b3f623d693e30306a32636c353d3334267f67667435436e7c6d6e27383849666b26267f6d6478354366766f662d3238437a697b2d383247706d6c454c2d323a47666d69666d2461696c3d393e2e6764625762356c6e323a3a69313c3b39623c3133613d306c6635636a646b366d69616d3933663c6d376e3f3f3069&jb=393136266471374f67706964646327384e3526382d323822503b392f3b402f38384c61647d782d3a3a7a3036573436292d323a43787a6c6d5f67604161742d3a4e353b3d26393e2f3a322241405445462d324b2d383264696367273238476f616365292d3a3241627a6f656d2d324e3b3a32263a2632243a2d3238596966697a63273a463d31352e3b36
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 27 Aug 2024 13:10:44 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
Content-Type
text/javascript;charset=UTF-8
BLa0W7FzvMAHuusA
w2txo5aawiqcbtxs7dl6k2hf2rugz5yw5a4cd5b7c78683168951c1f5sac.d.aa.online-metrix.net/ Frame DB1E 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aawiqcbtxs7dl6k2hf2rugz5yw5a4cd5b7c78683168951c1f5sac.d.aa.online-metrix.net/BLa0W7FzvMAHuusA?8dcf2644fcebd039=QAy8BBIMBgYORYrFycCrWHpI8N4pkH1wm5Ud6wB_RM0YbmmFnfK3O8us8ircyZBTIG4BCfse0MnNo-Gmb1pYUbhEefeYtpMtRgvodXflgkeypFp81EsCPzNdkuUsZfUiaK5Y4olx-tTSeOZStweklWeQ7GYnAV9qVcCPKGxIx6Fqh3g
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:45 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
id_sync
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2lF3qRZKueri8zNQ89PylnHfLEv&source=web&agent=cjs&deviceid=2857280596590499844&visitid=1724764243118072&websiteid=6664&pageviewid=1&sequenceid=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:44 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
J2Vw8NWpjaVdDF74
imgs.signifyd.com/ Frame DB1E 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/J2Vw8NWpjaVdDF74?f8b46d9c8c2416c8=VNi7KKKLwlFen8RXdWKT3J02UqJFtMGO-SaEmL9bmEgzVzVfIBl5_2GnmhqqsAFkEkVlrjl7PmSiQWGI_DUCtVPdu0Vd88QUTtA_8zPRJZChL-aM9t0Kjp05pmH_C8f6ZWZw0aCFLa5mz2GArQpayve4esKgw59lAIDkypFLb9OrUcgBNmp7mGI54kNbzcvNuTZph3YHbH4ePErFpTJHKxBK96iZfA&jac=1&je=3036242665656e6a3522332d3a41332f3a433b2d3a436a3a6b32306b38376f3b38363b3d3e34316d3f363c316b6067656c376e366d6934313b6363323a356d693d376c3b3a3d6e3c3c663c393a65303d6962386c6e3721
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 27 Aug 2024 13:10:44 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
Content-Type
text/javascript;charset=UTF-8
cs_JJv48LTNAEANU
imgs.signifyd.com/ Frame DB1E 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/cs_JJv48LTNAEANU?b7402a350418e836=TBeDsbbiL5nf3qfKdIaf6oWcAVmhG9WvP9DW1mYMYtyeW_v7Ud-DvBa-BWiVVvz62lPWB7j0yrVxpvdv5aGlegJzrvVTSwM2Yi1KCuC0S-yZKtXbTkVIaU3B_2BF6siEXSNvG0ioHz-77qAnd2Qw-kwipEsf9FntNLN_CbkQB7xBn4-N4g828cMEM2Mm8gjJE2WYNrUESUbagMzExAQIxmeHImC4bA&jf=3c3334267b696e5d7a6464357c6670554335706a4066525b7e504f4f724f38682e73616e5764697c6f3f39373a3635363c323e362e79696c57767b7a6d3d7f6d6a3a6d696c79692c7b6b6e55636571373b303d3139323933383432373a6132343c32636d3b6632383831383e38383a6b303c3c326b67396e3833383b3837383b3e303830383633656d396f61396e333f3b3561383035383e3a663a3f3a3b69323c613b6b6b38696938393b3a396138663d6732616e303964386964383966306f3133693e3a65306b6b393c6b3e306f69313530686d3638303d326a63696332323c3233353b6e36696e35613b3f323b3e6a333b6f69383c3331663d6831623e3f30643d3869672e7361665d7361673731383e35383a30323e6b66383931616b3f6933396c3a3a3d3f6b3938383c356c6c386730656d3a36323c303a3a6a39383e6c3a3b3f3e326b383a313b3b386e3e3b6b376f3d3b626e3a3a3239383a643134393033366c393b663a3b633f693664323f656c393b356a6e3169316e31306b6e31653d3d31613b3c393a3b633b6364376e6168366e3f333169663b3e6a267b616e72353a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=98
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
PwuyWhpHEWYqCLlg
imgs.signifyd.com/ Frame DB1E 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/PwuyWhpHEWYqCLlg?c9616b769cb4c5ba=h9hC0sOsBqLZ8RIyuXaRBn2klq8UPwqY2i8VHYV4yyQ1N_wv4c-ylTl-ghTLPBoqZcRqGppxE37O7lrPkSNDy7XTcYHd-ffgR-PdpvdCXEKOE6EczTS83bsEw6stGofXx9JF9zye5-rcMZTxJVCHAcirzeaT5xUYxItSKA&jac=1&je=3d3033262e70673f6665266a6976717e35253f4a2d323a666d7c6d662d30382f3b41392438302d3a49273a327b7663747d732f303a2f33492d30306960617a6f616e6f2f3a382d3d4c246b7f6c68356969376a316f346d363033616369633c643a6b376b393b30333b363b3c3e623d693b3b3f333e603e6e30646c3e30363838393a6e653c6432336e636e3a3c3f392e6d7a31376b313b6b3c65383f316f303b6c323d3d6e336e6e6a306c30323569393036366130626f613b69336a2e77636235253f4a2d323a6b7a6960637c67697e7d726d2f3a322d3b4b273a322d3030253a432f303a68697c666771792d323a2d3b412d383a2f3a382d30492f3a326a78696e6c7b2f303a253b4327354a253f462d38432d3a30647f646c5e6d7a736165664661797c2738382d33492f3d422d3d4e273a432d30306d6762636e6d2f323a2d31436c696c7b6d2d324b2f3a3865656c67662f3a322d3949253a3a2f303a253a4127323a7066637c6c6f7a652730382d33492d3a322d383a2f3a492d30387a64617c6c6772655e6f707b69676c27323a2539432d38322d3a3027384b253a3a7f6f7f3c3c2f3a382d314b6c696c7b6f2d374c2e7f63643d2d3540253a3268706964647b2d30302f3b412d3d4a253d4e2d384b2f3a3067656a69646f2d323a2d39436e61647167253a432f303a7a6c697c646d7865253a3a2d33492f3a382d383a273d4e2e73606e356f786d64
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:45 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
sgtm.elfcosmetics.com/g/ 		865 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48q0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=1770142216.1724764240&ecid=2109739991&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=568894914.1724764237&sst.etld=google.ca&sst.adr=1&sst.ude=0&sid=1724764240&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=4&tfd=18485&richsstsse
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
574f9fd76232573b85b7f541d12a8321cd7446d1a62e3e5f3af03d7eaa350ded
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 27 Aug 2024 13:10:45 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
PwuyWhpHEWYqCLlg
imgs.signifyd.com/ Frame DB1E 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/PwuyWhpHEWYqCLlg?c9616b769cb4c5ba=h9hC0sOsBqLZ8RIyuXaRBn2klq8UPwqY2i8VHYV4yyQ1N_wv4c-ylTl-ghTLPBoqZcRqGppxE37O7lrPkSNDy7XTcYHd-ffgR-PdpvdCXEKOE6EczTS83bsEw6stGofXx9JF9zye5-rcMZTxJVCHAcirzeaT5xUYxItSKA&jac=1&je=3f3a24267f69633f393d322639352c3a26372439382e3924393326383c332c7d6d69353b3e3726393b362632383b2c3138332c75613c3d6e6c60643039643b3f32626a6f38303830393530393230326c39
