www.elfcosmetics.com Open in urlscan Pro
140.174.14.97  Public Scan

18 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://cosmeticcrimal.com/ HTTP 301
   https://www.elfcosmetics.com/elf-cosmetic-criminals Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

• https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
• https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

Request Chain 17

• https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
• https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4

Request Chain 18

• https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p HTTP 302
• https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4

Request Chain 19

• https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p HTTP 302
• https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4

Request Chain 20

• https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p HTTP 302
• https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4

Request Chain 33

• https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=3JaaNXYJe-nBV7emrR52t6A4gs_4cVifRmyoq6ACYHs HTTP 303
• https://www.elfcosmetics.com/callback?usid=1f1660f5-c62b-43d0-a904-6f056c229156&code=wSNpvFVc2C4LMWy1PpPjcRIR8-T87hgx9faOe_JV0kU

Request Chain 37

• https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t2t5l1&tag_exp=0&rnd=2070673177.1726483192&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=0&gtm=45He4990n81WL3STMXv896608294za200&auid=1323409771.1726483192 HTTP 302
• https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t2t5l1&tag_exp=0&rnd=2070673177.1726483192&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=0&gtm=45He4990n81WL3STMXv896608294za200&auid=1323409771.1726483192

Request Chain 61

• https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
• https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2

Request Chain 110

• https://ade.googlesyndication.com/ddm/activity/src=9231397;type=retarget;cat=globa0;ord=4440982282441;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4990v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
• https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CLyIgYyjx4gDFUDKOwId5OoBsg;type=retarget;cat=globa0;ord=4440982282441;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4990v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals

Request Chain 111

• https://ade.googlesyndication.com/ddm/activity/src=10742279;type=elf8j0;cat=glo_flap;ord=8204948584463;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4990v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals HTTP 302
• https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CNmFgYyjx4gDFd3MOwIdqMccoA;type=elf8j0;cat=glo_flap;ord=8204948584463;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4990v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals