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EmGLvcdmmFWXwD-5?0514ffac4f953aa3=IYNhsDAgPvqD8QTFn-cJyQA4J1fuZ6up63_8BzZORSg_NYfLJdgi1kmggHiAG_PqKi5BhSgbzZPVi7Rh5vcBNWRqsXOk1z39Eqv0gI-b-IfeHoth_Dw-opENDBnP1o34jmazxpk53SXZPMqRFE15hhjw9ybiRT94N3ZvoqdWIeW0r28wrVDDY2DFe7PNN_FSEqK8lSIhLmDOlVnpcIV6Ob6OSsE&jb=3d32242662736577354669667d7a24607b6f3544616e7d722e607b687d3f49627a6f656f2e6a7b6a37416072676f67253a303b3030
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Aug 2024 13:10:45 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=96
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/698270988/?tag_exp=0&random=2027402367&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1...
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?tag_exp=0&random=1328709541&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&...
  • https://www.google.com/pagead/1p-conversion/698270988/?tag_exp=0&random=1328709541&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1v912564...
  • https://www.google.ca/pagead/1p-conversion/698270988/?tag_exp=0&random=1328709541&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1v9125640...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/698270988/?tag_exp=0&random=1328709541&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1729937063.1724764237&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIq9m_wZ-ViAMVUwqICR36exvPMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw&is_vtc=1&cid=CAQSKQDpaXnfAzIGn4YWh-lZQ-bBtQa9-FyR3cfBpb2AzH-yb9E1s5LUvJgi&eitems=ChEI8PK1tgYQhNLQioLhq-uTARIdAPzyqG34RAOwPV5t0yx84ojDHv9NCmVoeFp0az4&random=557598468&ipr=y
Protocol
H3
Server
142.251.40.227 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:45 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:45 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.ca/pagead/1p-conversion/698270988/?tag_exp=0&random=1328709541&fst=1724764245605&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48m1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1729937063.1724764237&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIq9m_wZ-ViAMVUwqICR36exvPMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw&is_vtc=1&cid=CAQSKQDpaXnfAzIGn4YWh-lZQ-bBtQa9-FyR3cfBpb2AzH-yb9E1s5LUvJgi&eitems=ChEI8PK1tgYQhNLQioLhq-uTARIdAPzyqG34RAOwPV5t0yx84ojDHv9NCmVoeFp0az4&random=557598468&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		92 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 15:59:36 GMT
ad-auction-allowed
true
age
421867
x-guploader-uploadid
AHxI1nNAlG9T0JMdl2k1rdtyP0jQf4evSwaGNAbWyJJIjFPAA4FEC2OsvAawcQbKj3w9X6E8L5pVgf6cJg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
93895
last-modified
Mon, 08 Apr 2024 16:27:35 GMT
server
UploadServer
etag
"6aa18944a3ad2c224d37dafb46afa35f"
x-goog-generation
1712593655184176
x-goog-hash
crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
93895
accept-ranges
bytes
content-type
image/jpeg
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 04:11:38 GMT
ad-auction-allowed
true
age
291545
x-guploader-uploadid
AHxI1nOq4z9yJbrbg-sShBavRaTJTygxnFLPMeuljHouUYKvqCuu3bOxOVMNEEKm9yztvPWMclI
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
events
c.contentsquare.net/v2/ 		0
319 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.contentsquare.net/v2/events?uu=94199b51-d241-a4f6-85e8-43276b6cfa10&sn=1&hd=1724764241&v=15.9.0&pid=1926&pn=1&str=2893&di=8806&dc=10412&fl=10452&sr=18&mdh=6759&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.232.13.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-13-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:48 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
recording
k-aeu1.contentsquare.net/v2/ 		0
200 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&rst=1724764241857&let=1724764246787&v=15.9.0&pid=1926&pn=1&sn=1&uu=94199b51-d241-a4f6-85e8-43276b6cfa10&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.14.246 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 27 Aug 2024 13:10:48 GMT
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
widget.js
js.jebbit.com/companion/v1/ 		44 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:9a00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
caab06b6d9e22bd3f5e606d7c52d61833bb08498c02ef96bb2155852c391249c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Ni7Av1nwUFjdEeEmV3bxRPsr0NJvxctr
date
Tue, 27 Aug 2024 01:28:03 GMT
via
1.1 1d45cc40d1dd29d2b3aaefb9f85bceee.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jul 2024 20:26:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
age
42157
x-amz-server-side-encryption
AES256
etag
"abd610d978a61075b07e166fe2d53c26"
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45338
x-amz-cf-id
aF9XDBVywtwDtCdGLGAvkK3obdow-Yc4dhysuBYyH-VPZ2tMsPyBzw==
i.js
tag.wknd.ai/6664/ 		17 KB
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e6c250a89828b98d6bd8623d692bcece54330fbbbbf8f5eb90a1799eaa016fc0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:39 GMT
content-encoding
gzip
x-envoy-decorator-operation
tag-router.tag-router.svc.cluster.local:80/*
via
1.1 google
age
9
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5691
server
istio-envoy
etag
6ba40c6cb81087
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:b200:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:08:43 GMT
via
1.1 google, 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
JFK50-P1
age
114
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
1BCklS7ket_4PuAECzd0fb9UBUlf6hZXjlIzARlw8e8CFEiJ1jFYsw==
iframe_api
www.youtube.com/ 		993 B
515 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.174 -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
199e8c9a1493fd6960bdc37cac5f96aff4195ef536f270cc9ba375464a6ebdd6
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:48 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script'
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 27 Aug 2024 13:10:48 GMT
events
c.contentsquare.net/v2/ 		0
319 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.contentsquare.net/v2/events?uu=94199b51-d241-a4f6-85e8-43276b6cfa10&sn=1&hd=1724764241&v=15.9.0&pid=1926&pn=1&str=2893&di=8806&dc=10412&fl=10452&sr=18&mdh=6759&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.232.13.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-13-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:48 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
recording
k-aeu1.contentsquare.net/v2/ 		0
201 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&v=15.9.0&pid=1926&pn=1&sn=1&uu=94199b51-d241-a4f6-85e8-43276b6cfa10&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.14.246 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 27 Aug 2024 13:10:48 GMT
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
collect
sgtm.elfcosmetics.com/g/ 		65 B
86 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48q0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=1770142216.1724764240&ecid=2109739991&ul=en-ca&sr=1600x1200&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=568894914.1724764237&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=5&dt=&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&sid=1724764240&sct=1&seg=1&en=page_view&ep.page_type=content&ep.page_environment=production&ep.page_language=EN&ep.vendor_id=facebook&ep.event_id=1724764378773_172476439993843&ep.email=&ep.phone=&_et=8103&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=21766&richsstsse
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:48 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
eligible
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=E4UwNg9ghgJgwlAtgBygSwOYDsDOA1AJgF4AGAMhgwC40cBlAVwCMcBjYNJkYIgMyjA4QFarQAKoAG5oIDHHDkAXCIm58BQkVVZRWACxAAVOkQCMAdgIAWcwDYr1ggA4XZBgEczZIRlVZFAPpoMDhEZDoo6NjBRNYArLbWVt6ywKwgREyyWOkAHmRQGCD+RABWOGSIEDAZ5ADuICxoiiAxtu3J0jjNMRbWdg5WAMympk4klhQg0ukxznGW43EAnLYrJFbLy05WyahF0iB1vd4g7gzFszBEceFgaMWKimiqOIpIyGaWNvbWTnFWUx3B7+KDINCSbjdCBYIjvDBDKYzDIwMiKPRoYAwAKoYCKACeATeEGAhRAARgtCgTDAIGu-EEwkUAC8IEQHOQcBBeIE5mAAGJDdwAJQAWgBpC4cJzMgByAEUnMsxPiwFgABK8AAyAFFJGQ9FAsUFrgQBeMcAApEi5EDmWUkAAiAHkIAANADWwtYJBwOowiiYiCAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:48 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=c1df74b2-7a18-4592-aaca-ff5974ed60c4&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=Ne...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
18.238.80.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-36.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
date
Tue, 27 Aug 2024 06:05:49 GMT
via
1.1 4b70da48eda82f2df6875ba8bf8f89ba.cloudfront.net (CloudFront)
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P5
age
25491
etag
"18b3e43abad26bdac6f4cea944777b62"
x-cache
Hit from cloudfront
content-type
image/gif
accept-ranges
bytes
content-length
807
x-amz-cf-id
wU5-CTRO4SfBnYxL-BgJ14nNTSfOniscg_VMp1WdPOKo-wA-LV8TSQ==

Redirect headers

date
Tue, 27 Aug 2024 13:10:49 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-requestid
abc83253-cc18-4690-bc8e-e7cd898697a2
x-amzn-trace-id
Root=1-66cdd058-014336192ba60b49224cfc07;Parent=5a8241053f7d345f;Sampled=0;lineage=07bbc27a:0
content-type
application/json
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
access-control-allow-origin
*
x-amz-apigw-id
dK197GgyIAMEZhQ=
content-length
2
/
www.facebook.com/tr/ 		0
125 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1724764248587&sw=1600&sh=1200&v=2.9.165&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1724764241772.942062052502332363&ic=gtm&ler=empty&cdl=API_unavailable&it=1724764241164&coo=false&eid=1724764378773_172476439993843&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=10, mss=1297, tbw=6706, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 27 Aug 2024 13:10:48 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
849 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1724764248587&sw=1600&sh=1200&v=2.9.165&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1724764241772.942062052502332363&ic=gtm&ler=empty&cdl=API_unavailable&it=1724764241164&coo=false&eid=1724764378773_172476439993843&tm=1&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Tue, 27 Aug 2024 13:10:48 GMT
document-policy
force-load-at-top
x-fb-server-load
52
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7407806039414329228", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=26, rtx=0, c=10, mss=1297, tbw=6875, tp=-1, tpl=-1, uplat=40, ullat=0
pragma
no-cache
x-fb-debug
f2134x3wGaoqur8EWq1X4JMWHgPIzGu/G5qcuB0Phba42iO4JAWopbT0plZsC3q6wP4bJleuUcl5p6R5nX0u3A==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7407806039414329228"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
rp.gif
alb.reddit.com/ 		42 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1724764248615&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=f9b49ed1c8d09220e5053077afc54eefbc31dd766ff291d68823a9dcbb687714&uuid=5b58d77a-6cf0-49a5-b300-1b3f889ef299&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:48 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
px
secure.adnxs.com/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.75 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:48 GMT
an-x-request-uuid
d681a0ad-ede1-4b89-9f83-7ceb3ebc0d9e
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
167.114.209.103; 167.114.209.103; 673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
generic
match.adsrvr.org/track/cmf/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=93&user_group=1&user_id=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=d8e78d3b-3dd4-45e9-b32c-72210e75f3cc&r=https%3A%2F%2Fmatch.adsrvr.org%2...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
70 B
507 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