205 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request elf-cosmetic-criminals Show response www.elfcosmetics.com/ Redirect Chain https://cosmeticcrimal.com/ https://www.elfcosmetics.com/elf-cosmetic-criminals	1 MB 264 KB	2412ms 2073ms	Document text/html	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash 6fd022ee40840c05a591d92c0ec5d3715cd9299da1f12fd1122723199d3503c6 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers age 0 alt-svc h3=":443"; ma=86400 cache-control public, must-revalidate, s-maxage=900 content-encoding gzip content-length 269104 content-type text/html; charset=utf-8 date Mon, 16 Sep 2024 10:39:49 GMT etag W/"fe332-oPkE1aiUiusXjc1YfMXQKNY5Cio" strict-transport-security max-age=15552000; includeSubDomains vary Accept-Encoding via 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront) x-amz-apigw-id eMamDFtCCYcEd6A= x-amz-cf-id ssRI2tG3nwzF0t__phCHI1YxIV35bw3wFwxeJUT55D-uWsIt6iEM6w== x-amz-cf-pop FRA56-P7 x-amzn-remapped-connection close x-amzn-remapped-content-length 1041202 x-amzn-remapped-date Mon, 16 Sep 2024 10:39:48 GMT x-amzn-requestid bf6806ef-d33d-4ee2-9dff-8306d9cc9693 x-amzn-trace-id Root=1-66e80af3-4ea0648055b1fb276710784b;Parent=20a968d3bd60de88;Sampled=0;lineage=1:2b75b0e9:0 x-cache Miss from cloudfront x-yottaa-metrics 36218cae0e2d/[1970,1918,-] 36D18cae0e61/[-,2022.860] x-yottaa-optimizations ob/1000000100001000 si/36D18cae0e61-1726252499-7857122667 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0 x-yottaa-os 200 Redirect headers age 0 content-length 1198 content-type text/html; charset=utf-8 date Mon, 16 Sep 2024 10:39:46 GMT location https://www.elfcosmetics.com/elf-cosmetic-criminals vary User-Agent x-yottaa-fw fb/100000 tid/658dc369d93140973bd47dff rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c x-yottaa-metrics 26D1cc8d585f/[-,0.298] x-yottaa-optimizations ob/0 si/26D1cc8d585f-1726252497-5656405940 tts/1726483186753 ti/0 ai/658dc369d93140973bd47dff
GET H2	200	PWT_STORY_HEADER_DESKTOP_BG-min cdn.media.amplience.net/i/elfcosmetics/	630 KB 631 KB	354ms 60ms	Image image/jpeg	2606:4700:4400::6812:20dd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:20dd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag t-WLpDMcG,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z x-amp-cf-worker true edge-control max-age=86400 x-req-id miXx5KVBib alt-svc h3=":443"; ma=86400 content-length 644728 x-xss-protection 1; mode=block x-amp-source-height 1249 last-modified Mon, 16 Sep 2024 10:39:49 GMT server cloudflare vary Accept-Encoding x-frame-options DENY content-type image/jpeg access-control-allow-origin * x-amp-source-width 3199 cache-control s-maxage=86400, max-age=1800 accept-ranges bytes cf-ray 8c403c1f48465b9e-FRA x-amp-published Wed, 20 Dec 2023 20:47:39 GMT
GET H2	200	PWT_STORY_HEADER_DESKTOP_CC-min cdn.media.amplience.net/i/elfcosmetics/	205 KB 205 KB	374ms 81ms	Image image/png	2606:4700:4400::6812:20dd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:20dd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag HEFp05FuV,l4p5bDg2e,HwG53bbZp,UyB2-aY-L x-amp-cf-worker true edge-control max-age=86400 x-req-id 4yfN0eF90O alt-svc h3=":443"; ma=86400 content-length 209440 x-xss-protection 1; mode=block x-amp-source-height 340 last-modified Mon, 16 Sep 2024 10:39:49 GMT server cloudflare vary Accept-Encoding x-frame-options DENY content-type image/png access-control-allow-origin * x-amp-source-width 800 cache-control s-maxage=86400, max-age=1800 accept-ranges bytes cf-ray 8c403c1f484a5b9e-FRA x-amp-published Wed, 20 Dec 2023 20:47:39 GMT
GET H2	200	PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min cdn.media.amplience.net/i/elfcosmetics/	2 MB 2 MB	177ms 173ms	Image image/png	2606:4700:4400::6812:20dd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:20dd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag h2RqJF2_H,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L x-amp-cf-worker true edge-control max-age=86400 x-req-id ScOpkSTNZO alt-svc h3=":443"; ma=86400 content-length 2085695 x-xss-protection 1; mode=block x-amp-source-height 1484 last-modified Mon, 16 Sep 2024 10:39:49 GMT server cloudflare vary Accept-Encoding x-frame-options DENY content-type image/png access-control-allow-origin * x-amp-source-width 3080 cache-control s-maxage=86400, max-age=1800 accept-ranges bytes cf-ray 8c403c1fa8775b9e-FRA x-amp-published Wed, 03 Jan 2024 21:02:28 GMT
GET H2	200	PWT_STORY_DETECTIVES_DESKTOP_6-min cdn.media.amplience.net/i/elfcosmetics/	330 KB 331 KB	54ms 51ms	Image image/jpeg	2606:4700:4400::6812:20dd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:20dd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag 16tHdEral,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z x-amp-cf-worker true edge-control max-age=86400 x-req-id 79y-SCyETA alt-svc h3=":443"; ma=86400 content-length 338113 x-xss-protection 1; mode=block x-amp-source-height 1062 last-modified Mon, 16 Sep 2024 10:39:49 GMT server cloudflare vary Accept-Encoding x-frame-options DENY content-type image/jpeg access-control-allow-origin * x-amp-source-width 2806 cache-control s-maxage=86400, max-age=1800 accept-ranges bytes cf-ray 8c403c1fa8785b9e-FRA x-amp-published Wed, 27 Dec 2023 17:21:33 GMT
GET H2	200	PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min cdn.media.amplience.net/i/elfcosmetics/	180 KB 180 KB	136ms 133ms	Image image/jpeg	2606:4700:4400::6812:20dd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:20dd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag AiF_FR1th,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z x-amp-cf-worker true edge-control max-age=86400 x-req-id bsvsIuh4-k alt-svc h3=":443"; ma=86400 content-length 184181 x-xss-protection 1; mode=block x-amp-source-height 1108 last-modified Mon, 16 Sep 2024 10:39:49 GMT server cloudflare vary Accept-Encoding x-frame-options DENY content-type image/jpeg access-control-allow-origin * x-amp-source-width 1952 cache-control s-maxage=86400, max-age=1800 accept-ranges bytes cf-ray 8c403c1fa8795b9e-FRA x-amp-published Fri, 29 Dec 2023 07:51:47 GMT
GET H2	200	PWT_STORY_CRIME_TAPE_DESKTOP_7-min cdn.media.amplience.net/i/elfcosmetics/	614 KB 614 KB	202ms 199ms	Image image/png	2606:4700:4400::6812:20dd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:20dd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag cUMOKR_Tu,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L x-amp-cf-worker true edge-control max-age=86400 x-req-id uYxFLbyN15 alt-svc h3=":443"; ma=86400 content-length 628288 x-xss-protection 1; mode=block x-amp-source-height 525 last-modified Mon, 16 Sep 2024 10:39:49 GMT server cloudflare vary Accept-Encoding x-frame-options DENY content-type image/png access-control-allow-origin * x-amp-source-width 3200 cache-control s-maxage=86400, max-age=1800 accept-ranges bytes cf-ray 8c403c1fa87a5b9e-FRA x-amp-published Thu, 28 Dec 2023 16:15:28 GMT
GET H2	200	jquery-3.7.1.slim.min.js Show response code.jquery.com/	69 KB 24 KB	198ms 22ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.7.1.slim.min.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 1141083 x-cache HIT, HIT content-length 24036 x-served-by cache-lga21942-LGA, cache-fra-etou8220046-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1726483190.866426,VS0,VE0 etag W/"28feccc0-11278" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 10574, 10245
GET H/1.1	200 OK	player.js Show response player.vimeo.com/api/	37 KB 12 KB	319ms 47ms	Script application/javascript	162.159.138.60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://player.vimeo.com/api/player.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 794b9f4fa15362394d9913554121b956f2ee5f5dc368540a8cc761dc9c7668f1 Security Headers Name Value Content-Security-Policy default-src 'none'; style-src 'unsafe-inline' Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-cache-hits 484 Date Mon, 16 Sep 2024 10:39:49 GMT content-security-policy default-src 'none'; style-src 'unsafe-inline' Content-Encoding gzip CF-Cache-Status DYNAMIC via 1.1 varnish Age 723 x-cache HIT Connection keep-alive x-backend-server player-backend-edge-entry Content-Length 11434 x-served-by cache-fra-eddf8230148-FRA x-player-backend g Server cloudflare x-timer S1726483190.974133,VS0,VE0 vary Accept-Encoding Content-Type application/javascript;charset=utf-8 access-control-allow-origin * Cache-Control max-age=1800 x-bapp-server accept-ranges bytes CF-RAY 8c403c214972d262-FRA expires Mon, 16 Sep 2024 06:57:46 GMT
GET H2	200	player_api Show response www.youtube.com/	993 B 2 KB	609ms 332ms	Script text/javascript	2a00:1450:4001:80b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/player_api Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0691afdf8e089210ac1a10eab3e46e1357032ec957e9763a0a91cee5de2f2799 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-security-policy require-trusted-types-for 'script' content-encoding br p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info." cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version server ESF x-frame-options SAMEORIGIN vary Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version content-type text/javascript; charset=utf-8 report-to {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} cache-control private, max-age=0 permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* origin-trial AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 cross-origin-opener-policy-report-only same-origin; report-to="youtube_main" expires Mon, 16 Sep 2024 10:39:49 GMT
GET		/ cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/	0 0
GET H/1.1	200 OK	985935623 player.vimeo.com/video/ Frame D7AE	0 0	526ms 362ms	Document text/html	162.159.128.61 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.159.128.61 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm-gke.vhx.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://* Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers CF-Cache-Status DYNAMIC CF-Ray 8c403c214e9637da-FRA Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 16 Sep 2024 10:39:50 GMT Expires Fri, 15 Dec 1985 19:30:00 GMT Link <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin, <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin Server cloudflare Strict-Transport-Security max-age=31536000; includeSubDomains; preload Transfer-Encoding chunked Vary Accept-Encoding Via 1.1 varnish content-security-policy default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm-gke.vhx.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://* x-backend-server player-backend-edge-entry x-bapp-server player-backend-68f4b6588c-72fkh x-cache MISS x-cache-hits 0 x-content-type-options nosniff x-host player-backend-68f4b6588c-72fkh x-player-backend g x-served-by cache-fra-eddf8230124-FRA x-timer S1726483190.989690,VS0,VE312 x-turnstile-exception 5 x-xss-protection 1; mode=block
GET H2	200	rZPCKoUReO0 www.youtube.com/embed/ Frame 6C5C	0 0	281ms 113ms	Document text/html	2a00:1450:4001:806::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding br content-security-policy require-trusted-types-for 'script' content-type text/html; charset=utf-8 cross-origin-opener-policy-report-only same-origin; report-to="youtube_main" cross-origin-resource-policy cross-origin date Mon, 16 Sep 2024 10:39:50 GMT expires Mon, 01 Jan 1990 00:00:00 GMT origin-trial AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info." permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* pragma no-cache report-to {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} server ESF strict-transport-security max-age=31536000 vary Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-content-type-options nosniff x-xss-protection 0
GET DATA	200 OK	truncated /	37 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	vendor.js Show response cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/	2 MB 627 KB	295ms 44ms	Script application/javascript	151.101.2.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash d1c837b83e593f154428f1615709ad1146a51818f6973ad5ea0d24c2bb619670 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT via 1.1 d72cc6b7011ac53cd6e4d65e0d9f5ac4.cloudfront.net (CloudFront), 1.1 varnish content-encoding gzip x-amz-cf-pop FRA60-P6 age 930725 x-yottaa-optimizations ob/1000 si/36118cae0e1f-1721912044-579652238 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0 x-cache Hit from cloudfront, HIT x-amz-meta-deploy 840429 content-length 641170 x-amz-meta-bundle 11899 x-served-by cache-fra-etou8220123-FRA x-yottaa-forcecache true, true server AmazonS3 x-timer S1726483190.963106,VS0,VE0 vary Accept-Encoding content-type application/javascript; charset=utf8 cache-control public, max-age=31104000 x-yottaa-metrics 36218cae0e39/[40,12,-] 36118cae0e1f/[-,173.578] accept-ranges bytes x-amz-cf-id Osq0BPyajGS7wQJRmUOIrxAnaBp3v8TAa_jqnjsckWF2UmV0uIWK6A== x-cache-hits 2
GET H2	200	main.js Show response cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/	2 MB 507 KB	295ms 44ms	Script application/javascript	151.101.2.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/main.js?yocs=1u_1y_ Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 1961d18c3e6b963bbb09b850a484e8c10fca2938ffe503e4f693c6e673618f87 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT via 1.1 a1c66294cb416b399374a845b97656d2.cloudfront.net (CloudFront), 1.1 varnish content-encoding gzip x-amz-cf-pop PRG50-C1 age 470206 x-yottaa-optimizations ob/1000 si/36118cae0e22-1721912116-1622137507 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0 x-cache Hit from cloudfront, HIT x-amz-meta-deploy 840429 content-length 518958 x-amz-meta-bundle 11899 x-served-by cache-fra-etou8220123-FRA x-yottaa-forcecache true, true server AmazonS3 x-timer S1726483190.963093,VS0,VE0 vary Accept-Encoding content-type application/javascript; charset=utf8 cache-control public, max-age=31104000 x-yottaa-metrics 36218cae0e2f/[243,220,-] 36118cae0e22/[-,337.847] accept-ranges bytes x-amz-cf-id 9Dm88w6BZhWDsY7obPTZZrXwhibZrrODDVK0aolmhiRjwzeQ27kj-A== x-cache-hits 2
GET H2	200	pages-product-list-product-list-page.js Show response cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/	42 KB 12 KB	698ms 447ms	Script application/javascript	151.101.2.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/pages-product-list-product-list-page.js?yocs=1u_1y_ Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 60604eb6ccf99a00d1666b9081d65b4e917ba2b4d295403e2a75887326aa3e15 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT via 1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront), 1.1 varnish content-encoding gzip x-amz-cf-pop FRA60-P6 age 1374045 x-yottaa-optimizations ob/1000 si/36118cae0e26-1721912230-973662663 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0 x-cache Hit from cloudfront, HIT x-amz-meta-deploy 840429 content-length 11984 x-amz-meta-bundle 11899 x-served-by cache-fra-etou8220123-FRA x-yottaa-forcecache true, true server AmazonS3 x-timer S1726483190.963136,VS0,VE1 vary Accept-Encoding content-type application/javascript; charset=utf8 cache-control public, max-age=31104000 x-yottaa-metrics 36218cae0e40/[6,4,-] 36118cae0e26/[-,9.049] accept-ranges bytes x-amz-cf-id 79lQ4CXQ0W7tbPTyEIBFLNzQBq6XttZh-TfAJQ5hXM04do40tfU7xg== x-cache-hits 1
GET H2	206	8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4 cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/ Redirect Chain https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4	1 MB 1 MB	405ms 69ms	Media video/mp4	2a02:26f0:480:1a::5f65:6f9f AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Server 2a02:26f0:480:1a::5f65:6f9f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:50 GMT last-modified Fri, 22 Dec 2023 15:50:27 GMT etag "dd3676819bd88a250c875a11e38c307d" x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type video/mp4 access-control-allow-origin * Content-Range bytes 0-1060947/1060948 x-amp-srv A accept-ranges bytes x-amp-route ak-s1 Content-Length 1060948 Redirect headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status HIT age 14544 x-amp-srv CF edge-cache-tag 1_W_uZnh5,l4p5bDg2e,bgWw7nQ29 x-amp-cf-worker true edge-control max-age=86400 alt-svc h3=":443"; ma=86400 content-length 0 x-xss-protection 1; mode=block server cloudflare vary Accept-Encoding x-frame-options DENY content-type text/html; charset=UTF-8 location https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4 access-control-allow-origin * cache-control s-maxage=86400, max-age=1800 cf-ray 8c403c1fc8965b9e-FRA
GET H2	206	c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4 cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/ Redirect Chain https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4	1 MB 1 MB	634ms 254ms	Media video/mp4	2a02:26f0:480:1a::5f65:6f9f AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Server 2a02:26f0:480:1a::5f65:6f9f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:50 GMT last-modified Fri, 22 Dec 2023 17:43:50 GMT etag "91a2cbc7ca143aac79d0312d84bb77fb" x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type video/mp4 access-control-allow-origin * Content-Range bytes 0-1262366/1262367 x-amp-srv A accept-ranges bytes x-amp-route ak-s1 Content-Length 1262367 Redirect headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status HIT age 14544 x-amp-srv CF edge-cache-tag xSNTyI0cM,l4p5bDg2e,fH6Lo3_5e x-amp-cf-worker true edge-control max-age=86400 alt-svc h3=":443"; ma=86400 content-length 0 x-xss-protection 1; mode=block server cloudflare vary Accept-Encoding x-frame-options DENY content-type text/html; charset=UTF-8 location https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4 access-control-allow-origin * cache-control s-maxage=86400, max-age=1800 cf-ray 8c403c1fc8975b9e-FRA
GET H2	206	4a810c76-f6a5-4629-bf54-46e97b002de7.mp4 cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/ Redirect Chain https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/mp4_720p https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4	952 KB 953 KB	944ms 610ms	Media video/mp4	2a02:26f0:480:1a::5f65:6f9f AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Server 2a02:26f0:480:1a::5f65:6f9f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash a92babe0280635e6b8a8cd8b631230f248bfa16bfb2ae7a7e04d404df5518ccb Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:50 GMT last-modified Fri, 29 Dec 2023 07:23:44 GMT etag "d7fdef501f28cd925baedd782b4e6464" x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type video/mp4 access-control-allow-origin * Content-Range bytes 0-975135/975136 x-amp-srv A accept-ranges bytes x-amp-route ak-s1 Content-Length 975136 Redirect headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag B0QAsb_Qu,l4p5bDg2e,6oVxns4D8 x-amp-cf-worker true edge-control max-age=86400 alt-svc h3=":443"; ma=86400 content-length 0 x-xss-protection 1; mode=block server cloudflare x-frame-options DENY vary Accept-Encoding content-type text/html; charset=UTF-8 location https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/4a810c76-f6a5-4629-bf54-46e97b002de7.mp4 access-control-allow-origin * cache-control s-maxage=86400, max-age=1800 cf-ray 8c403c1fc8995b9e-FRA
GET H2	206	45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4 cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/ Redirect Chain https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/mp4_720p https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4	850 KB 850 KB	525ms 190ms	Media video/mp4	2a02:26f0:480:1a::5f65:6f9f AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Server 2a02:26f0:480:1a::5f65:6f9f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 7b78b9170d1e1da68dd52e57d79c9e906137b28f87eca1f17b2c350f73d1f3ba Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:50 GMT last-modified Tue, 02 Jan 2024 17:30:06 GMT etag "f6c9e900cbfcff8b9f465043b51061d1" x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type video/mp4 access-control-allow-origin * Content-Range bytes 0-869943/869944 x-amp-srv A accept-ranges bytes x-amp-route ak-s1 Content-Length 869944 Redirect headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag aso55M63T,l4p5bDg2e,tO41Cj3M_ x-amp-cf-worker true edge-control max-age=86400 alt-svc h3=":443"; ma=86400 content-length 0 x-xss-protection 1; mode=block server cloudflare x-frame-options DENY vary Accept-Encoding content-type text/html; charset=UTF-8 location https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/45bed81f-81f2-4eb6-8e15-43b3df7d224d.mp4 access-control-allow-origin * cache-control s-maxage=86400, max-age=1800 cf-ray 8c403c1fc89b5b9e-FRA
GET H2	206	9c45925d-0761-4101-9a41-aec1046b0de8.mp4 cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/ Redirect Chain https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/mp4_720p https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4	865 KB 866 KB	602ms 267ms	Media video/mp4	2a02:26f0:480:1a::5f65:6f9f AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Server 2a02:26f0:480:1a::5f65:6f9f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash ea7c1612005824699aa4574b764875370605733abc4d06f0650d309772423239 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:50 GMT last-modified Tue, 02 Jan 2024 17:20:49 GMT etag "78a50c5b4ac482dcd7b7323f59feb0b9" x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type video/mp4 access-control-allow-origin * Content-Range bytes 0-885663/885664 x-amp-srv A accept-ranges bytes x-amp-route ak-s1 Content-Length 885664 Redirect headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag Jx630wWOq,l4p5bDg2e,nvYvyivv1 x-amp-cf-worker true edge-control max-age=86400 alt-svc h3=":443"; ma=86400 content-length 0 x-xss-protection 1; mode=block server cloudflare x-frame-options DENY vary Accept-Encoding content-type text/html; charset=UTF-8 location https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/9c45925d-0761-4101-9a41-aec1046b0de8.mp4 access-control-allow-origin * cache-control s-maxage=86400, max-age=1800 cf-ray 8c403c1fc89c5b9e-FRA