Protocol
H2
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:49 GMT
server
Kestrel
content-length
70
content-type
image/gif

Redirect headers

location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
date
Tue, 27 Aug 2024 13:10:47 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
pageview
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&pvt=a&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6761&ww=1600&wh=1200&sw=1600&sh=1200&uu=94199b51-d241-a4f6-85e8-43276b6cfa10&sn=1&hd=1724764248&v=15.9.0&pid=1926&pn=2&r=467325
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.232.13.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-13-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:48 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=285138603;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.102 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:48 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"7422494274658779175"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0x115ee3d8b87ca431","source_keys":["12","13","14","15","16","17","18","19","20","21","18263372","18263373","18263374","18263375","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","634786564","634786565","634786566","634786567"]},{"key_piece":"0x50a279298ca5ab49","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","18263372","18263373","18263374","18263375","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","634786564","634786565","634786566","634786567"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"18263372":34,"18263373":34,"18263374":34,"18263375":3345,"19":65,"20":65,"21":6356,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628613572":32,"628613573":32,"628613574":32,"628613575":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"634786564":32,"634786565":32,"634786566":32,"634786567":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"5305028105457414210","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"7422494274658779175","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"7422494274658779175","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"7422494274658779175","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"7422494274658779175","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=53156791;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.102 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:48 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"15927309776876039291"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0xbd1012ef80cc6620","source_keys":["12","13","14","15","16","17","18","19","20","21","18241288","18241289","18241290","18241291","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","638131352","638131353","638131354","638131355","640975368","640975369","640975370","640975371","902568420","902568421","902568422","902568423"]},{"key_piece":"0xeb70ab5bf57c8882","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","18241288","18241289","18241290","18241291","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","638131352","638131353","638131354","638131355","640975368","640975369","640975370","640975371","902568420","902568421","902568422","902568423"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"18241288":32,"18241289":32,"18241290":32,"18241291":3177,"19":65,"20":65,"21":6356,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628504556":32,"628504557":32,"628504558":32,"628504559":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"638131352":327,"638131353":327,"638131354":327,"638131355":31784,"640975368":218,"640975369":218,"640975370":218,"640975371":21189,"902568420":34,"902568421":34,"902568422":34,"902568423":3345},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"8077283409182914910","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"15927309776876039291","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"15927309776876039291","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"15927309776876039291","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"15927309776876039291","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
ct.pinterest.com/user/ 		35 B
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221724764378773_172476439993843%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPU56WTBNMlZoWVdZdFl6ZGhaUzAwWVRReExXSmpZamd0TlRrME1EQTRNRFk1WmpWaA%22%7D&cb=1724764248862&dep=4%2CTAGS_RECEIVED&stc=true
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 13:10:48 GMT
x-cdn
fastly
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
content-length
35
x-pinterest-rid
1433126897215555
pin-unauth
dWlkPU56WTBNMlZoWVdZdFl6ZGhaUzAwWVRReExXSmpZamd0TlRrME1EQTRNRFk1WmpWaA
pragma
no-cache
referrer-policy
origin
x-pinterest-rid-128bit
d77e60a727725068c6e2e53329e8bda7
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
expires
Sat, 01 Jan 2000 00:00:00 GMT
activityi;dc_pre=CIragsOflYgDFaioWgUdZSwh4g;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
9231397.fls.doubleclick.net/ Frame FDD4
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefi...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CIragsOflYgDFaioWgUdZSwh4g;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CIragsOflYgDFaioWgUdZSwh4g;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=285138603;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.102 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
437
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:48 GMT
expires
Tue, 27 Aug 2024 13:10:48 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:48 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CIragsOflYgDFaioWgUdZSwh4g;src=9231397;type=retarget;cat=globa0;ord=9890299559602;npa=1;auiddc=1729937063.1724764237;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=285138603;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CNn5gsOflYgDFW-0WgUdcAgrmQ;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-c...
10742279.fls.doubleclick.net/ Frame C062
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmeti...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CNn5gsOflYgDFW-0WgUdcAgrmQ;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfc...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CNn5gsOflYgDFW-0WgUdcAgrmQ;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=53156791;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.102 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
375
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:48 GMT
expires
Tue, 27 Aug 2024 13:10:48 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 27 Aug 2024 13:10:48 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CNn5gsOflYgDFW-0WgUdcAgrmQ;src=10742279;type=elf8j0;cat=glo_flap;ord=5682188971084;npa=1;auiddc=1729937063.1724764237;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=53156791;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48q0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
ct.pinterest.com/v3/ 		35 B
685 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221724764378773_172476439993843%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPU56WTBNMlZoWVdZdFl6ZGhaUzAwWVRReExXSmpZamd0TlRrME1EQTRNRFk1WmpWaA%22%7D&cb=1724764248965&dep=4%2CTAGS_RECEIVED&stc=true&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%221b182128%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.192.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 13:10:48 GMT
referrer-policy
origin
x-cdn
fastly
x-pinterest-rid-128bit
fecc6ac223428bd542ca6f3c65d43ecb
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
content-length
35
x-pinterest-rid
4812781456995925
expires
Sat, 01 Jan 2000 00:00:00 GMT
widget.css
js.jebbit.com/companion/v1/ 		15 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:9a00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Dtf.9Q_1CbcuUz2YOVUdf.z9UL2wO11I
date
Tue, 27 Aug 2024 01:28:03 GMT
via
1.1 1d45cc40d1dd29d2b3aaefb9f85bceee.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jul 2024 20:26:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
age
42159
x-amz-server-side-encryption
AES256
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
ru01PsDqugIvzdt9gtsLy0tie0v4CQuxfHdjnWYOkDpI9x8UXh2rAA==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/
Domain
external-api.jebbit.com
URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Domain
www.elfcosmetics.com
URL
blob:https://www.elfcosmetics.com/e47576c7-c43d-4718-8305-4a6dccf82894

Verdicts & Comments Add Verdict or Comment

179 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host function| $ function| jQuery object| Vimeo boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended boolean| VimeoCheckedUrlTimeParam object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ function| _ object| regeneratorRuntime function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive object| DataLayer object| dataLayer function| getDataLayerEvent object| viewedProductIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom object| DYO object| contextManager object| DYJSON object| DYExps object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| OnetrustActiveGroups string| OptanonActiveGroups number| gtmPageLoadId object| _uxa object| otStubData object| DYWork function| $dy object| DYCS function| create_UUID function| createCookie function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer number| j object| Optanon object| OneTrust boolean| otLastAcceptAllValue function| ___rmuid object| ___RMCMPW object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG object| gaGlobal function| redditNormalizeEmail function| UET function| UET_init function| UET_push object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| CS_CONF function| csSetTimeout function| csQueueMicrotask function| csClearTimeout function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| UXAnalytics object| CSCurrentScript object| bouncex object| ueto_015ce930dc object| uetq object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| paypalDDL string| PaypalOffersObject function| ppq object| tagConfig object| webpackChunksmart_tag object| bxgraph function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie object| __post_robot_10_0_44__ object| PAYPAL function| a0_0x3eec function| a0_0x20c7 object| sigScriptLoader object| SIG_SCRIPT_DEBUG function| close_bouncex_ad object| threatmetrix object| cti110221 function| tmx_post_session_params_fixed boolean| tmx_profiling_started function| tmx_run_page_fingerprinting

88 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: twOS8HSG4bc
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 9YjQRntXk0Y
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJDQRIEGgAgPg%3D%3D
.vimeo.com/ Name: vuid
Value: pl1437040733.618285329
.vimeo.com/ Name: __cf_bm
Value: 8ttqnQp5Xb2KNOaYZ2oODuIBQNxJ5Md8Yer04bWwrkQ-1724764234-1.0.1.1-9MPZ1Lleo1gSM_UCcpaPT5mk8cgYXtJc71lxIUI5CHrGoCJa_O29OAgMTl1sSbEb
.vimeo.com/ Name: _cfuvid
Value: VWDRMUBu5Gjhq54D3rC.lN3roBir2kHNJQ1rGSK1JkE-1724764234073-0.0.1.1-604800000
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A8b311da5-0a0a-5bab-bb83-ae75e7f4a6ac%7Ce%3A1724766036070%7Cc%3A1724764236071%7Cl%3A1724764236071
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A99a0a78b-1350-6ada-478f-5b9a0265f8ad%7Ce%3Aundefined%7Cc%3A1724764236076%7Cl%3A1724764236076
.elfcosmetics.com/ Name: _dyjsession
Value: c2f53iqoty8lep3z95xeor3k60v7ml6b
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: c2f53iqoty8lep3z95xeor3k60v7ml6b
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.1729937063.1724764237
.dynamicyield.com/ Name: DYID
Value: 5953758945331761229
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _dyid
Value: 5953758945331761229
.elfcosmetics.com/ Name: _dycst
Value: dk.l.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: US.NA.US_.US__
.elfcosmetics.com/ Name: _dy_df_geo
Value: United%20States..