GET DATA	200 OK	truncated /	10 KB 10 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d Request headers Referer Origin https://www.elfcosmetics.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8
GET DATA	200 OK	truncated /	10 KB 10 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac Request headers Referer Origin https://www.elfcosmetics.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff2;charset=utf-8
GET H2	200	PWT_STORY_HEADER_DESKTOP_BG-min cdn.media.amplience.net/i/elfcosmetics/	630 KB 0	3ms 3ms	Image image/jpeg	2606:4700:4400::6812:20dd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:20dd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag t-WLpDMcG,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z x-amp-cf-worker true edge-control max-age=86400 x-req-id miXx5KVBib alt-svc h3=":443"; ma=86400 content-length 644728 x-xss-protection 1; mode=block x-amp-source-height 1249 last-modified Mon, 16 Sep 2024 10:39:49 GMT server cloudflare vary Accept-Encoding x-frame-options DENY content-type image/jpeg access-control-allow-origin * x-amp-source-width 3199 cache-control s-maxage=86400, max-age=1800 accept-ranges bytes cf-ray 8c403c1f48465b9e-FRA x-amp-published Wed, 20 Dec 2023 20:47:39 GMT
GET H2	200	PWT_STORY_HEADER_DESKTOP_CC-min cdn.media.amplience.net/i/elfcosmetics/	205 KB 0	4ms 4ms	Image image/png	2606:4700:4400::6812:20dd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:20dd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:49 GMT x-content-type-options nosniff cf-cache-status MISS x-amp-srv CF edge-cache-tag HEFp05FuV,l4p5bDg2e,HwG53bbZp,UyB2-aY-L x-amp-cf-worker true edge-control max-age=86400 x-req-id 4yfN0eF90O alt-svc h3=":443"; ma=86400 content-length 209440 x-xss-protection 1; mode=block x-amp-source-height 340 last-modified Mon, 16 Sep 2024 10:39:49 GMT server cloudflare vary Accept-Encoding x-frame-options DENY content-type image/png access-control-allow-origin * x-amp-source-width 800 cache-control s-maxage=86400, max-age=1800 accept-ranges bytes cf-ray 8c403c1f484a5b9e-FRA x-amp-published Wed, 20 Dec 2023 20:47:39 GMT
OPTIONS H2	204	ga4 api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ Frame	0 0	440ms 142ms	Preflight	35.194.25.57 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ga4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.194.25.57 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 57.25.194.35.bc.googleusercontent.com Software envoy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.elfcosmetics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers * access-control-allow-methods POST,HEAD,OPTIONS,GET,PATCH,PUT,DELETE access-control-allow-origin https://www.elfcosmetics.com date Mon, 16 Sep 2024 10:39:52 GMT permissions-policy geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() referrer-policy strict-origin server envoy strict-transport-security max-age=15768000 x-content-type-options nosniff x-envoy-upstream-service-time 7 x-frame-options DENY x-xss-protection 1; mode=block
GET H2	200	otSDKStub.js Show response cdn.cookielaw.org/scripttemplates/	21 KB 7 KB	123ms 55ms	Script application/javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/main.js?yocs=1u_1y_ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:51 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 UfYkxNZYUi8O8CsxmalgUg== age 10588 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 6881 x-ms-lease-status unlocked last-modified Thu, 12 Sep 2024 19:28:11 GMT server cloudflare etag 0x8DCD3610A4216D7 vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id ab14641a-f01e-0091-240d-06073b000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c2daabe364d-FRA expires Sun, 15 Sep 2024 07:43:21 GMT
GET H2	200	api_dynamic.js Show response cdn.dynamicyield.com/api/8772046/	518 KB 57 KB	565ms 446ms	Script application/javascript	2600:9000:275d:8400:a:b89d:a6c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.dynamicyield.com/api/8772046/api_dynamic.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:275d:8400:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software DYCDN / Resource Hash cd261d9b9c97c67c0b04b5ddb7702c981a81243d0e01bc89e357afe52834c9c7 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip via 1.1 1332d04637e8e8783a277613082f94d8.cloudfront.net (CloudFront) last-modified Mon, 16 Sep 2024 08:35:22 GMT server DYCDN x-amz-cf-pop FRA56-P11 x-amz-server-side-encryption AES256 etag W/"b493039395986a1eb30ad3b60721c658" vary Accept-Encoding x-cache RefreshHit from cloudfront content-type application/javascript; charset=utf-8 cache-control max-age=30 link <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect" x-amz-cf-id petUeclnVl-wC-CmMSRGteGjvLtoVLIMQC7q5-LMOFUbFjo1RPDUhA==
GET H2	200	api_static.js Show response cdn.dynamicyield.com/api/8772046/	391 KB 116 KB	157ms 42ms	Script application/javascript	2600:9000:275d:8400:a:b89d:a6c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.dynamicyield.com/api/8772046/api_static.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:275d:8400:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software DYCDN / Resource Hash 95170df4ce568ac6a712c027a77f8641b01763595b0f0c82a1101f13cdf4dc8f Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 09:23:38 GMT content-encoding gzip via 1.1 1332d04637e8e8783a277613082f94d8.cloudfront.net (CloudFront) last-modified Mon, 16 Sep 2024 08:35:22 GMT server DYCDN age 4575 x-amz-cf-pop FRA56-P11 etag W/"5baa8e3436d63184d8760927be2263dd" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 cache-control max-age=28800 link <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect" x-amz-cf-id 3gRoolJYCN64RXftLPb8sES1W_qzf3kYp_IRxbZ8ll8iOI9WL3RBpA==
GET H2	200	gtm.js Show response www.googletagmanager.com/	525 KB 137 KB	184ms 69ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 24dddb4690dde683f2ab98243143bb0b4d0ea9ad69e3c3dfcfc6be04f781e592 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 139488 x-xss-protection 0 last-modified Mon, 16 Sep 2024 09:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 16 Sep 2024 10:39:52 GMT
POST H2	200	ga4 Show response api.retail.adeptmind.ai/sp/v1/tenants/elf/event/	105 B 675 B	549ms 535ms	Fetch application/json	35.194.25.57 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ga4 Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/main.js?yocs=1u_1y_ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.194.25.57 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 57.25.194.35.bc.googleusercontent.com Software envoy / Resource Hash 89203170669e32c6f0e31ae828a0271ca29a18d6fe7f0051d4ffc548f8d9a321 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type application/json Response headers date Mon, 16 Sep 2024 10:39:52 GMT strict-transport-security max-age=15768000 referrer-policy strict-origin x-content-type-options nosniff server envoy x-frame-options DENY access-control-allow-methods POST,HEAD,OPTIONS,GET,PATCH,PUT,DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://www.elfcosmetics.com access-control-allow-credentials true permissions-policy geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() x-envoy-upstream-service-time 0 access-control-allow-headers * content-length 105 x-xss-protection 1; mode=block
GET H2	200	/ Show response api.ipify.org/	24 B 156 B	217ms 121ms	XHR application/json	104.26.12.205 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6f68153f638155eb464c6170752aaef22b5774877b3b74c8d7d0d06189247ed1 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT cf-cache-status DYNAMIC server cloudflare vary Origin content-type application/json access-control-allow-origin * cf-ray 8c403c2e1dae929c-FRA content-length 24
GET H2	200	/ Show response api.ipify.org/	24 B 75 B	338ms 110ms	XHR application/json	104.26.12.205 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6f68153f638155eb464c6170752aaef22b5774877b3b74c8d7d0d06189247ed1 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT cf-cache-status DYNAMIC server cloudflare vary Origin content-type application/json access-control-allow-origin * cf-ray 8c403c2eee3e929c-FRA content-length 24
GET H2	200	callback www.elfcosmetics.com/ Redirect Chain https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=... https://www.elfcosmetics.com/callback?usid=1f1660f5-c62b-43d0-a904-6f056c229156&code=wSNpvFVc2C4LMWy1PpPjcRIR8-T87hgx9faOe_JV0kU	0 0	399ms 399ms	Fetch application/json	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/callback?usid=1f1660f5-c62b-43d0-a904-6f056c229156&code=wSNpvFVc2C4LMWy1PpPjcRIR8-T87hgx9faOe_JV0kU Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains Request headers Referer https://www.elfcosmetics.com/elf-cosmetic-criminals User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT strict-transport-security max-age=15552000; includeSubDomains via 1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront) x-amzn-remapped-content-length 0 x-amz-cf-pop FRA56-P7 age 0 x-amzn-remapped-connection close x-amzn-requestid d42f70c7-67c4-4e94-9af4-a245ddea7800 x-yottaa-optimizations ob/1000 si/36D18cae0e61-1726252499-7857122691 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-cache Miss from cloudfront x-amz-apigw-id eMam7EQGCYcEqhQ= content-length 0 alt-svc h3=":443"; ma=86400 x-yottaa-forcecache true x-amzn-trace-id Root=1-66e80af8-7720959f455df4f416f3ab6d;Parent=0f73c0f391066ec4;Sampled=0;lineage=1:2b75b0e9:0 content-type application/json cache-control public, max-age=604800 x-yottaa-os 200 x-yottaa-metrics 36218cae0e3a/[370,367,-] 36D18cae0e61/[-,371.263] x-amzn-remapped-date Mon, 16 Sep 2024 10:39:53 GMT x-amz-cf-id k0kA0rNJAZ63gi39lSMuQk40-OAe8_Puyp25gHt9wQ6wARwNLthyBQ== Redirect headers date Mon, 16 Sep 2024 10:39:52 GMT x-correlation-id 8c403c315d8d5b9e via 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront) cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P7 age 0 x-yottaa-optimizations ob/0 si/36D18cae0e61-1726252499-7857122690 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 content-length 0 pragma no-cache x-ratelimit-1m-remaining 22942, 1955890 x-ratelimit-1m-reset 7400, 7400 x-ratelimit-1m-limit 24000, 2000000 vary Accept-Encoding location https://www.elfcosmetics.com/callback?usid=1f1660f5-c62b-43d0-a904-6f056c229156&code=wSNpvFVc2C4LMWy1PpPjcRIR8-T87hgx9faOe_JV0kU cache-control no-store x-yottaa-os 303 x-proxy-request-url https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=3JaaNXYJe-nBV7emrR52t6A4gs_4cVifRmyoq6ACYHs x-yottaa-metrics 36218cae0e39/[169,166,-] 36D18cae0e61/[-,169.452] cf-ray 8c403c315d8d5b9e-FRA x-amz-cf-id GRNB7gHxqEV7rdcLT9YpA33oqb8s9TzPtmilyyB3wLkWda1rqZP1jQ==
POST H2	201	/ Show response sdk.iad-05.braze.com/api/v3/data/	709 B 697 B	320ms 318ms	XHR application/json	2606:4700:4400::ac40:9595 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.iad-05.braze.com/api/v3/data/ Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e6e6a69df5b9c854a6c2af57cb8d59cd86f916df013592bff518106489a86175 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers X-Braze-Api-Key 609afcb2-1dc3-41ef-a771-0a9aaf10bf57 X-Braze-TriggersRequest true X-Braze-DataRequest true User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-type application/json X-Braze-Last-Req-Ms-Ago 7200000 Referer https://www.elfcosmetics.com/ X-Requested-With XMLHttpRequest X-Braze-Req-Attempt 1 Response headers date Mon, 16 Sep 2024 10:39:52 GMT content-encoding gzip cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains x-request-id e3c46306-1f07-45db-9fbc-35805ec00c43 x-runtime 0.178470 server cloudflare etag W/"e6e6a69df5b9c854a6c2af57cb8d59cd" vary Origin,Accept-Encoding access-control-allow-methods POST, GET content-type application/json access-control-allow-origin * access-control-expose-headers cache-control max-age=0, private, must-revalidate x-ratelimit-reset 1726483194 access-control-max-age 7200 x-ratelimit-limit 500.0 cf-ray 8c403c305ad33683-FRA x-ratelimit-remaining 495.0
OPTIONS H2	200	/ sdk.iad-05.braze.com/api/v3/data/ Frame	0 0	212ms 151ms	Preflight	2606:4700:4400::ac40:9595 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.iad-05.braze.com/api/v3/data/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept */* Access-Control-Request-Headers content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with Access-Control-Request-Method POST Origin https://www.elfcosmetics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with access-control-allow-methods POST, GET access-control-allow-origin * access-control-expose-headers access-control-max-age 7200 cf-cache-status DYNAMIC cf-ray 8c403c2f59193683-FRA content-encoding gzip date Mon, 16 Sep 2024 10:39:52 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding
GET H2	200	6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json Show response cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/	6 KB 2 KB	355ms 315ms	XHR application/x-javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:52 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 46153 content-md5 aY7kJA0jlzEL9QWHODNZDw== content-length 1832 x-ms-lease-status unlocked last-modified Tue, 16 Jul 2024 20:25:14 GMT server cloudflare etag 0x8DCA5D566A7B63C vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 1f48b12c-701e-004c-14be-d75495000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c2f6fd54d31-FRA expires Tue, 17 Sep 2024 10:39:52 GMT
GET H3	200	landing googleads.g.doubleclick.net/pagead/ Redirect Chain https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t2t5l1&tag_exp=0&rnd=2070673177.1726483192&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=0&gtm=4... https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t2t5l1&tag_exp=0&rnd=2070673177.1726483192&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=...	42 B 65 B	88ms 34ms	Ping image/gif	2a00:1450:4001:829::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t2t5l1&tag_exp=0&rnd=2070673177.1726483192&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=0&gtm=45He4990n81WL3STMXv896608294za200&auid=1323409771.1726483192 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Server 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:52 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Mon, 16 Sep 2024 10:39:52 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" location https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t2t5l1&tag_exp=0&rnd=2070673177.1726483192&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dma_cps=syphamo&dma=1&npa=0&gtm=45He4990n81WL3STMXv896608294za200&auid=1323409771.1726483192 cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	a www.googletagmanager.com/	0 49 B	32ms 30ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=gtm.init_consent&eid=-1&u=AAAAAIAAAAAAAACA&ut=AAAI&h=Ag&tr=1cvt&ti=2cvt&z=0 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	a www.googletagmanager.com/	0 59 B	30ms 29ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=gtag.config&eid=0&u=AAAAAIAAAAAAAACA&ut=AAAI&h=Ag&tr=1googtag.1googtag.1paused&ti=2googtag.2googtag.2paused&z=0 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	a www.googletagmanager.com/	0 49 B	31ms 30ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=gtm.js&eid=1&u=AAAAAIAAAAAAAACA&ut=AgAI&h=Ag&hf=0770&ht=j770&tr=1gclidw.1paused.1paused.1cl.1lcl.1fsl.1cl.1hl.1cl.1cl.1cl.1cl.1evl.1hl.1hl.1hl.1hl.1hl.1hl.1hl.1fsl.1hl.1hl.1hl.1tg.1hl.1hl.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1hl.1html&ti=1gclidw.2paused.2paused.2cl.2lcl.2fsl.2cl.2hl.2cl.2cl.2cl.2cl.2evl.2hl.2hl.2hl.2hl.2hl.2hl.2hl.2fsl.2hl.2hl.2hl.1tg.2hl.2hl.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1tg.1tg.2hl.1html&z=0 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	a www.googletagmanager.com/	0 49 B	30ms 30ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=8&u=AAAAAIAIAAAAAACI&ut=AgAI&h=Ag&tr=1gaawe.1paused.1tg.1cvt&ti=1gaawe.2paused.1tg.2cvt&z=0 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	a www.googletagmanager.com/	0 49 B	36ms 35ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=gtm.dom&eid=9&u=AAAAAIAIAAAAAACI&ut=AgAI&h=Ag&z=0 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	st Show response st.dynamicyield.com/	159 KB 13 KB	271ms 136ms	Script text/javascript	2600:9000:2250:1c00:15:ad21:c740:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=pukwxd1kily8bkic0xpaxqgkq9ceoop4&ref=&scriptVersion=2.42.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2250:1c00:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 81f2fc21e3fb05df41f6c6120090e84d76675b0dcf9255c604ffd242f931be60 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:52 GMT content-encoding gzip via 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P2 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript; charset=utf-8 access-control-allow-origin * p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS" cache-control no-cache x-amz-cf-id GCctU1PJ6Iga-ISE1rD9UwpTyZqeacUCB9RA7kLBS0Jqu-FUonUv7g== expires Mon, 16 Sep 2024 10:39:51 GMT
GET H2	200	location Show response geolocation.onetrust.com/cookieconsentpub/v1/geo/	59 B 295 B	451ms 66ms	XHR application/json	2606:4700:4400::ac40:9b77 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept application/json Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS content-type application/json access-control-allow-origin * cf-ray 8c403c347b5b925c-FRA access-control-allow-headers Content-Type
POST H2	201	sync Show response sdk.iad-05.braze.com/api/v3/content_cards/	85 B 221 B	201ms 199ms	XHR application/json	2606:4700:4400::ac40:9595 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.iad-05.braze.com/api/v3/content_cards/sync Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 82527b3cde0e72c25ac9f9a59876f3a53ed1e9c90782e220bc09b875b232328e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers X-Braze-Req-Tokens-Remaining 29 X-Braze-Api-Key 609afcb2-1dc3-41ef-a771-0a9aaf10bf57 X-Braze-DataRequest true User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-type application/json X-Braze-Last-Req-Ms-Ago 7200000 BRAZE-SYNC-RETRY-COUNT 0 X-Requested-With XMLHttpRequest Referer https://www.elfcosmetics.com/ X-Braze-Req-Attempt 1 X-Braze-ContentCardsRequest true Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains x-request-id 8990ae49-2b64-42cd-a1cc-d08504c9fe0e x-runtime 0.062054 server cloudflare etag W/"82527b3cde0e72c25ac9f9a59876f3a5" vary Origin,Accept-Encoding access-control-allow-methods POST, GET content-type application/json access-control-allow-origin * access-control-expose-headers cache-control max-age=0, private, must-revalidate x-ratelimit-reset 1726483194 access-control-max-age 7200 x-ratelimit-limit 500.0 cf-ray 8c403c335f773683-FRA x-ratelimit-remaining 495.0
POST H2	201	sync Show response sdk.iad-05.braze.com/api/v3/feature_flags/	20 B 203 B	176ms 173ms	XHR application/json	2606:4700:4400::ac40:9595 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.iad-05.braze.com/api/v3/feature_flags/sync Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers X-Braze-Req-Tokens-Remaining 28 X-Braze-Api-Key 609afcb2-1dc3-41ef-a771-0a9aaf10bf57 X-Braze-DataRequest true User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-type application/json X-Braze-Last-Req-Ms-Ago 7200000 Referer https://www.elfcosmetics.com/ X-Requested-With XMLHttpRequest X-Braze-FeatureFlagsRequest true X-Braze-Req-Attempt 1 Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains x-request-id 20b451c2-24cb-4331-8833-517e58ada75c x-runtime 0.038072 server cloudflare etag W/"e92f434a50c76d6e52d0d3cc91cdf185" vary Origin,Accept-Encoding access-control-allow-methods POST, GET content-type application/json access-control-allow-origin * access-control-expose-headers cache-control max-age=0, private, must-revalidate x-ratelimit-reset 1726483194 access-control-max-age 7200 x-ratelimit-limit 500.0 cf-ray 8c403c335f823683-FRA x-ratelimit-remaining 491.0
OPTIONS H2	200	sync sdk.iad-05.braze.com/api/v3/content_cards/ Frame	0 0	137ms 136ms	Preflight	2606:4700:4400::ac40:9595 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.iad-05.braze.com/api/v3/content_cards/sync Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept */* Access-Control-Request-Headers braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with Access-Control-Request-Method POST Origin https://www.elfcosmetics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-headers braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with access-control-allow-methods POST, GET access-control-allow-origin * access-control-expose-headers access-control-max-age 7200 cf-cache-status DYNAMIC cf-ray 8c403c326e2e3683-FRA content-encoding gzip date Mon, 16 Sep 2024 10:39:52 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding