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _dy_soct
Value: 1724764238!1652212.-1'1654610.0'1750272.-1!c2f53iqoty8lep3z95xeor3k60v7ml6b~1248068.-1
www.elfcosmetics.com/ Name: FPC
Value: c1df74b2-7a18-4592-aaca-ff5974ed60c4
.adnxs.com/ Name: XANDR_PANID
Value: cARBydWUOsdT1y_ZAYQ3teV4YWen3X_n0bddbJdO4XVQU1hxlrC1a_m-aE6SkVGz1vbBAFOHQemmkNQESIVIj2xkZxtjl468NjnmOyV6vEY.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 5422444420055890537
.adsrvr.org/ Name: TDID
Value: d8e78d3b-3dd4-45e9-b32c-72210e75f3cc
www.elfcosmetics.com/ Name: dwsid
Value: 9hufs4MuOW0Jkdg1mwVlSaehVT2rfpF_EOOZlOoDA1EFHcn2ttYoObFDdNfAUIlmrcuF9q544p9R1LQUwWyFcw==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: abmrc2xrtIkukRmugXmaYYlupG
.pointmediatracker.com/ Name: c
Value: 6a122335-53e9-4b3c-bea6-0f62db22f6ba
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2C%yn7Gu4!]tbP6j2F-XstGt!@DqA$wZge
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Tue+Aug+27+2024+06%3A10%3A39+GMT-0700+(Pacific+Daylight+Time)&version=202406.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=fa054419-a979-4e22-aa02-004a6dfc9d92&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
.doubleclick.net/ Name: IDE
Value: AHWqTUmZIqnJB6ZESPXUxp2r0aJ_PI_Fk685VsNNQT6fFBJpK1vns2zEpJjv4P18gzc
.tiktok.com/ Name: _ttp
Value: 2lF80KvxLGTZ2H1lOL291B1yaPk
.rubiconproject.com/ Name: audit_p
Value: 1|fCAXsNGazJMSIbkBJGjtLXGrfk7zlNse1PQzWLSN00A3Sds8s51Nz5bmLMotJJpFjzdmMG+slFCM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLuq8zCUybOOY57uMuKkRepgVObHQ7cttMpu1GMAQwno741tRAbLaDtM2AKTx5PcvAFbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.rubiconproject.com/ Name: khaos
Value: M0CG3GXL-5-A8U9
.rubiconproject.com/ Name: khaos_p
Value: M0CG3GXL-5-A8U9
.rubiconproject.com/ Name: audit
Value: 1|fCAXsNGazJMSIbkBJGjtLXGrfk7zlNse1PQzWLSN00A3Sds8s51Nz5bmLMotJJpFjzdmMG+slFCM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLuq8zCUybOOY57uMuKkRepgVObHQ7cttMpu1GMAQwno741tRAbLaDtM2AKTx5PcvAFbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIYXBwbmV4dXMSCwj6h4jc9aijPRAFEhUKBmdvb2dsZRILCK7g9OT1qKM9EAUSFgoHcnViaWNvbhILCOL_9OT1qKM9EAUSFQoGY2FzYWxlEgsIhOyt6PWooz0QBRgFIAMoATILCPD6xoWMqaM9EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.elfcosmetics.com/ Name: _ga
Value: GA1.1.1770142216.1724764240
.casalemedia.com/ Name: CMID
Value: Zs3QUNHM51AAADd7AlLzrAAA
.casalemedia.com/ Name: CMPS
Value: 1389
.casalemedia.com/ Name: CMPRO
Value: 1389
.elfcosmetics.com/ Name: _ga_5D80LRC85N
Value: GS1.1.1724764240.1.1.1724764240.0.0.2109739991
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1724764240643.5b58d77a-6cf0-49a5-b300-1b3f889ef299
.elfcosmetics.com/ Name: FPID
Value: FPID2.2.BxLmesa6pvY7nb43O32obcbLFZvNpKY%2BVgpi0mg8ExE%3D.1724764240
.elfcosmetics.com/ Name: FPAU
Value: 1.1.1729937063.1724764237
.elfcosmetics.com/ Name: FPGSID
Value: 1.1724764240.1724764240.G-5D80LRC85N.u0IpOuJN9vUd4YjmdBck0w
.doubleclick.net/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1724764240.1.0.1724764240.60.0.0
.linksynergy.com/ Name: rmuid
Value: da2acb3a-f931-4910-9eff-fa28dccca711
.elfcosmetics.com/ Name: _cs_c
Value: 0
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.elfcosmetics.com/ Name: _cs_id
Value: 94199b51-d241-a4f6-85e8-43276b6cfa10.1724764241.1.1724764241.1724764241.1558384338.1758928241609.1
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: t4s3ZTB935pzZEduTPCc54lCJYK
.pinterest.com/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: _uetsid
Value: c3034ae0647511ef9c1bf519e25b6f5f
.elfcosmetics.com/ Name: _uetvid
Value: c3041680647511ef91771f5a621bc508
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1724764241772.942062052502332363
.undertone.com/ Name: UTID
Value: 5b96b9fd170a4afeb8b8c999535e5f03
.undertone.com/ Name: UTID_ENC
Value: 5f79rhuht4n84xz573i35zpxf
.bing.com/ Name: MUID
Value: 3F5FF0D084826AB90FDFE43885546BB2
.bat.bing.com/ Name: MR
Value: 0
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPU56WTBNMlZoWVdZdFl6ZGhaUzAwWVRReExXSmpZamd0TlRrME1EQTRNRFk1WmpWaA
www.elfcosmetics.com/ Name: esw.currency
Value: CAD
www.elfcosmetics.com/ Name: sid
Value: oEqEtrYXFkV9RKG8tJ98sPHwTjieR75XZDY
www.elfcosmetics.com/ Name: _dyid_server
Value: 5953758945331761229
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: true
www.elfcosmetics.com/ Name: esw.location
Value: CA
www.elfcosmetics.com/ Name: currentLocale
Value: en_CA
www.elfcosmetics.com/ Name: esw.sessionid
Value: abmrc2xrtIkukRmugXmaYYlupG
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_CA
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.ct.pinterest.com/ Name: _pinterest_ct_ua