OPTIONS H2	200	sync sdk.iad-05.braze.com/api/v3/feature_flags/ Frame	0 0	144ms 142ms	Preflight	2606:4700:4400::ac40:9595 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.iad-05.braze.com/api/v3/feature_flags/sync Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept */* Access-Control-Request-Headers content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with Access-Control-Request-Method POST Origin https://www.elfcosmetics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with access-control-allow-methods POST, GET access-control-allow-origin * access-control-expose-headers access-control-max-age 7200 cf-cache-status DYNAMIC cf-ray 8c403c326e333683-FRA content-encoding gzip date Mon, 16 Sep 2024 10:39:52 GMT server cloudflare strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding
GET H2	200	dy-coll-min.js Show response cdn.dynamicyield.com/scripts/2.42.0/	196 KB 65 KB	56ms 55ms	Script text/javascript	2600:9000:275d:8400:a:b89d:a6c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:275d:8400:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software DYCDN / Resource Hash 851023e8e196d0e90861b94b5fe9bf3d9c4fb03062e3b4cb23e5b3d486a0bbae Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 08 Sep 2024 23:45:38 GMT content-encoding gzip via 1.1 1332d04637e8e8783a277613082f94d8.cloudfront.net (CloudFront) last-modified Sun, 01 Sep 2024 09:01:05 GMT server DYCDN age 644055 x-amz-cf-pop FRA56-P11 etag W/"ee44de75017c16457be88357c51e4aea" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript cache-control max-age=31536000 link <//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect" x-amz-cf-id Y1xA7LIJgvirrDt0sCN08YywJQLbP-Mf4Nw07-kndWvSZHjo4qOhUQ==
GET H2	200	otBannerSdk.js Show response cdn.cookielaw.org/scripttemplates/202406.1.0/	451 KB 110 KB	32ms 31ms	Script application/javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 7I5y/rp4ODu7ul89ty+epQ== age 43962 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 112027 x-ms-lease-status unlocked last-modified Tue, 16 Jul 2024 22:20:01 GMT server cloudflare etag 0x8DCA5E56F667161 vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id c05e064f-501e-009c-79cf-d7e837000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c352b88364d-FRA
POST H2	200	token Show response www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/	2 KB 2 KB	221ms 215ms	Fetch application/json	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash 682496543f16777e9b02598c0f0d527b678bfe8c1f062b3e8ea1a2a2c8fdc40c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers c_x-pwa-request true Referer https://www.elfcosmetics.com/elf-cosmetic-criminals Authorization User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip x-correlation-id 8c403c354d32d36c cf-cache-status DYNAMIC via 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains x-amz-cf-pop FRA56-P7 age 0 x-yottaa-optimizations ob/1000 si/36D18cae0e61-1726252499-7857122697 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 pragma no-cache x-ratelimit-1m-remaining 22927, 1955346 x-ratelimit-1m-reset 6749, 6748 vary Accept-Encoding x-ratelimit-1m-limit 24000, 2000000 content-type application/json cache-control no-store x-yottaa-os 200 x-proxy-request-url https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token x-yottaa-metrics 36218cae0e3d/[193,192,-] 36D18cae0e61/[-,194.415] cf-ray 8c403c354d32d36c-FRA x-amz-cf-id 7H5lXnccw6VC3FfcleKsKLh2-xJY5et6RtoPo9pdUL8XwPFw-dQwLA==
POST H2	200	uia Show response async-px.dynamicyield.com/	0 383 B	188ms 119ms	XHR text/plain	13.35.58.129 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://async-px.dynamicyield.com/uia?cnst=1&_=1726483193197 Requested by Host: cdn.dynamicyield.com URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.35.58.129 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-129.fra60.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:53 GMT via 1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10 access-control-allow-methods POST, GET, OPTIONS x-cache Miss from cloudfront access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-headers Content-Type, Authorization, Content-Length, X-Requested-With content-length 0 x-amz-cf-id 2e2VEg6iV_Uh3ClWiwo-4LxjDxbUi68ItomKuRL0y1V-X5em5aViyQ== expires 0
GET H2	200	en.json Show response cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7283-8d20-1f7cc7f672d6/	270 KB 48 KB	55ms 54ms	Fetch application/x-javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7283-8d20-1f7cc7f672d6/en.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1e3e46bfe2e437ec88b337c4893c591c726abfaafe957984466738e317ec5478 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 43920 content-md5 O2WrPsqEzZtXQecUT5GJ8Q== content-length 48426 x-ms-lease-status unlocked last-modified Tue, 16 Jul 2024 20:25:19 GMT server cloudflare etag 0x8DCA5D56988B2D3 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id af27292d-401e-0029-15be-d7e5c8000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c35beba4d31-FRA expires Tue, 17 Sep 2024 10:39:53 GMT
GET H2	200	iab2V2Data.json Show response cdn.cookielaw.org/vendorlist/	588 KB 76 KB	34ms 34ms	Fetch application/x-javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/vendorlist/iab2V2Data.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b73c215958ef3ca5d8cfdf8c0e5fedac098b3c3340f10ca0708bafd197f2d49a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 F0CaNyK20vuQCtaNWH6HKg== age 56109 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 77514 x-ms-lease-status unlocked last-modified Sun, 15 Sep 2024 18:07:30 GMT server cloudflare etag 0x8DCD5B143A74385 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id 59e013bc-001e-00a6-349f-07ab94000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c35bebb4d31-FRA expires Tue, 17 Sep 2024 10:39:53 GMT
GET H2	200	otTCF.js Show response cdn.cookielaw.org/scripttemplates/202406.1.0/	60 KB 17 KB	36ms 36ms	Script application/javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202406.1.0/otTCF.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e40e7b46b99c06e47841ff53e4417b6c887631d383aac28114e4ab83ccddc6f7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 w7rriz6IwW2xtS9bVJshOg== age 7282 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 17104 x-ms-lease-status unlocked last-modified Tue, 16 Jul 2024 22:19:59 GMT server cloudflare etag 0x8DCA5E56E73A9D1 vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id 768119cb-301e-00c3-1294-d81ac9000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c35bc15364d-FRA
GET H2	200	var async-px.dynamicyield.com/	0 0	133ms 119ms	Fetch	13.35.58.129 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://async-px.dynamicyield.com/var?cnst=1&_=499724&uid=6895011267453913848&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=5ed4513c79d98d1cc557b26f2a00cb42&expSes=96737&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-5137504147008103400&cgtgDecisionId=-5137504148433715510&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1726483192249&rri=9349112 Requested by Host: cdn.dynamicyield.com URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.35.58.129 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-129.fra60.r.cloudfront.net Software / Resource Hash Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:53 GMT via 1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10 access-control-allow-methods POST, GET, OPTIONS x-cache Miss from cloudfront access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-headers Content-Type, Authorization, Content-Length, X-Requested-With content-length 0 x-amz-cf-id par-jiKmxbEmLQiNXWwa_i5EKNkR-M5qvpMR5tpDRHcgI8NywGh6QQ== expires 0
GET H2	200	var async-px.dynamicyield.com/	0 0	131ms 117ms	Fetch	13.35.58.129 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://async-px.dynamicyield.com/var?cnst=1&_=209176&uid=6895011267453913848&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=5ed4513c79d98d1cc557b26f2a00cb42&expSes=96737&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-5137504146636992904&cgtgDecisionId=-5137504145902820337&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1726483192250&rri=7804551 Requested by Host: cdn.dynamicyield.com URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.35.58.129 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-129.fra60.r.cloudfront.net Software / Resource Hash Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:53 GMT via 1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10 access-control-allow-methods POST, GET, OPTIONS x-cache Miss from cloudfront access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-headers Content-Type, Authorization, Content-Length, X-Requested-With content-length 0 x-amz-cf-id f86V1Oifbw97fjctXSckGaOYjyUIq5ezgPFcQg6y7S4y25ju-TLaKw== expires 0
GET H2	200	var async-px.dynamicyield.com/	0 0	132ms 118ms	Fetch	13.35.58.129 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://async-px.dynamicyield.com/var?cnst=1&_=143448&uid=6895011267453913848&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=5ed4513c79d98d1cc557b26f2a00cb42&expSes=96737&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-5137504147467537002&cgtgDecisionId=-5137504149151514680&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1726483192250&rri=6953995 Requested by Host: cdn.dynamicyield.com URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.35.58.129 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-129.fra60.r.cloudfront.net Software / Resource Hash Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:53 GMT via 1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10 access-control-allow-methods POST, GET, OPTIONS x-cache Miss from cloudfront access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-headers Content-Type, Authorization, Content-Length, X-Requested-With content-length 0 x-amz-cf-id FiqJi112K0TJJFgu1zCD7qeMgKS_-Kt7noU8onMy162bo7QylBXbTA== expires 0
GET H2	200	var async-px.dynamicyield.com/	0 0	129ms 115ms	Fetch	13.35.58.129 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://async-px.dynamicyield.com/var?cnst=1&_=406858&uid=6895011267453913848&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28207095%5D&ses=5ed4513c79d98d1cc557b26f2a00cb42&expSes=96737&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1232212.1426804.1443347.1182144.799438.799440&expVisitId=-5137504146881555463&cgtgDecisionId=-5137504145769997117&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1726483192251&rri=9867599 Requested by Host: cdn.dynamicyield.com URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.35.58.129 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-129.fra60.r.cloudfront.net Software / Resource Hash Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:53 GMT via 1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10 access-control-allow-methods POST, GET, OPTIONS x-cache Miss from cloudfront access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-headers Content-Type, Authorization, Content-Length, X-Requested-With content-length 0 x-amz-cf-id kGCnM2mH1GWhHnbvaVA9jBliK4WAMdTk_YYWew4YqZgSUIeaQ2813g== expires 0
GET		kpi pixel.pointmediatracker.com/	0 0
GET H2	200	bounce secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2	43 B 1 KB	76ms 72ms	Image image/gif	185.89.210.90 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2 Protocol H2 Server 185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net Software nginx/1.23.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:53 GMT an-x-request-uuid 4155ac0c-8e84-46e6-8928-7ffbe9124038 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type image/gif access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 217.114.215.131; 217.114.215.131; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com content-length 43 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Mon, 16 Sep 2024 10:39:53 GMT an-x-request-uuid 3a34ea0c-d718-49a9-8d35-f39cd71db53a server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 location https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2 cache-control no-store, no-cache, private x-proxy-origin 217.114.215.131; 217.114.215.131; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	/ insight.adsrvr.org/track/pxl/	70 B 149 B	376ms 54ms	Image image/gif	15.197.193.217 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS a12b7a488abeaa9e4.awsglobalaccelerator.com Software Kestrel / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT server Kestrel content-length 70 content-type image/gif
POST H2	200	batch async-px.dynamicyield.com/	0 385 B	177ms 128ms	Ping text/plain	13.35.58.129 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://async-px.dynamicyield.com/batch?cnst=1&_=1726483193319_42779 Requested by Host: cdn.dynamicyield.com URL: https://cdn.dynamicyield.com/scripts/2.42.0/dy-coll-min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.35.58.129 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-35-58-129.fra60.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:53 GMT via 1.1 6af229f397d391cfa25045f944cba714.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P10 access-control-allow-methods POST, GET, OPTIONS x-cache Miss from cloudfront access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-headers Content-Type, Authorization, Content-Length, X-Requested-With content-length 0 x-amz-cf-id nVz6LrEfu-oNAyJZwxVyLHKiSEqbzjU39CgC4G7YyUhxL_cLUdGxGg== expires 0
GET H2	200	favicon.ico www.elfcosmetics.com/	34 KB 34 KB	42ms 42ms	Other image/x-icon	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/favicon.ico Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash 1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a Request headers Referer https://www.elfcosmetics.com/elf-cosmetic-criminals User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT via 1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront) x-amzn-remapped-content-length 34494 x-amz-cf-pop FRA56-P7 age 410 x-amzn-remapped-connection close x-amzn-requestid a1acaecc-d701-488d-b022-11d6ad20c336 x-yottaa-optimizations ob/1 si/36D18cae0e61-1726252499-7857119636 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0 x-cache Hit from cloudfront x-amz-apigw-id eJhUIFdsCYcEK6A= content-length 34494 alt-svc h3=":443"; ma=86400 x-yottaa-forcecache true last-modified Tue, 10 Sep 2024 16:15:20 GMT x-amzn-trace-id Root=1-66e6e280-0340b6505e92937000e21ef5;Parent=0dee65a7ce3c9e36;Sampled=0;lineage=1:2b75b0e9:0 etag W/"86be-191dcb7d1c0" vary Accept-Encoding content-type image/x-icon cache-control max-age=600, s-maxage=600 x-yottaa-os 200 x-yottaa-metrics 36218cae0e43/[25,22,-] 36D18cae0e61/[hit] x-amzn-remapped-date Sun, 15 Sep 2024 13:34:56 GMT x-amz-cf-id 3dIOnd7i5DHOUO7DJTO0Yv2ZzVcVDehZSzNsteWxWq9TM7O0H8NWuQ==
GET H2	200	otFlat.json Show response cdn.cookielaw.org/scripttemplates/202406.1.0/assets/	13 KB 3 KB	32ms 31ms	Fetch application/json	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otFlat.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 sHJXWIgDpMKY35PyRRy4zQ== age 56731 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 3003 x-ms-lease-status unlocked last-modified Tue, 16 Jul 2024 22:19:54 GMT server cloudflare etag 0x8DCA5E56B3084E2 vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id efcd7bdf-201e-0054-7b77-d87900000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c3758ba4d31-FRA
GET H2	200	otPcCenter.json Show response cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/	62 KB 13 KB	34ms 34ms	Fetch application/json	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/otPcCenter.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 LtDYZmcfPNW39lMw/Yu0RQ== age 13667 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 12723 x-ms-lease-status unlocked last-modified Tue, 16 Jul 2024 22:19:56 GMT server cloudflare etag 0x8DCA5E56C7CC8BB vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 125efa87-d01e-00e0-3577-d87502000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c3758bc4d31-FRA
GET H2	200	otCommonStyles.css Show response cdn.cookielaw.org/scripttemplates/202406.1.0/assets/	24 KB 4 KB	35ms 34ms	Fetch text/css	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCommonStyles.css Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding gzip content-md5 HyPJ72TNHxdfOI82cqKVqA== age 56201 x-ms-lease-status unlocked last-modified Tue, 16 Jul 2024 22:20:07 GMT server cloudflare vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id c2721718-001e-00c0-0f77-d819ce000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 cf-ray 8c403c3758be4d31-FRA
GET H3	200	a www.googletagmanager.com/	0 11 B	30ms 29ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=10&u=AgAAAIAIAAAAAACI&ut=AgAI&h=Ag&hf=0374.399.0100.3119.0124.0405.3494.0709.3763&ht=j374.j99.j100.j119.j124.j405.j494.j709.j763&tr=1html.5html.1paused.1paused.1paused.1flc.1flc.1paused.1paused.1paused.1pntr.1img.1cvt.1cvt.1baut.1gaawe.1gaawe.1paused.1gaawe.1gaawe.1gaawe.1gaawe.1gaawe.1gaawe.1paused.1cvt.1gaawe.1paused.1paused.1paused.1sdl.1ytl.1html.5html.1html.5html.1html.5html.1html.5html.1html.5html.1html.5html.1html.5html.1html.5html.1cvt.6paused.6paused.6paused.6paused.6paused.6paused.5gaawe.5gaawe.6paused.5gaawe.5gaawe.5gaawe.5gaawe.5gaawe.5gaawe.6paused.5gaawe.6paused.6paused.6paused.5sdl.5ytl.5cvt&ti=1html.1html.2paused.2paused.2paused.1flc.1flc.2paused.2paused.2paused.2pntr.1img.2cvt.2cvt.2baut.1gaawe.1gaawe.2paused.1gaawe.1gaawe.1gaawe.1gaawe.1gaawe.1gaawe.2paused.2cvt.1gaawe.2paused.2paused.2paused.2sdl.1ytl.1html.1html.1html.1html.1html.1html.1html.1html.1html.1html.1html.1html.1html.1html.1html.1html.2cvt.2paused.2paused.2paused.2paused.2paused.2paused.1gaawe.1gaawe.2paused.1gaawe.1gaawe.1gaawe.1gaawe.1gaawe.1gaawe.2paused.1gaawe.2paused.2paused.2paused.2sdl.1ytl.2cvt&z=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	a www.googletagmanager.com/	0 11 B	30ms 30ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=15&u=AgAAAIAIAAAAAACI&ut=AgAI&h=Ag&z=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	a www.googletagmanager.com/	0 11 B	31ms 30ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=16&u=AgAAAIAIAAAAAACI&ut=AgAI&h=Ag&tr=1tg&ti=1tg&z=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	a www.googletagmanager.com/	0 11 B	30ms 30ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=17&u=AgAAAIAIAAAAAACI&ut=AgAI&h=Ag&tr=1cvt&ti=2cvt&z=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	a www.googletagmanager.com/	0 11 B	41ms 41ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=24&u=AgAAAIAIAAAAAACI&ut=AgAI&h=Ag&z=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
POST H2	200	event qoe-1.yottaa.net/log-nt/	3 B 191 B	187ms 19ms	Ping text/json	140.174.14.164 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://qoe-1.yottaa.net/log-nt/event Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 140.174.14.164 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers access-control-allow-origin * date Mon, 16 Sep 2024 10:39:53 GMT access-control-expose-headers X-Results-Data-Source access-control-allow-credentials true cache-control no-cache timing-allow-origin * content-type text/json
GET H2	200	www-widgetapi.js Show response www.youtube.com/s/player/3c3d6e4f/www-widgetapi.vflset/	32 KB 11 KB	29ms 26ms	Script text/javascript	2a00:1450:4001:80b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/s/player/3c3d6e4f/www-widgetapi.vflset/www-widgetapi.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 65615ecccdacb3cbb4a4cd07b9b6d7b2d7b7f9f6bd62f5d0c5656512bddfad6b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 13 Sep 2024 02:24:53 GMT content-encoding br x-content-type-options nosniff age 288900 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 10746 x-xss-protection 0 last-modified Thu, 12 Sep 2024 04:18:54 GMT server sffe vary Accept-Encoding, Origin report-to {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="youtube" expires Sat, 13 Sep 2025 02:24:53 GMT
GET H2	200	110221.ct.js Show response tag.rmp.rakuten.com/	47 KB 15 KB	190ms 39ms	Script text/javascript	34.102.147.248 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://tag.rmp.rakuten.com/110221.ct.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 248.147.102.34.bc.googleusercontent.com Software / Resource Hash 290f9c6084b46b94850626f1dbe6df20c7a805bed18c5aad6360bcc4da3bfae6 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip via 1.1 google strict-transport-security max-age=31536000 last-modified Mon, 16 Sep 2024 10:39:53 GMT x-cache hit x-samesite secure content-type text/javascript cache-control max-age=86400 x-dyn 0 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET H2	200	js Show response www.paypal.com/sdk/	425 KB 120 KB	595ms 34ms	Script application/javascript	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 668f9df6ce9e19cb8e52c30b1771dcb27b858c9f691b6500d6e1ffafad26ad19 Security Headers Name Value Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-ItAFTUCveuVhjO92wAKWfSsetPTJ3VVZvov/rG71b7ylrvlN' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-ItAFTUCveuVhjO92wAKWfSsetPTJ3VVZvov/rG71b7ylrvlN' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-ItAFTUCveuVhjO92wAKWfSsetPTJ3VVZvov/rG71b7ylrvlN' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-ItAFTUCveuVhjO92wAKWfSsetPTJ3VVZvov/rG71b7ylrvlN' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp content-encoding gzip x-content-type-options nosniff disable-set-cookie true via 1.1 varnish, 1.1 varnish date Mon, 16 Sep 2024 10:39:54 GMT age 8293 strict-transport-security max-age=63072000; includeSubDomains; preload x-cache HIT, MISS p3p true paypal-debug-id f2758031071e7 server-timing "traceparent;desc="00-0000000000000000000f2758031071e7-ed2b0bfcac1e7a97-01"";content-encoding;desc="gzip",x-cdn;desc="fastly" dc ccg11-origin-www-1.paypal.com content-length 120819 x-xss-protection 1; mode=block x-served-by cache-fra-etou8220117-FRA, cache-fra-etou8220117-FRA accept-ch sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 traceparent 00-0000000000000000000f2758031071e7-2c52c7e27c035b32-01 x-timer S1726483194.075794,VS0,VE8 etag W/"1d7f3-hCPIhE+togCbn75WEPTPuoyRqOw" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers Server-Timing cache-control public, max-age=3600, s-maxage=10800 origin-trial AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ== permissions-policy ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com") accept-ranges bytes x-cache-hits 0, 0