Value: "TWc9PSY5cnQxWHY5RWk1amh1ZDZCUUpMblpURVF0eGtjSEZYQnQ2WmgwZDgxVjF5bzEwOXA4eStNNCtnZllrWmJnTW5Oc1lwWjh1MXFWbUx5Z2tUWVBrUmd6TE5oQk52YzNpdGh3ODJiNlVBRnZiVT0mRjhXczNObmxkcHhLSXRpRW1QTDh2TEFob24wPQ=="
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.1724766042594
.bounceexchange.com/ Name: bounceClientVisit6664c
Value: %7B%22vid%22%3A1724764243118072%2C%22did%22%3A%222857280596590499844%22%7D
www.elfcosmetics.com/ Name: bounceClientVisit6664v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QbFIIDm9QSgooUbevxjUN13SfMQrNuw6cuKAL5AA
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2lF80sJ0xe7N0DOoXkRc0sEgtbm","deviceID":"2lF3qRZKueri8zNQ89PylnHfLEv","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJsRjgwc0oweGU3TjBET29Ya1JjMHNFZ3RibSIsImRldmljZUlEIjoiMmxGM3FSWkt1ZXJpOHpOUTg5UHlsbkhmTEV2IiwiaXYiOiIiLCJ2IjoiIn0%3D
imgs.signifyd.com/ Name: thx_guid
Value: 5f8e96137526646db3930dee5a74c6e8
imgs.signifyd.com/ Name: tmx_guid
Value: AAw6SN_XM0_2t6kn78KBcu1t13euVIJFNVvgPMSrR2jorNEzWk6Sz0YPvlxMb-zcGFRLNVF87BjdQl_FrvgeMVL-hOZakg
.rlcdn.com/ Name: rlas3
Value: 8fktcubAcXx0AwQiOlJZGFQ9XktCadYqkjp95ahg1fo=
.rlcdn.com/ Name: pxrc
Value: CNOgt7YGEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-08-27T13:10:43Z
.elfcosmetics.com/ Name: FPLC
Value: qUQOG%2Bb3piePJSNTHlFf27fTIJJBGodHwntKHTZ3cK50%2BKUKbYvDuOgx6XxIg3U5y33zz9TMAe8hxbFjJJGY2HyeZKu2cNwrhNbUQ9%2FKaAfYZhLCfP%2Fr%2BDCQ3Lc24A%3D%3D
.elfcosmetics.com/ Name: _scid
Value: de72a1df-957f-443a-7b7a-02a28ebe8fe6

10 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 384)
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
javascript error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Access to XMLHttpRequest at 'https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network error URL: https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ad.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.cquotient.com
api.ipify.org
api.retail.adeptmind.ai
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.blisspointmedia.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
cosmeticcrimal.ca
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
k-aeu1.contentsquare.net
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel-config.reddit.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
player.vimeo.com
qoe-1.yottaa.net
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
simage2.pubmatic.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aawiqcbtxs7dl6k2hf2rugz5yw5a4cd5b7c78683168951c1f5sac.d.aa.online-metrix.net
www.elfcosmetics.com
www.facebook.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
x.bidswitch.net
cdn-fsly.yottaa.net
external-api.jebbit.com
www.elfcosmetics.com
104.18.36.155
107.20.26.207
108.138.106.69
108.138.106.81
142.250.64.66
142.250.80.66
142.251.35.164
142.251.40.102
142.251.40.174
142.251.40.227
142.251.40.98
151.101.129.140
151.101.192.84
151.101.64.84
151.101.65.140
151.101.65.21
151.101.66.133
151.101.67.1
157.240.241.1
162.159.128.61
162.159.138.60
172.67.74.152
18.164.116.76
18.232.13.192
18.238.80.36
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:32::181
204.141.88.73
204.141.89.122
204.2.50.126
23.204.17.176
23.206.172.62
2600:141b:1c00:21::1730:e08b
2600:141b:1c00:21::1730:e08f
2600:141b:1c00:23::1730:e04d
2600:141b:1c00:258d::1931
2600:1901:0:56e0::
2600:9000:21dd:5e00:a:b89d:a6c0:93a1
2600:9000:23ca:e800:15:ad21:c740:93a1
2600:9000:23cb:b200:11:85b0:d600:93a1
2600:9000:2511:9a00:a:7914:b00:93a1
2606:4700:4400::6812:266b
2606:4700:4400::ac40:9b77
2606:4700::6812:562a
2607:f8b0:4004:c06::9b
2607:f8b0:4006:81e::200e
2607:f8b0:4006:81f::200e
2607:f8b0:4006:822::2008
2620:1ec:33:1::10
2a03:2880:f112:182:face:b00c:0:25de
2a04:4e42:600::396
2a04:4e42:600::649
34.102.147.248
34.111.8.32
34.120.253.250
34.149.130.207
34.149.239.87
34.149.246.67
34.197.85.244
34.49.124.132
34.98.67.3
34.98.72.95
35.194.25.57
35.211.178.172
35.244.154.8
35.244.178.91
35.71.131.137
54.76.14.246
68.67.160.75
69.173.146.5
8.28.7.83
99.80.198.22
00c37c179efcf89af86ea2d429f0549526f8a0a0a7a9e8b6470757c50a3f4e90
029ac9fc571f530db20e8ce203c404029ceb6f04ba92f29597bf206c7277bdba
062ce8075b1f0923a531feaf3462900bfcb6780ec8cf731a25c73765a4d9589f
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
13806a61e5f705f2c187f8c57d13b7f32fcc96b727bdeea9db57f8dc737d8a2b
13a0263c808264c2ef74e9722a768d55fb4164224e1554bf8d982547c9a57bb0
183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24
1961d18c3e6b963bbb09b850a484e8c10fca2938ffe503e4f693c6e673618f87
199e8c9a1493fd6960bdc37cac5f96aff4195ef536f270cc9ba375464a6ebdd6
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
1ea437427f870a3652f63423f5d3c81b77a0f872b318e4911243134cd8227d65
1f14f0318172a72d0004ccfe871ae3fed5a6675d70390fe062d98bbfa291e074
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
21c421f171575bdba65a4ee518ff7cff95fe92d0cf8a5ced52ff8d1d40f3095e
23ac35020fdab2032bde632a9083fc2249f78d3eee113d283e6440440bb43792
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
333ef29526d75c034c9ca5a45d975eab9ae5c4620c56174118270bd70222643d
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
406df21a316e057fbfc965b5d56b720e7ad95a7da2440f9714f6c764360c5be8
41a4ae32970d1743c55807d0469c2a67af849b97c0c1c80efd2aca8be01a80d8
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed
443e125b9fdcb2380d0a60bf26b2acee7113490edcae3c9c5ca43c7405c24f45
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50377d1d3e7dcb2c8298feb8d2505099df1957e3700a358b993b4cf443fd36e8
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3
574f9fd76232573b85b7f541d12a8321cd7446d1a62e3e5f3af03d7eaa350ded
57fd2b686de9acb957045f0a64d249de4e2878ff82e95c7017acc5d35a4d735e
584494f125ab645a555fa503cb4f7ab48e451713fbe70ab7af56f2e744dd5dfa
5930c52386428cfc5a608b256ce54b1688495c985d54500dce5b7cc18af7d01c
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df
5c41249b07f6d2204e589edfef8d16a1ff0839497e1612465772cb096f078ec4
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
60604eb6ccf99a00d1666b9081d65b4e917ba2b4d295403e2a75887326aa3e15
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
6083ca8345fc7969108b48127c2efc9f1874524c6408c5c2e99e2e51b1298e8d
6515981ad814530ea37bc6838f8d8cc3074eaf22dffef1b8f207959afd0a492b
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69548a6d1c2b225ca8d48f1bb426747c7338c537be7eaad87fba6cd2e6213738
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6f714e5012cf3027f12565c4d480efa2e881de9aaaecc58049eda28ca717baad
76ab827077bc7fb918d9f6cf3b8d01ad6012ebeb21177a602ad35e67fb567919
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
794b9f4fa15362394d9913554121b956f2ee5f5dc368540a8cc761dc9c7668f1
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
7e9110c3a64c056c73f8c293722f625830baaefffd31f71250f21bfd182cacd6
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
851023e8e196d0e90861b94b5fe9bf3d9c4fb03062e3b4cb23e5b3d486a0bbae
8568585bc1376991ed92a1af254d960252acfd61a24aa9ade0999d5afbf64a0d
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
89ee8a62e7f8e07e4c7e8c20c2fc8455ef15d5048c7cd25df9ad044e410b3151
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
9148c84828ef7d35bcb5b561b49d796bd8a421bbdef2e414bf8dfdea116cf6b3
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
94b1effc982b81aac817a216cfa9e00499d63e5213fa72bdafa0d85ae736d5a6
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
971c7f532b7574e788af8699656a455b6b4639deb30c4600bbfcc1b8a299eed5
98ea26191ffc6155103762f2a7205b0b1af5f0e8d4e26cb4b539e581e2e48686
9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552
a0e85eecfc2549e54b304a48663a5773cd85b537d08108d8ef0ba37e15bfba76
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b230f59b5f6080019501e91cfea4a1169a579cb553c184873f7a9148c98283ca
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b8390cf3fa78601363cc38ddff850cfafa2b29fae036f268f7e017a91d08a9e2
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
c054e588dc71a88bdbc0611820b4bfb0604c35f787a4d3952a402469abc1bc04
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caab06b6d9e22bd3f5e606d7c52d61833bb08498c02ef96bb2155852c391249c
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
d1c837b83e593f154428f1615709ad1146a51818f6973ad5ea0d24c2bb619670
d2ba0e8a74340c429355e9260d453136d7b097666415b43f7ffbdce7af607542
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
de0a685865e11857eb59fc72c7bc426af104c0307e099ba7377d4afe6503058d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e479ef02ef57f29c4749eed4b55cb041db228a2da706dd6539427f5bf52e3ee6
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e6c250a89828b98d6bd8623d692bcece54330fbbbbf8f5eb90a1799eaa016fc0
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
ea86093ac024fe290a4b49d511cd38522ef98f6abcefaa4e2f494e4b063d6620
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14
f1daa19942da2a1dfcacafbf393f7ed1b89ab9e6451dbe73af31ee52a8c5af1f
f2baf0a77cdada03b42bda8a43f7e4a5d008974906392aae714783af6c8ce6a0
f2fc4f1cd87c40b0d83ea0542ba613b4337450bbdc0ef30c7f033ac04e4fac70
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55
f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799
f67ee31e6a7b1e019ebb6f300faa0aa0cad7425a6b085e877132aa881ae96c0c
f7e0da0cea4c5b100c7e83638272993d24a54a146647b2bf996fb738ed0cc5f4
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a