GET H/1.1	200 OK	main.js Show response static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/	149 KB 52 KB	596ms 35ms	Script application/javascript	23.192.254.124 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.192.254.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-192-254-124.deploy.static.akamaitechnologies.com Software nginx / Express Resource Hash 56e906a27835c03e7ffa5e2f1c57d9b948ed92009d4b515500818979f8cceee1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Strict-Transport-Security max-age=15768000 Content-Encoding gzip Date Mon, 16 Sep 2024 10:39:54 GMT Server nginx X-Powered-By Express ETag W/"7f87aaa766a6613be614291d8bd6c1c4e3c3876c" X-Frame-Options SAMEORIGIN Vary Accept-Encoding Content-Type application/javascript;charset=UTF-8 Access-Control-Allow-Origin * Cache-Control must-revalidate, max-age=900 Connection keep-alive Content-Length 52946 Expires Mon, 16 Sep 2024 10:54:54 GMT
GET H2	200	/ Show response websdk.appsflyer.com/	51 KB 15 KB	180ms 34ms	Script application/javascript	18.245.60.3 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://websdk.appsflyer.com/?st=banners& Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.60.3 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-60-3.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash ce6d7f008824d9f6af00150bf70a49369a24381165b5808efa74e68518e6d58d Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:04:13 GMT content-encoding gzip via 1.1 b99111dfd026a3c99d0e66063beb0544.cloudfront.net (CloudFront) last-modified Wed, 14 Jun 2023 06:58:46 GMT server AmazonS3 x-amz-cf-pop FRA60-P5 age 2744 x-amz-server-side-encryption AES256 etag W/"ad6e8ace01357e7c84957fc6fc296d42" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript alt-svc h3=":443"; ma=86400 x-amz-cf-id T_R-OaEmj5lkYLhHSp4zJ2D9dSYMPY3ZCwAkH1AO_7QICc_5RjCEkQ==
GET H3	200	js Show response www.googletagmanager.com/gtag/	302 KB 101 KB	43ms 42ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 058b25fe1fa93385bb56b5764481f285d8eeed04106ae34363993ed1765af0e7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 103358 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 16 Sep 2024 10:39:53 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	318 KB 105 KB	68ms 67ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash d323330bf006a329a6c3bbd8dfe002b7051a7ed2ed07392271b68bcab6454a9d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 107454 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 16 Sep 2024 10:39:53 GMT
POST H2	204	sessions Show response www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/	0 1 KB	196ms 194ms	XHR text/plain	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/elf-cosmetic-criminals authorization Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwYjE3M2Y4Zi00OWYzLTRmOGUtOGQxMC1kY2U0OWFmZmI4MGQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjFmMTY2MGY1LWM2MmItNDNkMC1hOTA0LTZmMDU2YzIyOTE1NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjY0ODMxNjMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia3V3VmxId1V4SHNSd1h3V3dHWVlrMG9VOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNjQ4NDk5MywiaWF0IjoxNzI2NDgzMTkzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1MTU3Njk0MDAzODA2MjM5In0.fquE951StXhnJIgyvDoPRpcPHu8apTXzyZbi7AQOdKjGJKGZ76hSayi4baWSMwyzmCbo2ytSqTGOahA6eRPNDQ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT via 1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront) cf-cache-status DYNAMIC x-yottaa-metrics 36218cae0e3f/[170,168,-] 36D18cae0e61/[-,170.683] x-amz-cf-pop FRA56-P7 age 0 x-yottaa-optimizations ob/0 si/36D18cae0e61-1726252499-7857122701 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-dw-version-status obsolete x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 pragma no-cache allow OPTIONS,POST access-control-allow-origin https://www.elfcosmetics.com access-control-expose-headers etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true x-proxy-request-url https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions accept-ranges bytes cf-ray 8c403c37abf11e5a-FRA x-dw-request-base-id cD2HrvkK6GYBAAB_ x-amz-cf-id ceGaz2zU2nr28i5hJ4sMR8QWVeJvZjOAEhv9m8uVAnDV0WfRYaGicg== x-yottaa-os 204 expires Thu, 01 Dec 1994 16:00:00 GMT
POST H2	200	shoppercontext Show response www.elfcosmetics.com/api/v1/	134 B 886 B	552ms 550ms	XHR application/json	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash b50038ad6b0d87bfbfaa940f269aff36d438741d119d8aaf57fbf97712a5caa3 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains Request headers Referer https://www.elfcosmetics.com/elf-cosmetic-criminals authorization Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwYjE3M2Y4Zi00OWYzLTRmOGUtOGQxMC1kY2U0OWFmZmI4MGQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjFmMTY2MGY1LWM2MmItNDNkMC1hOTA0LTZmMDU2YzIyOTE1NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjY0ODMxNjMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia3V3VmxId1V4SHNSd1h3V3dHWVlrMG9VOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNjQ4NDk5MywiaWF0IjoxNzI2NDgzMTkzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1MTU3Njk0MDAzODA2MjM5In0.fquE951StXhnJIgyvDoPRpcPHu8apTXzyZbi7AQOdKjGJKGZ76hSayi4baWSMwyzmCbo2ytSqTGOahA6eRPNDQ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 content-type application/json Response headers date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=15552000; includeSubDomains via 1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront) x-amzn-remapped-content-length 134 content-encoding gzip x-amz-cf-pop FRA56-P7 age 0 x-amzn-remapped-connection close x-amzn-requestid b5da347e-a563-4eca-bcfc-3a45efd4e4ea x-yottaa-optimizations ob/1000 si/36D18cae0e61-1726252499-7857122702 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-cache Miss from cloudfront x-amz-apigw-id eManDFCeCYcEijg= content-length 119 alt-svc h3=":443"; ma=86400 etag W/"86-+zmIPv8Gmh5rUok6wVFQOBt53BE" x-amzn-trace-id Root=1-66e80af9-6a77f5aa4a2ee8753594060d;Parent=06d3c757fbaf5a14;Sampled=0;lineage=1:2b75b0e9:0 content-type application/json; charset=utf-8 x-yottaa-os 200 x-yottaa-metrics 36218cae0e40/[525,524,-] 36D18cae0e61/[-,526.766] x-amzn-remapped-date Mon, 16 Sep 2024 10:39:53 GMT x-amz-cf-id lhczSSyFUY9t2Ll5wkbKB5jSR5NrLBCUiwD4YV9UXeKn2WIEs-ODUA==
POST H2	201	sync Show response sdk.iad-05.braze.com/api/v3/content_cards/	85 B 222 B	190ms 189ms	XHR application/json	2606:4700:4400::ac40:9595 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.iad-05.braze.com/api/v3/content_cards/sync Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9595 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e91cc9a9b29090ffef1f21b6331e9a47eaf615b3d553718a9a4ca966d51501ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers X-Braze-Req-Tokens-Remaining 27 X-Braze-Api-Key 609afcb2-1dc3-41ef-a771-0a9aaf10bf57 X-Braze-DataRequest true User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-type application/json X-Braze-Last-Req-Ms-Ago 814 BRAZE-SYNC-RETRY-COUNT 0 X-Requested-With XMLHttpRequest Referer https://www.elfcosmetics.com/ X-Braze-Req-Attempt 1 X-Braze-ContentCardsRequest true Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding gzip cf-cache-status DYNAMIC strict-transport-security max-age=31536000; includeSubDomains x-request-id ca758669-9a4f-4b5f-9baa-a9dee4352b49 x-runtime 0.051015 server cloudflare etag W/"e91cc9a9b29090ffef1f21b6331e9a47" vary Origin,Accept-Encoding access-control-allow-methods POST, GET content-type application/json access-control-allow-origin * access-control-expose-headers cache-control max-age=0, private, must-revalidate x-ratelimit-reset 1726483194 access-control-max-age 7200 x-ratelimit-limit 500.0 cf-ray 8c403c377d003683-FRA x-ratelimit-remaining 491.0
GET H2	200	geo-ip Show response www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/	200 B 913 B	275ms 267ms	XHR application/json	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=217.114.215.131 Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash 86c492f412fab9d7eb6171247cb300262879418099e8694960d304b9aa344408 Security Headers Name Value X-Content-Type-Options nosniff Request headers c_x-pwa-request true Referer https://www.elfcosmetics.com/elf-cosmetic-criminals x-dw-client-id f9f7052a-f742-4c38-bdf5-1da004e7fb3b User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 content-type application/json Response headers date Mon, 16 Sep 2024 10:39:53 GMT sfdc_customization HOOK x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding gzip via 1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P7 x-yottaa-optimizations ob/1000 si/36D18cae0e61-1726252499-7857122708 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-dw-version-status obsolete x-cache Miss from cloudfront age 0 alt-svc h3=":443"; ma=86400 allow GET,HEAD,OPTIONS content-type application/json;charset=UTF-8 cache-control max-age=0,no-cache,no-store,must-revalidate x-yottaa-os 200 x-proxy-request-url https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=217.114.215.131 x-yottaa-metrics 36218cae0e47/[245,243,-] 36D18cae0e61/[-,246.171] cf-ray 8c403c38ce163a90-FRA x-dw-request-base-id AsrXb_kK6GYBAAB_ x-amz-cf-id nz_ob_jquaLCanD6cShQBO34zZhg5xgX6FKFvWshPZ7Pu1bLxMu86A==
GET H2	200	geo-ip Show response www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/	200 B 913 B	584ms 308ms	XHR application/json	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=217.114.215.131 Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash 86c492f412fab9d7eb6171247cb300262879418099e8694960d304b9aa344408 Security Headers Name Value X-Content-Type-Options nosniff Request headers c_x-pwa-request true Referer https://www.elfcosmetics.com/elf-cosmetic-criminals x-dw-client-id f9f7052a-f742-4c38-bdf5-1da004e7fb3b User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 content-type application/json Response headers date Mon, 16 Sep 2024 10:39:54 GMT sfdc_customization HOOK x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding gzip via 1.1 d34cf2ddbdf9774517330fee6a26e4b2.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P7 x-yottaa-optimizations ob/1000 si/36D18cae0e61-1726252499-7857122711 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-dw-version-status obsolete x-cache Miss from cloudfront age 0 alt-svc h3=":443"; ma=86400 allow GET,HEAD,OPTIONS content-type application/json;charset=UTF-8 cache-control max-age=0,no-cache,no-store,must-revalidate x-yottaa-os 200 x-proxy-request-url https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=217.114.215.131 x-yottaa-metrics 36218cae0e27/[287,286,-] 36D18cae0e61/[-,288.375] cf-ray 8c403c3a7ea4d3bd-FRA x-dw-request-base-id cD2WrvkK6GYBAAB_ x-amz-cf-id 9HKsSHa-9mm3PskBbjVrDCFEIve4tD0FEluwdTE6MXXG55D91kcU0w==
GET H2	200	baskets Show response www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkuwVlHwUxHsRwXwWwGYYk0oU/	11 B 900 B	220ms 213ms	Fetch application/json	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkuwVlHwUxHsRwXwWwGYYk0oU/baskets?siteId=elf-us Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash 31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers c_x-pwa-request true Referer https://www.elfcosmetics.com/elf-cosmetic-criminals Authorization Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwYjE3M2Y4Zi00OWYzLTRmOGUtOGQxMC1kY2U0OWFmZmI4MGQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjFmMTY2MGY1LWM2MmItNDNkMC1hOTA0LTZmMDU2YzIyOTE1NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjY0ODMxNjMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia3V3VmxId1V4SHNSd1h3V3dHWVlrMG9VOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNjQ4NDk5MywiaWF0IjoxNzI2NDgzMTkzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1MTU3Njk0MDAzODA2MjM5In0.fquE951StXhnJIgyvDoPRpcPHu8apTXzyZbi7AQOdKjGJKGZ76hSayi4baWSMwyzmCbo2ytSqTGOahA6eRPNDQ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT strict-transport-security max-age=31536000; includeSubDomains dnt 0 cf-cache-status DYNAMIC x-correlation-id 8c403c38bf064d1f x-content-type-options nosniff sfdc_customization HOOK via 1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P7 x-yottaa-optimizations ob/1000 si/36D18cae0e61-1726252499-7857122709 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 content-encoding gzip x-cache Miss from cloudfront age 0 alt-svc h3=":443"; ma=86400 content-length 37 x-ratelimit-remaining 999 vary Accept-Encoding content-type application/json;charset=UTF-8 sfdc_load 1 cache-control max-age=0,no-cache,no-store x-yottaa-os 200 x-proxy-request-url https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abkuwVlHwUxHsRwXwWwGYYk0oU/baskets?siteId=elf-us x-ratelimit-limit 99999 accept-ranges bytes cf-ray 8c403c38bf064d1f-FRA x-amz-cf-id AKpcWa0eXCbQue7wrSsLsEztTgkm8plmC1fxQU0Ss4kNXEGXkG15-A== x-yottaa-metrics 36218cae0e46/[188,187,-] 36D18cae0e61/[-,189.770]
POST H2	200	viewPage Show response api.cquotient.com/v3/activities/bbxc-elf-us/	98 B 518 B	50ms 48ms	Fetch application/json	52.51.79.42 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/main.js?yocs=1u_1y_ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.51.79.42 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-51-79-42.eu-west-1.compute.amazonaws.com Software envoy / Resource Hash 5e3b970e85d4ae587ec76df485557123a0e8759aeb59e87adfa7fbd33d6fec1c Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubdomains Request headers x-cq-client-id f9f7052a-f742-4c38-bdf5-1da004e7fb3b Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type application/json Response headers date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=15552000; includeSubdomains server envoy etag W/"62-9U+AkPP5563WdzJdhIrDYFQztNg" access-control-allow-methods GET, POST content-type application/json; charset=utf-8 access-control-allow-origin https://www.elfcosmetics.com access-control-allow-credentials true x-envoy-upstream-service-time 5 content-length 98
OPTIONS H2	200	viewPage api.cquotient.com/v3/activities/bbxc-elf-us/ Frame	0 0	433ms 51ms	Preflight	52.51.79.42 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.51.79.42 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-51-79-42.eu-west-1.compute.amazonaws.com Software envoy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubdomains Request headers Accept */* Access-Control-Request-Headers content-type,x-cq-client-id Access-Control-Request-Method POST Origin https://www.elfcosmetics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization, content-type, x-cq-tenant, x-cq-client-id access-control-allow-methods POST access-control-allow-origin https://www.elfcosmetics.com content-length 0 date Mon, 16 Sep 2024 10:39:54 GMT server envoy strict-transport-security max-age=15552000; includeSubdomains x-envoy-upstream-service-time 1
GET H3	200	iframe_api Show response www.youtube.com/	993 B 516 B	44ms 42ms	Script text/javascript	2a00:1450:4001:80b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.youtube.com/iframe_api Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0691afdf8e089210ac1a10eab3e46e1357032ec957e9763a0a91cee5de2f2799 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script' Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-security-policy require-trusted-types-for 'script' content-encoding br cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version server ESF x-frame-options SAMEORIGIN report-to {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} content-type text/javascript; charset=utf-8 vary Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version cache-control private, max-age=0 permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* origin-trial AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 cross-origin-opener-policy-report-only same-origin; report-to="youtube_main" expires Mon, 16 Sep 2024 10:39:53 GMT
GET H2	200	1a8bfa042c9c5.js Show response t.contentsquare.net/uxa/	345 KB 83 KB	354ms 23ms	Script application/javascript	18.244.18.115 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.244.18.115 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-244-18-115.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 763c6c999ec59fc2f2f8354cdadb1f85cc4488781109006ea8b3bbabc5f60064 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sun, 15 Sep 2024 08:58:21 GMT content-encoding br via 1.1 e4f83d72be7853fbcceb590827a5b68a.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P11 age 0 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 84235 last-modified Thu, 12 Sep 2024 08:57:06 GMT server AmazonS3 etag "09f3695aa32241766825070a5c17768f" vary Accept-Encoding, Origin content-type application/javascript;charset=utf-8 cache-control max-age=900 accept-ranges bytes timing-allow-origin * x-amz-cf-id cb_Vn6EiCr5FwX345WZO3cIRFOqO0whmNfzpNpkQQh2jDFgm0LGw0Q==
GET H3	200	destination Show response www.googletagmanager.com/gtag/	217 KB 78 KB	41ms 37ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 42ebf8826958c3cbda70719096d4aeebea98cea192ca7949dbb8dcc758b72198 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 79534 x-xss-protection 0 last-modified Mon, 16 Sep 2024 09:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 16 Sep 2024 10:39:53 GMT
GET H3	200	destination Show response www.googletagmanager.com/gtag/	217 KB 78 KB	59ms 55ms	Script application/javascript	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8228bad295aeb220b32e0e3cd84c1f830e72fdb993ae727ec534b4ca5cfcc659 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 79534 x-xss-protection 0 last-modified Mon, 16 Sep 2024 09:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 16 Sep 2024 10:39:53 GMT
GET H2	200	core.js Show response s.pinimg.com/ct/	5 KB 2 KB	397ms 30ms	Script application/javascript	2a04:4e42::84 FASTLY
General Check archive.org Show headers Download Go to Full URL https://s.pinimg.com/ct/core.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::84 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 919293e56b6a814a84a579b014f63a2423b0419c418494da7baa7c0c5893cde1 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT content-encoding br x-cdn fastly etag "b37f6fea55e9029c9c9d413c47f69cb7" x-amz-server-side-encryption AES256 access-control-max-age 86400 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * access-control-expose-headers X-CDN vary Accept-Encoding, Origin cache-control max-age=7200 alt-svc h3=":443";ma=600 content-length 1878
GET H3	200	fbevents.js Show response connect.facebook.net/en_US/	225 KB 58 KB	58ms 34ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 16 Sep 2024 10:39:53 GMT document-policy force-load-at-top x-fb-server-load 32 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 58953 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=18, rtx=0, c=23, mss=1232, tbw=4454, tp=9, tpl=0, uplat=0, ullat=-1 pragma public x-fb-debug H0dAm8rEVh/hTwrwlw14l26uigW8dLQvD2fzCp70JNcbVVNLBnvVN0R3rfcoRSy6nUJa0EevgU+KSjk6qzHg7w== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	42 KB 13 KB	394ms 28ms	Script application/javascript	2a04:4e42:600::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Thu, 20 Jun 2024 19:23:03 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "71b328aff914ada8b774bfa8fff542c4" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 12116
GET H2	200	bat.js Show response bat.bing.com/	49 KB 14 KB	417ms 52ms	Script application/javascript	2620:1ec:33:2::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Mon, 16 Sep 2024 10:39:53 GMT last-modified Fri, 06 Sep 2024 21:17:16 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: D187D88E92D44E0AB8EAF0F00B4AF6AD Ref B: LON212050703039 Ref C: 2024-09-16T10:39:54Z etag "016326a20db1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 14305
GET H2	200	tfa.js Show response cdn.taboola.com/libtrc/unip/1691051/	81 KB 25 KB	395ms 30ms	Script application/javascript	151.101.129.44 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.taboola.com/libtrc/unip/1691051/tfa.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 451304e1eb64cbc25743b9e319da822df015d8735199ee515831345838621c71 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-amz-version-id Ikfpqam8ZVDdGd3gPQOKiaZU09t0yzh_ content-encoding gzip via 1.1 varnish date Mon, 16 Sep 2024 10:39:54 GMT x-amz-request-id W4YVJ8DKK30E56ER age 129 x-amz-server-side-encryption AES256 x-cache HIT x-amz-replication-status COMPLETED content-length 25444 x-amz-id-2 UAezA2l8mFlRfbyOMfYi2WZzzWVwTD6iGUmQ/zvp8lFnd3M+F6rcm2bAOOyAvZcPozBRewcYSew= x-served-by cache-fra-etou8220137-FRA last-modified Sun, 08 Sep 2024 11:11:33 GMT server AmazonS3 x-timer S1726483194.076898,VS0,VE1 etag "41d4d63a302da010dc70239fad91c43b" vary Accept-Encoding content-type application/javascript; charset=utf-8 abp 18 access-control-allow-origin * cache-control private,max-age=14401 accept-ranges bytes x-cache-hits 1
GET H2	200	events.js Show response analytics.tiktok.com/i18n/pixel/	8 KB 3 KB	476ms 119ms	Script application/javascript	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BRR4GA0I9JJBU29G8GF0&lib=ttq Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 00dd1076eba64e7ef7c1a3e7efde8696a95c43952942c2d70ede6756c306881e Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-akamai-request-id 4fda1265.c2488e0f date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2409161039541C827D31843CE5A1ED13-7FADB92788FAD3F2-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) x-parent-response-time 94,2.20.179.90 server-timing cdn-cache; desc=MISS, edge; dur=88, origin; dur=7, inner; dur=4 content-length 2486 pragma no-cache server nginx x-tt-logid 202409161039541C827D31843CE5A1ED13 x-cache-remote TCP_MISS from a23-220-104-8.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control max-age=0, no-cache, no-store x-origin-response-time 7,23.220.104.8 x-tt-trace-host 013639f38019084264c9da60332244b87b22095f416550bab6a0583b02605ef6e0d37387beb93a33028362283968f0446c2a6d77cc0303614f4ce77b7ea73c6b9aced09985fa1f77c35b39d4947034ef4bdbd52440647fa4719e73ca855c8a6394866bb89555f597528f4fd1a9d48440e0 expires Mon, 16 Sep 2024 10:39:54 GMT
GET H2	200	events.js Show response analytics.tiktok.com/i18n/pixel/	7 KB 3 KB	415ms 115ms	Script application/javascript	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 049ba240ed6bc4397fb6d0ab266878766fd0b384ed0b54b6e67a1c64e62d8d18 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-akamai-request-id c2488e11 date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240916103954EBA8980EBA65C47427E7-48DC5E84FA8A3DB4-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) server-timing inner; dur=3, cdn-cache; desc=MISS, edge; dur=1, origin; dur=90 pragma no-cache server nginx x-tt-logid 20240916103954EBA8980EBA65C47427E7 vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control max-age=0, no-cache, no-store x-origin-response-time 90,2.20.179.90 x-tt-trace-host 013639f38019084264c9da60332244b87b7bd6646440ca0a68e17dcec9bb5ab34391e846e6a92cbec223f3b60cd246e78a56b7b458ca999e9accbfda9c36435f4e8b4c357ecc738a2667e7f56e90275715d26e1a068ebf25c3eb1b59bff8428a56 expires Mon, 16 Sep 2024 10:39:54 GMT
GET H2	200	widget.js Show response js.jebbit.com/companion/v1/	44 KB 45 KB	311ms 28ms	Script text/javascript	2600:9000:206f:3000:a:7914:b00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.jebbit.com/companion/v1/widget.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:206f:3000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash caab06b6d9e22bd3f5e606d7c52d61833bb08498c02ef96bb2155852c391249c Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-amz-version-id Ni7Av1nwUFjdEeEmV3bxRPsr0NJvxctr date Mon, 16 Sep 2024 02:25:11 GMT via 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront) last-modified Tue, 09 Jul 2024 20:26:25 GMT server AmazonS3 x-amz-cf-pop FRA56-C1 age 29690 x-amz-server-side-encryption AES256 etag "abd610d978a61075b07e166fe2d53c26" x-cache Hit from cloudfront content-type text/javascript accept-ranges bytes content-length 45338 x-amz-cf-id BXaPNNunbjWQirR8TkEYlYRPwzUQOM2cL_N3gal2FXzEJV_EG_OgUg==
GET H2	200	i.js Show response tag.wknd.ai/4142/	18 KB 6 KB	341ms 20ms	Script text/plain	34.120.253.250 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://tag.wknd.ai/4142/i.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 250.253.120.34.bc.googleusercontent.com Software istio-envoy / Resource Hash 58ac83c171e73cc47476cb3599d996a66e189c7dc101380713107cc608ac5038 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:16:31 GMT content-encoding gzip x-envoy-decorator-operation tag-router.tag-router.svc.cluster.local:80/* via 1.1 google age 1403 x-envoy-upstream-service-time 0 x-region us-central1 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5919 server istio-envoy etag dffa51524c5e8a vary Accept-Encoding content-type text/plain; charset=utf-8 access-control-allow-origin * cache-control public,max-age=60 timing-allow-origin * link <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
GET H3	200	include.js Show response cdn8.eu.inside.chat/gtm/IN-1011171-EC/	23 KB 6 KB	78ms 39ms	Script application/javascript	2606:4700::6812:911 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn8.eu.inside.chat/gtm/IN-1011171-EC/include.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:911 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9e73bad2bcf63a336ee6d5ae4d037b2571445ab9d22a67bea429782f8d2d4a25 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=31536000; includeSubdomains content-encoding br cf-cache-status HIT age 109 cf-polished origSize=36993 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Fri, 02 Aug 2024 16:09:33 GMT server cloudflare etag W/"a3d2ee5cf6e4da1:0" vary Accept-Encoding content-type application/javascript cache-control public, max-age=3600 cf-ray 8c403c3b7ddbbb7d-FRA expires Mon, 16 Sep 2024 11:39:54 GMT
GET H2	200	ot_guard_logo.svg Show response cdn.cookielaw.org/logos/static/	497 B 515 B	32ms 31ms	Fetch image/svg+xml	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding gzip content-md5 tXyZydHjxQshFMbbBT1/8A== age 13856 x-ms-lease-status unlocked last-modified Thu, 12 Sep 2024 19:28:13 GMT server cloudflare vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id e55c6b14-101e-00b2-3be6-0568f0000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 cf-ray 8c403c395ae94d31-FRA
GET H2	200	ot_company_logo.png cdn.cookielaw.org/logos/static/	4 KB 4 KB	35ms 35ms	Image image/png	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.cookielaw.org/logos/static/ot_company_logo.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-md5 E8+sk/ECzKgTUVtDLikiIA== age 68634 content-length 4036 x-ms-lease-status unlocked last-modified Thu, 12 Sep 2024 19:28:13 GMT server cloudflare etag 0x8DCD3610B83687A vary Accept-Encoding content-type image/png access-control-allow-origin * x-ms-request-id 6f3df6d1-701e-002a-324a-05e6cf000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8c403c3968b1364d-FRA
GET H2	200	powered_by_logo.svg cdn.cookielaw.org/logos/static/	5 KB 2 KB	34ms 33ms	Image image/svg+xml	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.cookielaw.org/logos/static/powered_by_logo.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 16 Sep 2024 10:39:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding gzip content-md5 Y+c301RBZNK39PvKQWrIBw== age 37194 x-ms-lease-status unlocked last-modified Thu, 12 Sep 2024 19:28:14 GMT server cloudflare vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 89ce9751-701e-00a9-584f-054662000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 cf-ray 8c403c3968b6364d-FRA
GET H2	200	collect Show response sgtm.elfcosmetics.com/g/	65 B 296 B	435ms 215ms	XHR text/plain	34.49.124.132 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4990v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13u3u3u2u5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=1759136562.1726483194&ecid=591900263&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE-BW&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=2070673177.1726483192&sst.etld=google.de&sst.gcsub=region1&sst.adr=1&sst.ude=0&_s=1&sid=1726483193&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=7517&richsstsse Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 132.124.49.34.bc.googleusercontent.com Software Google Frontend / Resource Hash e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 google x-content-type-options nosniff server Google Frontend content-type text/plain access-control-allow-origin https://www.elfcosmetics.com cache-control no-cache access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-accel-buffering no
GET H2	200	collect Show response sgtm.elfcosmetics.com/g/	65 B 127 B	457ms 246ms	XHR text/plain	34.49.124.132 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4990v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13u3u3u2u5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=1759136562.1726483194&ecid=591900263&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE-BW&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=2070673177.1726483192&sst.etld=google.de&sst.gcsub=region1&sst.adr=1&sst.ude=0&_s=2&sid=1726483193&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&ep.event_id=1726483740900_17264835030728&ep.external_id=&ep.pinterest_pixel_id=549755876323&_et=2&tfd=7526&richsstsse Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 132.124.49.34.bc.googleusercontent.com Software Google Frontend / Resource Hash e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 google x-content-type-options nosniff server Google Frontend content-type text/plain access-control-allow-origin https://www.elfcosmetics.com cache-control no-cache access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-accel-buffering no
GET H2	200	collect Show response sgtm.elfcosmetics.com/g/	65 B 127 B	504ms 294ms	XHR text/plain	34.49.124.132 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4990v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13u3u3u2u5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=1759136562.1726483194&ecid=591900263&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE-BW&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=2070673177.1726483192&sst.etld=google.de&sst.gcsub=region1&sst.adr=1&sst.ude=0&_s=3&sid=1726483193&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1726483740900_172648350307210&ep.email=&ep.phone=&ep.facebook_pixel_id=1638306756445368&_et=1&tfd=7526&richsstsse Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 132.124.49.34.bc.googleusercontent.com Software Google Frontend / Resource Hash e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 google x-content-type-options nosniff server Google Frontend content-type text/plain access-control-allow-origin https://www.elfcosmetics.com cache-control no-cache access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-accel-buffering no
POST H2	204	collect region1.google-analytics.com/g/	0 0	200ms 32ms	Fetch text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4990v879088318z8896608294za200zb896608294&gcs=G100&gcd=13u3uPu2u5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=1759136562.1726483194&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&_s=1&sid=1726483193&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=7569 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.elfcosmetics.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	src=9231397;dc_pre=CLyIgYyjx4gDFUDKOwId5OoBsg;type=retarget;cat=globa0;ord=4440982282441;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;ua... ade.googlesyndication.com/ddm/activity/ Redirect Chain https://ade.googlesyndication.com/ddm/activity/src=9231397;type=retarget;cat=globa0;ord=4440982282441;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0... https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CLyIgYyjx4gDFUDKOwId5OoBsg;type=retarget;cat=globa0;ord=4440982282441;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...	42 B 107 B	56ms 55ms	Image image/gif	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CLyIgYyjx4gDFUDKOwId5OoBsg;type=retarget;cat=globa0;ord=4440982282441;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4990v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals? Protocol H2 Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" location https://ade.googlesyndication.com/ddm/activity/src=9231397;dc_pre=CLyIgYyjx4gDFUDKOwId5OoBsg;type=retarget;cat=globa0;ord=4440982282441;npa=1;u6=%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4990v9181619921z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals? content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin follow-only-when-prerender-shown 1 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	src=10742279;dc_pre=CNmFgYyjx4gDFd3MOwIdqMccoA;type=elf8j0;cat=glo_flap;ord=8204948584463;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv... ade.googlesyndication.com/ddm/activity/ Redirect Chain https://ade.googlesyndication.com/ddm/activity/src=10742279;type=elf8j0;cat=glo_flap;ord=8204948584463;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;u... https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CNmFgYyjx4gDFd3MOwIdqMccoA;type=elf8j0;cat=glo_flap;ord=8204948584463;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-c...	42 B 118 B	55ms 54ms	Image image/gif	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CNmFgYyjx4gDFd3MOwIdqMccoA;type=elf8j0;cat=glo_flap;ord=8204948584463;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4990v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals? Protocol H2 Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" location https://ade.googlesyndication.com/ddm/activity/src=10742279;dc_pre=CNmFgYyjx4gDFd3MOwIdqMccoA;type=elf8j0;cat=glo_flap;ord=8204948584463;npa=1;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4990v9181663336z8896608294za201zb896608294;gcs=G100;gcd=13u3uPu2u5l1;dma_cps=-;dma=1;tcfd=10001;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals? content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin follow-only-when-prerender-shown 1 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	1638306756445368 Show response connect.facebook.net/signals/config/	75 KB 15 KB	20ms 20ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1638306756445368?v=2.9.167&r=stable&domain=www.elfcosmetics.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash a02f0c8d1cd7b80c7e2af68d36a9d088fdb899abe45a1d5ec24108e7c3ef37bb Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 16 Sep 2024 10:39:53 GMT document-policy force-load-at-top x-fb-server-load 45 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 15287 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=22, rtx=0, c=74, mss=1232, tbw=67126, tp=62, tpl=0, uplat=1, ullat=-1 pragma public x-fb-debug 70eTwbys6gGviS8Ek04+TnC5Dmw5bajOa8gAy7hrBZNpPUEoGJcHQDqbAe49/iWBj7O0ScF5PCHNgWNfFATwVg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
POST H2	200	baskets Show response www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/	3 KB 2 KB	231ms 231ms	XHR application/json	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets Requested by Host: cdn-fsly.yottaa.net URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11899/vendor.js?yocs=1u_1y_ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash 09bd11c8046b60763de0477611a2696ee2120dd5a10796ae3cd50640cabd7a98 Security Headers Name Value X-Content-Type-Options nosniff Request headers c_x-pwa-request true Referer https://www.elfcosmetics.com/elf-cosmetic-criminals x-dw-client-id f9f7052a-f742-4c38-bdf5-1da004e7fb3b authorization Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiIwYjE3M2Y4Zi00OWYzLTRmOGUtOGQxMC1kY2U0OWFmZmI4MGQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjFmMTY2MGY1LWM2MmItNDNkMC1hOTA0LTZmMDU2YzIyOTE1NiIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjY0ODMxNjMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFia3V3VmxId1V4SHNSd1h3V3dHWVlrMG9VOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNjQ4NDk5MywiaWF0IjoxNzI2NDgzMTkzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1MTU3Njk0MDAzODA2MjM5In0.fquE951StXhnJIgyvDoPRpcPHu8apTXzyZbi7AQOdKjGJKGZ76hSayi4baWSMwyzmCbo2ytSqTGOahA6eRPNDQ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 content-type application/json Response headers date Mon, 16 Sep 2024 10:39:54 GMT sfdc_customization HOOK x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront) x-yottaa-metrics 36218cae0e49/[206,206,-] 36D18cae0e61/[-,208.314] x-amz-cf-pop FRA56-P7 age 0 x-yottaa-optimizations ob/1000 si/36D18cae0e61-1726252499-7857122712 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 content-encoding gzip x-dw-version-status obsolete x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 content-length 1105 pragma no-cache etag 6957798c5486d130fa6786a1af5b717663e4287fffa1afa539d994a64e975be5 allow OPTIONS,POST content-type application/json;charset=UTF-8 access-control-allow-origin https://www.elfcosmetics.com x-dw-resource-state 6957798c5486d130fa6786a1af5b717663e4287fffa1afa539d994a64e975be5 access-control-expose-headers etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true x-proxy-request-url https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets accept-ranges bytes cf-ray 8c403c3a88209c0d-FRA x-dw-request-base-id cD2XrvkK6GYBAAB_ x-amz-cf-id nus-hUGXXaGJAQsy54_5B8InKEl8i4slMjUt7JCDZ7abmmlEKfxxYg== x-yottaa-os 200 expires Thu, 01 Dec 1994 16:00:00 GMT
GET H2	200	us.svg www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/	9 KB 1 KB	21ms 20ms	Image image/svg+xml	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/us.svg Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22 Request headers Referer https://www.elfcosmetics.com/elf-cosmetic-criminals User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 bc3ecf5f025b0be9b8c39c5dd2dace2e.cloudfront.net (CloudFront) content-encoding gzip x-amz-cf-pop FRA60-P6 age 2046548 x-yottaa-optimizations ob/1101 si/36D18cae0e61-1724347365-5356863540 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-cache Hit from cloudfront x-amz-meta-deploy 840429 alt-svc h3=":443"; ma=86400 content-length 676 x-amz-meta-bundle 11899 x-yottaa-forcecache true content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31104000 x-yottaa-metrics 36218cae0e40/[2,-,1724436617523] 36D18cae0e61/[hit] x-amz-cf-id brXGXDEPWHs0n9oz7baIJvhnHS_E_4uKuHZ2FIQhQoruJHU-GDtsOg==
GET H2	200	/ www.facebook.com/tr/	0 274 B	65ms 21ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&rl=&if=false&ts=1726483194040&sw=1600&sh=1200&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=12318&fbp=fb.1.1726483194037.420419752561630267&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1726483193959&coo=false&eid=1726483740900_172648350307210&tm=1&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=17, rtx=0, c=10, mss=1328, tbw=2783, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Mon, 16 Sep 2024 10:39:54 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 3 KB	213ms 169ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&rl=&if=false&ts=1726483194040&sw=1600&sh=1200&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=12318&fbp=fb.1.1726483194037.420419752561630267&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1726483193959&coo=false&eid=1726483740900_172648350307210&tm=1&rqm=FGET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers attribution-reporting-register-trigger {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa90e50505ca4fe26","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:1521466687872304","7830:1521466687872304","10853:1521466687872304","41:1521466687872304","8046:1521466687872304"]},"debug_reporting":true,"debug_key":"1733349993572382759"} content-encoding zstd x-content-type-options nosniff content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; strict-transport-security max-age=15552000; preload document-policy force-load-at-top date Mon, 16 Sep 2024 10:39:54 GMT x-fb-server-load 35 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7415188856142191115", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=22, rtx=0, c=10, mss=1328, tbw=3101, tp=-1, tpl=-1, uplat=150, ullat=1 pragma no-cache x-fb-debug g0/uXBDTmDXS+fVvTCMc248IFAg18IezPfkQHmQewJG9eE3z4xj3bRQ8NqWHBF2eYEC5XGO9a3RVfH69mlK4UA== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7415188856142191115"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare elfcosmetics.a.bigcontent.io/v1/static/	5 KB 6 KB	146ms 25ms	Image image/png	2a02:26f0:480:21::217:d119 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:21::217:d119 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Unknown / Resource Hash 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-amz-version-id null date Mon, 16 Sep 2024 10:39:54 GMT server Unknown x-amz-server-side-encryption AES256 x-amp-srv A access-control-allow-methods POST, GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=1800, s-maxage=86400 accept-ranges bytes access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 5378
GET H2	200	icon-noun-gift-1165617 elfcosmetics.a.bigcontent.io/v1/static/	2 KB 1 KB	147ms 26ms	Image image/svg+xml	2a02:26f0:480:21::217:d119 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:21::217:d119 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Unknown / Resource Hash 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-amz-version-id null content-encoding gzip date Mon, 16 Sep 2024 10:39:54 GMT server Unknown x-amz-server-side-encryption AES256 vary Accept-Encoding access-control-allow-methods POST, GET, OPTIONS content-type image/svg+xml access-control-allow-origin * cache-control max-age=1800, s-maxage=86400 x-amp-srv A accept-ranges bytes access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 996
GET H2	200	icon-noun-jewel-243384 elfcosmetics.a.bigcontent.io/v1/static/	9 KB 3 KB	143ms 22ms	Image image/svg+xml	2a02:26f0:480:21::217:d119 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-jewel-243384?%24Desktop%24=&fmt=auto Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:21::217:d119 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Unknown / Resource Hash 8ab5f6c2c8b700330c1512dad8c18e7fab1c596de153afdb9621fe6ce9de9388 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-amz-version-id null content-encoding gzip date Mon, 16 Sep 2024 10:39:54 GMT server Unknown x-amz-server-side-encryption AES256 vary Accept-Encoding access-control-allow-methods POST, GET, OPTIONS content-type image/svg+xml access-control-allow-origin * cache-control max-age=1800, s-maxage=86400 x-amp-srv A accept-ranges bytes access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 3214
GET H2	200	elf-customer-quiz-icon elfcosmetics.a.bigcontent.io/v1/static/	3 KB 1 KB	149ms 28ms	Image image/svg+xml	2a02:26f0:480:21::217:d119 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://elfcosmetics.a.bigcontent.io/v1/static/elf-customer-quiz-icon?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/elf-customer-quiz-icon?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/elf-customer-quiz-icon?%24Desktop%24=&fmt=auto%203x Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:21::217:d119 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Unknown / Resource Hash 444a7c79f9643674d1cd3921674999c6b30e74b01441e4e931f1efa7d1775537 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-amz-version-id null content-encoding gzip date Mon, 16 Sep 2024 10:39:54 GMT server Unknown x-amz-server-side-encryption AES256 vary Accept-Encoding access-control-allow-methods POST, GET, OPTIONS content-type image/svg+xml access-control-allow-origin * cache-control max-age=1800, s-maxage=86400 x-amp-srv A accept-ranges bytes access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept content-length 1136
GET		d2408623-20aa-41fb-827a-c8a134e54825 https://www.elfcosmetics.com/ Frame	0 0
GET H2	204	pageview c.contentsquare.net/	0 320 B	158ms 44ms	Image text/plain	52.211.183.66 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://c.contentsquare.net/pageview?ex=&dt=380&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=de-DE&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dr=&dw=1600&dh=7632&ww=1600&wh=1200&sw=1600&sh=1200&uu=5e272782-c8b6-a832-d79b-da8d8c8b21fc&sn=1&hd=1726483194&v=15.14.2&pid=1926&pn=1&r=295081 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.183.66 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-183-66.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 content-disposition inline timing-allow-origin * access-control-allow-headers Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With expires Sun, 24 Oct 1982 23:00:00 GMT
GET H2	200	jsp Show response ut.rd.linksynergy.com/	148 B 405 B	94ms 37ms	Script text/plain	34.98.67.3 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 3.67.98.34.bc.googleusercontent.com Software / Resource Hash 41943aacac8132f06bd711976a73a0fc4cda2d23ea2ec1d939084b65f0322acc Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-samesite secure date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 google strict-transport-security max-age=31536000 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 148 content-type text/plain; charset=utf-8
GET H2	200	widget.css js.jebbit.com/companion/v1/	15 KB 16 KB	24ms 24ms	Stylesheet text/css	2600:9000:206f:3000:a:7914:b00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.jebbit.com/companion/v1/widget.css Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:206f:3000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-amz-version-id Dtf.9Q_1CbcuUz2YOVUdf.z9UL2wO11I date Mon, 16 Sep 2024 02:25:11 GMT via 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront) last-modified Tue, 09 Jul 2024 20:26:25 GMT server AmazonS3 x-amz-cf-pop FRA56-C1 age 29703 x-amz-server-side-encryption AES256 etag "de1b72e797664b9b2c2139e5ccb24844" x-cache Hit from cloudfront content-type text/css accept-ranges bytes content-length 15521 x-amz-cf-id jsULFRTOBQzhSX657eqRJEg7JpiX_QodhrfXjGYk98FsIo3Rty1kvg==
GET H2	200	launcher_configs Show response external-api.jebbit.com/moments/v2/	2 B 448 B	124ms 27ms	XHR application/json	18.192.237.33 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVsZi1jb3NtZXRpYy1jcmltaW5hbHM=&completedLightboxCampaigns=W10=&jebbitCookies= Requested by Host: js.jebbit.com URL: https://js.jebbit.com/companion/v1/widget.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.192.237.33 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-192-237-33.eu-central-1.compute.amazonaws.com Software / Resource Hash 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff surrogate-control no-store x-dns-prefetch-control off content-length 2 x-xss-protection 1; mode=block pragma no-cache etag W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w" x-download-options noopen vary Origin, Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin https://www.elfcosmetics.com cache-control no-store, no-cache, must-revalidate, proxy-revalidate access-control-allow-credentials true expires 0
GET H2	200	main.97c41ef3.js Show response s.pinimg.com/ct/lib/	82 KB 23 KB	21ms 20ms	Script application/javascript	2a04:4e42::84 FASTLY
General Check archive.org Show headers Download Go to Full URL https://s.pinimg.com/ct/lib/main.97c41ef3.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::84 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e2d60cdf4948bf1fcc89d3e1fb4875dbfe0cd45125eced25eb220b5fd72abe73 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT content-encoding br x-cdn fastly etag "e1539e83e14f862d3b381b23e74d63fa" x-amz-server-side-encryption AES256 access-control-max-age 86400 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * access-control-expose-headers X-CDN vary Accept-Encoding, Origin cache-control max-age=1209600 alt-svc h3=":443";ma=600 content-length 23701
GET H2	200	topics_api Show response psb.taboola.com/	65 B 284 B	61ms 20ms	Fetch text/html	151.101.193.44 FASTLY
General Check archive.org Show headers Download Go to Full URL https://psb.taboola.com/topics_api Requested by Host: cdn.taboola.com URL: https://cdn.taboola.com/libtrc/unip/1691051/tfa.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.44 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-cache-hits 0 date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 varnish server Varnish observe-browsing-topics ?1 x-timer S1726483194.309498,VS0,VE0 x-cache HIT content-type text/html; charset=utf-8 access-control-allow-origin * cache-control private, max-age=2592000 accept-ranges bytes content-length 65 retry-after 0 x-served-by cache-fra-etou8220070-FRA
GET H2	200	json Show response trc.taboola.com/1691051/trc/3/	2 KB 2 KB	49ms 40ms	Script application/javascript	151.101.129.44 FASTLY
General Check archive.org Show headers Download Go to Full URL https://trc.taboola.com/1691051/trc/3/json?tim=1726483194260&data=%7B%22id%22%3A655%2C%22ii%22%3A%22%2Felf-cosmetic-criminals%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1726483194254%2C%22cv%22%3A%2220240905-22-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Delfcosmetics-sccnx%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1726483194259%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22tos%22%3A4%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22it%22%3A%22JS_PIXEL%22%2C%22supv%22%3Atrue%7D%2C%22pa%22%3A%7B%22su%22%3Atrue%7D%2C%22psb%22%3Atrue%7D&pubit=i Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 8818312f676586150e4a412a97152c5e45666ab21b73e451d86e75590eea8cb6 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-vcl-time-ms 21 date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip via 1.1 varnish cpu 0.149 x-fastly-to-nlb-rtt 7646 x-cache MISS p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" x-service-version v1 x-served-by cache-fra-etou8220137-FRA x-log-content-encoding gzip server nginx x-timer S1726483194.281754,VS0,VE21 vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-allow-credentials true accept-ranges bytes x-cache-hits 0
GET H2	200	config Show response pixel-config.reddit.com/pixels/t2_16331p/	3 B 124 B	72ms 23ms	XHR application/json	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/t2_16331p/config Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip via 1.1 varnish content-type application/json access-control-allow-origin * cache-control max-age=14400 accept-ranges bytes content-length 27
GET H2	200	t2_16331p_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 699 B	65ms 28ms	XHR application/json	2a04:4e42:600::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} server snooserv vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/json access-control-allow-origin * cache-control max-age=300 accept-ranges bytes content-length 97
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	74ms 21ms	Image image/gif	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1726483194266&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=852bcb0e51c6db181b0c1b25a45429b0f29ad292aa43e8af1e701577590359fa&uuid=dc46c215-7f3f-4762-b2f3-4b9545ed07e4&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H2	200	main.MTcyYmY3Y2UyMQ.js Show response analytics.tiktok.com/i18n/pixel/static/	340 KB 95 KB	22ms 20ms	Script application/javascript	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMQ.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 864072a3229468b4abd5debaf97f3ed17b77f098513c523746cb825ee183e68f Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-akamai-request-id c24894fa date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static server nginx x-tt-logid 20240914171718D15C0E2CC57551EC82FD x-tt-trace-id 00-240914171718D15C0E2CC57551EC82FD-1B7A078E7B412E87-00 vary Accept-Encoding x-cache TCP_HIT from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000, immutable x-tt-trace-host 010c928ff4d4889ecd93b27311230b6bc679128015581d5f9b88c43767cf96ed24ed7ae8a68ee07fae5e57214d2dac43cbf60779b5d50da9d43574709f04737196f649c6334d058198bc40b2e87397a2f1ed5c7015410f98722af266c1b81a3bc6 server-timing cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4 content-length 96747
GET H3	200	ig.js Show response cdn8.eu.inside.chat/	124 KB 42 KB	40ms 40ms	Script text/javascript	2606:4700::6812:911 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn8.eu.inside.chat/ig.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:911 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9e7ec27ffa6415cdcf64d625027e70be21af31e687dbc5f922b750ed85087926 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=31536000; includeSubdomains content-encoding br cf-cache-status HIT cf-bgj minify server cloudflare age 584 cf-polished origSize=171336 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control public, max-age=3600 cf-ray 8c403c3c3f00bb7d-FRA alt-svc h3=":443"; ma=86400 expires Mon, 16 Sep 2024 11:39:54 GMT
GET H2	200	main.MTcyYmY3Y2UyMA.js Show response analytics.tiktok.com/i18n/pixel/static/	335 KB 93 KB	55ms 54ms	Script application/javascript	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 6eade210358ca6b41631cf5c309c6b1a3fa1c043133ef84d5fc6b173ac1c9928 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-akamai-request-id c2489509 date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static server nginx x-tt-logid 20240914171717AA1DB228466675B0BD3C x-tt-trace-id 00-240914171717AA1DB228466675B0BD3C-0160F8E787420051-00 vary Accept-Encoding x-cache TCP_HIT from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000, immutable x-tt-trace-host 0118916701ba7ec0347af5ca43e9c1c0a9c436c47be16511aafbe4b4e16a522ddffa3160c5746660c79d07cfc735ea798474518e27b0d07e92a4ab2c86e3b0c29c09374b15fa45be088aba194b4b252946ab7d1aacfaada50dab5e78a4a3ebf580 server-timing cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=17 content-length 95010
GET H2	200	local www.paypal.com/credit-presentment/experiments/ Frame EA78	0 0	85ms 25ms	Document text/html	192.229.221.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.11&integrationType=SDK Requested by Host: www.paypal.com URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.25 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CBF) / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers accept-ch sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 accept-ranges bytes access-control-expose-headers Server-Timing age 73826 cache-control s-maxage=86400, max-age=0 content-encoding gzip content-length 1525 content-security-policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com content-type text/html; charset=utf-8 date Mon, 16 Sep 2024 10:39:54 GMT dc ccg11-origin-www-1.paypal.com etag W/"1479-sUJwQm+KQrKigiFY2TR00Xg99Vs" last-modified Sun, 15 Sep 2024 14:09:28 GMT origin-trial AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ== paypal-debug-id 0699a7b247b61 permissions-policy ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com") server ECAcc (frc/4CBF) server-timing content-encoding;desc="", x-cdn;desc="edgecast" strict-transport-security max-age=63072000; includeSubDomains; preload timing-allow-origin * traceparent 00-00000000000000000000699a7b247b61-45614236e9490d76-01 vary Accept-Encoding x-cache HIT x-xss-protection 1; mode=block
GET H2	200	pptm.js Show response www.paypal.com/tagmanager/	14 KB 5 KB	27ms 26ms	Script application/x-javascript	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.458&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 0886dd75f8a22a64783461f7e2d37e273ef5670a0d36f23ed2513ee67f9a330e Security Headers Name Value Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-+pyu+r+txoreZ1ttCO8PAH2T0rJK76Uk474GYh9v0oEMhsPc' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-+pyu+r+txoreZ1ttCO8PAH2T0rJK76Uk474GYh9v0oEMhsPc' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com; content-encoding gzip x-content-type-options nosniff date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 varnish, 1.1 varnish strict-transport-security max-age=63072000; includeSubDomains; preload age 83339 x-cache HIT, MISS paypal-debug-id f71224238f7df server-timing content-encoding;desc="gzip",x-cdn;desc="fastly" dc ccg11-origin-www-1.paypal.com content-length 4792 x-xss-protection 1; mode=block x-served-by cache-fra-etou8220117-FRA, cache-fra-etou8220117-FRA accept-ch sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 traceparent 00-0000000000000000000f71224238f7df-e3348453a93575e2-01 x-timer S1726483194.345169,VS0,VE5 etag W/"36a7-Gbi4/OYn4GqdMcRmMPQrcN0k/PI" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/x-javascript; charset=utf-8 cache-control public, max-age=3600 origin-trial AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ== permissions-policy ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com") accept-ranges bytes x-cache-hits 5, 0
GET H2	200	5013978.js Show response bat.bing.com/p/action/	370 B 421 B	50ms 45ms	Script application/javascript	2620:1ec:33:2::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/5013978.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br date Mon, 16 Sep 2024 10:39:53 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 829680F4BFFF4BD5B518106C7CF81385 Ref B: LON212050703039 Ref C: 2024-09-16T10:39:54Z vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript; charset=utf-8 cache-control private,max-age=1800
OPTIONS H2	200	logger www.paypal.com/xoplatform/logger/api/ Frame	0 0	253ms 213ms	Preflight	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.elfcosmetics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers accept-ch sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 accept-ranges bytes access-control-allow-credentials true access-control-allow-headers content-type access-control-allow-methods POST access-control-allow-origin https://www.elfcosmetics.com cache-control max-age=0, no-cache, no-store, must-revalidate content-length 0 date Mon, 16 Sep 2024 10:39:54 GMT dc ccg11-origin-www-1.paypal.com origin-trial AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ== paypal-debug-id f9366453b268b permissions-policy ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com") server-timing content-encoding;desc="",x-cdn;desc="fastly" strict-transport-security max-age=63072000; includeSubDomains; preload traceparent 00-0000000000000000000f9366453b268b-5c13efc5901a3c20-01 via 1.1 varnish, 1.1 varnish x-cache MISS, MISS x-cache-hits 0, 0 x-content-type-options nosniff x-served-by cache-fra-etou8220114-FRA, cache-fra-etou8220114-FRA x-timer S1726483195.504408,VS0,VE194
POST H2	200	logger Show response www.paypal.com/xoplatform/logger/api/	977 B 837 B	198ms 196ms	XHR application/json	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 0f22e7ed08767d39d7bd58862c501edfe605424b6ee8a75826241e7a8a7693fc Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept application/json Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 content-type application/json Response headers date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 varnish, 1.1 varnish x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding br x-cache MISS, MISS paypal-debug-id f9366459a77b1 server-timing content-encoding;desc="br",x-cdn;desc="fastly" dc ccg11-origin-www-1.paypal.com x-served-by cache-fra-etou8220114-FRA, cache-fra-etou8220114-FRA accept-ch sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64 traceparent 00-0000000000000000000f9366459a77b1-a8cdf5ca47ed2c04-01 x-timer S1726483195.720254,VS0,VE176 etag W/"3d1-pISar4YCdfQRBqCWo6LnzkZioDs" vary Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin https://www.elfcosmetics.com cache-control max-age=0, no-cache, no-store, must-revalidate access-control-allow-credentials true origin-trial AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ== permissions-policy ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com") accept-ranges none x-cache-hits 0, 0
GET H2	200	PWA-UpdateSession Show response www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/	56 B 1 KB	566ms 565ms	XHR application/json	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6 Request headers c_x-pwa-request true Referer https://www.elfcosmetics.com/elf-cosmetic-criminals User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:55 GMT content-encoding gzip via 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront) cf-cache-status DYNAMIC x-amz-cf-pop FRA56-P7 age 0 x-yottaa-optimizations ob/1000 si/36D18cae0e61-1726252499-7857122716 tts/1726152729445 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 pragma no-cache content-type application/json cache-control no-cache, no-store, must-revalidate x-yottaa-os 200 x-proxy-request-url https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession x-yottaa-metrics 36218cae0e29/[543,541,-] 36D18cae0e61/[-,543.330] cf-ray 8c403c3d985e926b-FRA x-dw-request-base-id cD2rrvoK6GYBAAB_ x-amz-cf-id wxHL8oIFJNCoOtLmpB1yF-Ds6m1hTt9rnHTCQbZ1Rrmf6QH-XdvNZA== expires Thu, 01 Dec 1994 16:00:00 GMT
GET H2	204	dvar c.contentsquare.net/	0 319 B	45ms 44ms	Image text/plain	52.211.183.66 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://c.contentsquare.net/dvar?v=15.14.2&pid=1926&pn=1&sn=1&uu=5e272782-c8b6-a832-d79b-da8d8c8b21fc&dv=H4sIAAAAAAAAA0WMsQrCUAxFfyVkdnHtpq0VwVEKnUraBgnERF6DWor%2F7hOUjvdwzl1wt%2B%2Bqtjuq96RQukVyhQtPgQVWs9FNBmiFdYTD685J2AaecPPrVgbbHDSUhELc8vorZ3%2FCyYLt%2B1i6KvWesvRgqEUj53bF9wcxTAoRiQAAAA%3D%3D&ct=2&r=314329 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.183.66 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-183-66.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 content-disposition inline timing-allow-origin * access-control-allow-headers Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With expires Sun, 24 Oct 1982 23:00:00 GMT
GET H2	200	/ Show response ct.pinterest.com/user/	320 B 771 B	165ms 73ms	XHR application/json	2.19.224.184 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1726483194492&dep=2%2CPAGE_LOAD Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.19.224.184 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-19-224-184.deploy.static.akamaitechnologies.com Software / Resource Hash e8e9572f007fadd6e99822807a113a4917836c22152b04c4f515eb1c98d06084 Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip strict-transport-security max-age=31536000 ; includeSubDomains ; preload x-cdn akamai akamai-grn 0.39d53e17.1726483194.22658ab7 x-envoy-upstream-service-time 0 alt-svc h3=":443"; ma=600 content-length 186 x-pinterest-rid 8833314811991233 pin-unauth dWlkPVptWXdZVE5sTVRBdE5XWmxaaTAwWW1aaUxUZ3dOREl0WlRRMk1EWTBNVE0yTUdVMw pragma no-cache referrer-policy origin x-pinterest-rid-128bit 8cc2f92f4797e40c7a963d0545ef133f vary Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin https://www.elfcosmetics.com access-control-expose-headers Epik,Pin-Unauth cache-control no-cache,no-store,must-revalidate,max-age=0 access-control-allow-credentials true pinterest-version 04c72559290fb12af78741d63dcb884b64587706 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ Show response ct.pinterest.com/user/	320 B 747 B	177ms 86ms	XHR application/json	2.19.224.184 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221726483740900_172648350307210%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1726483194493&dep=5%2CEVENT_TAGS_ABSENT Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.19.224.184 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-19-224-184.deploy.static.akamaitechnologies.com Software / Resource Hash e8e9572f007fadd6e99822807a113a4917836c22152b04c4f515eb1c98d06084 Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip strict-transport-security max-age=31536000 ; includeSubDomains ; preload x-cdn akamai akamai-grn 0.39d53e17.1726483194.22658ab8 x-envoy-upstream-service-time 1 content-length 186 x-pinterest-rid 2472319813437167 pin-unauth dWlkPU5qQmxNR1F6WlRrdFl6RmpNeTAwWXpabExUbGlNekF0TlRoaE56azRNV1F4TURsaw pragma no-cache referrer-policy origin x-pinterest-rid-128bit 8489c447ec69a08a224f71c57b151974 vary Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin https://www.elfcosmetics.com access-control-expose-headers Epik,Pin-Unauth cache-control no-cache,no-store,must-revalidate,max-age=0 access-control-allow-credentials true pinterest-version 04c72559290fb12af78741d63dcb884b64587706 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	identify_7bf75739.js Show response analytics.tiktok.com/i18n/pixel/static/	146 KB 39 KB	21ms 21ms	Script application/javascript	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-akamai-request-id c2489dee date Mon, 16 Sep 2024 10:39:54 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static server nginx x-tt-logid 202408300225259566A772C0142480CD10 x-tt-trace-id 00-2408300225259566A772C0142480CD10-602315FD6571BF12-00 vary Accept-Encoding x-cache TCP_HIT from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000, immutable x-tt-trace-host 013c7db2a56d644dc8fd7f6e7ecd689b12a07851d62b1d7cbea7620bdccb515c6097130239d0d03cd7097d4e2c6d6c93d708d19d604bda57f5f1af32042e6c53070f89e179ae570644e5bbf2061d1e6fc869a20a793784dee2941056a3936597ab server-timing cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=10 content-length 39455
POST H2	200	performance_interaction analytics.tiktok.com/api/v2/	0 874 B	132ms 130ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/performance_interaction Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 8b910501.c2489e4d date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-24091610395457EDFD0B1F6C5777481D-5B66B36B76967A8C-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) x-parent-response-time 103,2.20.179.90 server-timing cdn-cache; desc=MISS, edge; dur=96, origin; dur=16, inner; dur=12 content-length 0 pragma no-cache server nginx x-tt-logid 2024091610395457EDFD0B1F6C5777481D x-cache-remote TCP_MISS from a23-32-16-78.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 16,23.32.16.78 x-tt-trace-host 013639f38019084264c9da60332244b87b22095f416550bab6a0583b02605ef6e06da93f5cfd01438436f5eba7d0ffe7b0fc8327d3db0fbebea8b3201e20ded4d3dc443a06650403818891d278a51bf19a09c51a36090fc2828a15962b5df0ffae05728c844c33adae76474256f1054c18 access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
POST H2	200	pixel analytics.tiktok.com/api/v2/	0 877 B	153ms 151ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 9dce56b4.c2489e56 date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240916103954ABDBDE0E29F331935CC1-2A1E9B1B6F684DE3-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) x-parent-response-time 126,2.20.179.90 server-timing cdn-cache; desc=MISS, edge; dur=92, origin; dur=38, inner; dur=32 content-length 0 pragma no-cache server nginx x-tt-logid 20240916103954ABDBDE0E29F331935CC1 x-cache-remote TCP_MISS from a23-218-222-74.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 38,23.218.222.74 x-tt-trace-host 013639f38019084264c9da60332244b87b22095f416550bab6a0583b02605ef6e033cfa735767b1d281586e1d2c0d6e2820d7df620cb4598cad6bf4a305af3d71c17f2d3dd7c194eb7c88cf1c8f0703c4a305b62608d521ac7b6d3eac638d9806b9a4feb4f0069ba9c081c42125dfcb8de access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
POST H2	200	pixel analytics.tiktok.com/api/v2/	0 874 B	178ms 176ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 21f53c85.c2489e57 date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2409161039542F017A777B67A170602F-24796271EAF54E63-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) x-parent-response-time 149,2.20.179.90 server-timing cdn-cache; desc=MISS, edge; dur=93, origin; dur=63, inner; dur=59 content-length 0 pragma no-cache server nginx x-tt-logid 202409161039542F017A777B67A170602F x-cache-remote TCP_MISS from a23-220-104-24.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 63,23.220.104.24 x-tt-trace-host 013639f38019084264c9da60332244b87b22095f416550bab6a0583b02605ef6e05f0db410c72f67881906cb9d09e67642fb105f327b48010a2ba48e59fd718a6720cc533e474592225f1faa15bd1fd6e073fa05ee50abd83b85d2bfdd6f58eb68c65b6da728bd5958df407ca493b3bfe6 access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
POST H2	200	pixel analytics.tiktok.com/api/v2/	0 875 B	138ms 137ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 9f6aaf30.c2489e58 date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-24091610395476F455EA73A71D8BFAFF-3966C9779B2F473A-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) x-parent-response-time 110,2.20.179.90 server-timing cdn-cache; desc=MISS, edge; dur=95, origin; dur=21, inner; dur=17 content-length 0 pragma no-cache server nginx x-tt-logid 2024091610395476F455EA73A71D8BFAFF x-cache-remote TCP_MISS from a23-32-16-73.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 21,23.32.16.73 x-tt-trace-host 013639f38019084264c9da60332244b87b22095f416550bab6a0583b02605ef6e04451db4b8e487bac014220c898ded06f01214ab765600032bf7b54a86de5d38a59b5d7d2cf46cb58b77816c3027ea0e0a8e4d0c9444689ed36625c92058d886f18e794d1b2395bf383df0d7e35187104 access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
GET H2	200	ts t.paypal.com/	42 B 598 B	246ms 176ms	Image image/gif	151.101.195.1 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1726483194527&g=-120&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.195.1 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers expires Mon, 16 Sep 2024 10:39:54 GMT date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 varnish strict-transport-security max-age=63072000; includeSubDomains; preload x-cache MISS p3p CP="CAO IND OUR SAM UNI STA COR COM" paypal-debug-id 6440a6e982ab2 server-timing "traceparent;desc="00-00000000000000000006440a6e982ab2-45f9b15d3094c0df-01"";content-encoding;desc="",x-cdn;desc="fastly" x-served-by cache-fra-etou8220122-FRA pragma no-cache correlation-id 6440a6e982ab2 traceparent 00-00000000000000000006440a6e982ab2-ee1b2d2925918cd1-01 x-timer S1726483195.608310,VS0,VE157 vary Accept-Encoding content-type image/gif access-control-expose-headers Server-Timing cache-control max-age=0, no-cache, no-store, must-revalidate accept-ranges bytes timing-allow-origin * x-cache-hits 0
GET H2	200	/ Show response ct.pinterest.com/v3/	35 B 546 B	80ms 80ms	Fetch image/gif	2.19.224.184 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2297c41ef3%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1726483194592 Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.19.224.184 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-19-224-184.deploy.static.akamaitechnologies.com Software / Resource Hash 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=31536000 ; includeSubDomains ; preload x-cdn akamai akamai-grn 0.39d53e17.1726483194.22658ab9 x-envoy-upstream-service-time 0 content-length 35 x-pinterest-rid 1472890406838663 pragma no-cache referrer-policy origin x-pinterest-rid-128bit 43561356eb8d9fe2cc6794368efdc118 content-type image/gif access-control-allow-origin https://www.elfcosmetics.com pinterest-version 04c72559290fb12af78741d63dcb884b64587706 cache-control no-cache,no-store,must-revalidate,max-age=0 access-control-allow-credentials true expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	204	0 bat.bing.com/action/	0 286 B	46ms 46ms	Image text/plain	2620:1ec:33:2::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=989811f9-f3fe-4078-b2e5-a5e4498ab04f&sid=02c00150741811efb101c7122d824548&vid=02c00f60741811ef8a4e17cae46f0e9f&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&r=&lt=6952&evt=pageLoad&sv=1&cdb=AQEX&rn=272485 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Mon, 16 Sep 2024 10:39:53 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 126F6E5205EC4EA9AD36F88DC2DC7220 Ref B: LON212050703039 Ref C: 2024-09-16T10:39:54Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	act analytics.tiktok.com/api/v2/pixel/	0 718 B	143ms 141ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel/act Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id c248a14f date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240916103954EBA4665BFC5B99756B55-6A9CCCD6EF649C64-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) server-timing inner; dur=24, cdn-cache; desc=MISS, edge; dur=5, origin; dur=115 content-length 0 pragma no-cache server nginx x-tt-logid 20240916103954EBA4665BFC5B99756B55 access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 115,2.20.179.90 x-tt-trace-host 013639f38019084264c9da60332244b87b7bd6646440ca0a68e17dcec9bb5ab343e339702545ed403302d101ba75b1aeea1348e5f52a6eaf16768cb213248cca174328d8e0c3f722c847bbc742196dd599925439d6712c960d862f7cc8d581b922 access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
POST H2	200	act analytics.tiktok.com/api/v2/pixel/	0 873 B	143ms 141ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel/act Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 62a749d3.c248a150 date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2409161039547AD6A90465756B7C3E7A-3B069D6A7EFE7874-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) x-parent-response-time 115,2.20.179.90 server-timing cdn-cache; desc=MISS, edge; dur=94, origin; dur=26, inner; dur=23 content-length 0 pragma no-cache server nginx x-tt-logid 202409161039547AD6A90465756B7C3E7A x-cache-remote TCP_MISS from a23-220-104-203.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 26,23.220.104.203 x-tt-trace-host 013639f38019084264c9da60332244b87b22095f416550bab6a0583b02605ef6e022273220e8ab5820d6f57d81b6dbac528cdef0d7d14fc5b70eac5fff7c2538d0ce8aeac2e86967f8fb77e186efec4310c6fa18fff051a9a786cea321fd86b1cd1e8c169d6fcf4da8034b232f4619e8e6 access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
GET H3	200	config Show response www8.eu.inside.chat/	230 B 688 B	101ms 66ms	XHR application/json	2606:4700::6812:811 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www8.eu.inside.chat/config?acc=IN-1011171&pid=&c1=OK&dev=1&url=https%3A%2F%2Fwww.elfcosmetics.com&sid=1&j=1 Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:811 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 20fd252eb9b34b256aba12f1b89d47ea910b8eaede7080554dd2e8a07061fa34 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=31536000; includeSubdomains content-encoding br cf-cache-status DYNAMIC last-modified Sat, 01 Jan 2000 00:00:00 GMT server cloudflare content-type application/json; charset=UTF-8 access-control-allow-origin https://www.elfcosmetics.com p3p CP="insert_p3p_privacy_policy_here" cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true cf-ray 8c403c3e8e7e3a6e-FRA alt-svc h3=":443"; ma=86400 expires Sat, 01 Jan 2000 00:00:00 GMT
POST H2	200	act analytics.tiktok.com/api/v2/pixel/	0 716 B	149ms 147ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel/act Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id c248a17b date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2409161039547DE95B5820295B79A2F4-45E20B0B16BE8085-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) server-timing inner; dur=29, cdn-cache; desc=MISS, edge; dur=6, origin; dur=121 content-length 0 pragma no-cache server nginx x-tt-logid 202409161039547DE95B5820295B79A2F4 access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 121,2.20.179.90 x-tt-trace-host 013639f38019084264c9da60332244b87b7bd6646440ca0a68e17dcec9bb5ab343f368c9f1416e0aac322faf9a3a0417fb60e57501eeb2959687db67856664e1b25ee8894336a7c7758214fa2a889bdcb7f5ccfa040bea89c217f96d69e8891f0b access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
POST H2	200	act analytics.tiktok.com/api/v2/pixel/	0 878 B	294ms 291ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel/act Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 54e967a.c248a17c date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-24091610395435CC536A48A96768A283-59F14CA173F32DCE-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) x-parent-response-time 267,2.20.179.90 server-timing cdn-cache; desc=MISS, edge; dur=94, origin; dur=177, inner; dur=154 content-length 0 pragma no-cache server nginx x-tt-logid 2024091610395435CC536A48A96768A283 x-cache-remote TCP_MISS from a23-218-222-68.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 177,23.218.222.68 x-tt-trace-host 013639f38019084264c9da60332244b87b22095f416550bab6a0583b02605ef6e00e24eda57a773bc7b45ac85db251526db77bc442b2ebd591c6c4829c1e25dfab7b5df08dd00bfe5c6e4d8e2198c94638c44b6b175f3c610aa7ace69cee96895556fc589d95493a5abfaa3adab5e85959 access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
POST H2	200	act analytics.tiktok.com/api/v2/pixel/	0 717 B	146ms 144ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel/act Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id c248a17d date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2409161039549F211426F6799F7A8ABD-348B47D05E420E61-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) server-timing inner; dur=28, cdn-cache; desc=MISS, edge; dur=8, origin; dur=118 content-length 0 pragma no-cache server nginx x-tt-logid 202409161039549F211426F6799F7A8ABD access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 119,2.20.179.90 x-tt-trace-host 013639f38019084264c9da60332244b87b7bd6646440ca0a68e17dcec9bb5ab3430a2c35f076b25c2f245a91c8df9d06bba40fa9229eaf16f3463a5b845729570be58fb4f323d2e4d96a45e94d403b1ed5da2724b4bea22cf5d07b79dd8bb01fe8 access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
GET H2	200	/ Show response ct.pinterest.com/v3/	35 B 793 B	71ms 70ms	Fetch image/gif	2.19.224.184 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221726483740900_172648350307210%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1726483194674&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPVptWXdZVE5sTVRBdE5XWmxaaTAwWW1aaUxUZ3dOREl0WlRRMk1EWTBNVE0yTUdVMw%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2297c41ef3%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.19.224.184 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-19-224-184.deploy.static.akamaitechnologies.com Software / Resource Hash 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=31536000 ; includeSubDomains ; preload x-cdn akamai akamai-grn 0.39d53e17.1726483194.22658b1b x-envoy-upstream-service-time 1 content-length 35 x-pinterest-rid 8565705059193796 pragma no-cache referrer-policy origin x-pinterest-rid-128bit a81422477ae5be0476df7f5e4803388c content-type image/gif access-control-allow-origin https://www.elfcosmetics.com pinterest-version 04c72559290fb12af78741d63dcb884b64587706 cache-control no-cache,no-store,must-revalidate,max-age=0 access-control-allow-credentials true expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	cnxtag-min.js Show response js.cnnx.link/roi/	2 KB 1 KB	100ms 20ms	Script text/javascript	2600:9000:20eb:ee00:11:85b0:d600:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.cnnx.link/roi/cnxtag-min.js?id=316282 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:ee00:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:33:39 GMT via 1.1 google, 1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront) content-encoding gzip x-amz-cf-pop FRA2-C1 age 375 vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript;charset=UTF-8 cache-control max-age=600 x-amz-cf-id LMqniX_KtzOF-djAGYTRSfKQNAB8Z609uG-lVYnd882-xyZJc3BRrQ==
POST H3	200	cf Show response www8.eu.inside.chat/page/	170 B 418 B	99ms 99ms	XHR application/json	2606:4700::6812:811 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www8.eu.inside.chat/page/cf?_=1726483194707.9038 Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:811 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 58d053960f5fffb3fb0fcf954ebb31ebfc52ccc5654cfcb33a0779c0c79543ac Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=31536000; includeSubdomains content-encoding br cf-cache-status DYNAMIC last-modified Sat, 01 Jan 2000 00:00:00 GMT server cloudflare vary Accept-Encoding content-type application/json access-control-allow-origin https://www.elfcosmetics.com cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate access-control-allow-credentials true cf-ray 8c403c3f5f503a6e-FRA alt-svc h3=":443"; ma=86400 expires Sat, 01 Jan 2000 00:00:00 GMT
POST H2	200	act analytics.tiktok.com/api/v2/pixel/	0 875 B	166ms 164ms	Ping text/plain	2.18.64.15 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel/act Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyYmY3Y2UyMA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.64.15 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-18-64-15.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 54e9c6f.c248a9a0 date Mon, 16 Sep 2024 10:39:54 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-24091610395479AC23744A239D704734-0EC12AAC6D97B178-00 x-cache TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) x-parent-response-time 112,2.20.179.90 server-timing cdn-cache; desc=MISS, edge; dur=94, origin; dur=25, inner; dur=23 content-length 0 pragma no-cache server nginx x-tt-logid 2024091610395479AC23744A239D704734 x-cache-remote TCP_MISS from a23-218-222-68.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 25,23.218.222.68 x-tt-trace-host 013639f38019084264c9da60332244b87b22095f416550bab6a0583b02605ef6e00e24eda57a773bc7b45ac85db251526de9222307e02b05bd91536a8b9dad0dc1b865258eaf4ff1bf73c8f719c14db26348ba376544cdd211b5387331b278b2d98ea85b4a38e86af532766060b3293624 access-control-allow-headers Authorization,* expires Mon, 16 Sep 2024 10:39:54 GMT
GET H3	200	frontend-framework.js.bundle Show response cdn8.eu.inside.chat//js/	204 KB 49 KB	47ms 47ms	Script text/javascript	2606:4700::6812:911 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn8.eu.inside.chat//js/frontend-framework.js.bundle?v=87cd0da-5 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:911 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c4dd77cdf5d90eff153432697a7e2b132a5a58cd2a5dc0e8d0919c3b7ea895c5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT strict-transport-security max-age=31536000; includeSubdomains content-encoding br cf-cache-status HIT cf-bgj minify server cloudflare age 2784 cf-polished origSize=313682 etag W/"7583524453e261d3b290023590e37b99" vary Accept-Encoding content-type text/javascript cache-control public, max-age=691200 cf-ray 8c403c3ffb87bb7d-FRA alt-svc h3=":443"; ma=86400 expires Tue, 24 Sep 2024 10:39:54 GMT
POST H2	200	exist Show response srm.ba.contentsquare.net/	2 B 94 B	165ms 53ms	Fetch application/json	54.75.96.168 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://srm.ba.contentsquare.net/exist?v=15.14.2&pid=1926&pn=1&sn=1&uu=5e272782-c8b6-a832-d79b-da8d8c8b21fc Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.75.96.168 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-75-96-168.eu-west-1.compute.amazonaws.com Software / Resource Hash 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers access-control-allow-origin * date Mon, 16 Sep 2024 10:39:55 GMT content-length 2 content-type application/json
GET H3	200	a www.googletagmanager.com/	0 11 B	28ms 28ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=42&u=AgAAAIAIAAAAAACI&ut=AgAI&h=Ag&z=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	muse.js Show response www.paypalobjects.com/muse/	55 KB 16 KB	86ms 20ms	Script application/javascript	192.229.221.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/muse/muse.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.25 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CA9) / Resource Hash 20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:55 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload x-cache HIT paypal-debug-id d4ba728daa351 dc ccg11-origin-www-1.paypal.com content-length 16355 last-modified Fri, 01 Sep 2023 21:10:59 GMT server ECAcc (frc/4CA9) traceparent 00-0000000000000000000d4ba728daa351-959fca45a20ba1ee-01 etag W/"64f25363-daa8" vary Accept-Encoding content-type application/javascript cache-control s-maxage=31536000, public,max-age=3600 accept-ranges bytes timing-allow-origin https://www.paypal.com,https://www.sandbox.paypal.com expires Mon, 16 Sep 2024 11:39:55 GMT
GET H3	200	negotiate Show response www8.eu.inside.chat/signalr/	391 B 549 B	71ms 49ms	XHR application/json	2606:4700::6812:811 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www8.eu.inside.chat/signalr/negotiate?clientProtocol=2.1&k=IN-1011171%3A7002033-b9f90a02f7370356b5403fd37d1a269bfd5fb18269c72afcac2d8c20ebb45ff0-5-5%3A29119407%3A1521&c=97b8931846329d17755b033ae70ae79e&nc=0&connectionData=%5B%7B%22name%22%3A%22insidesocialhub%22%7D%5D&_=1726483194499 Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:811 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 26cb5d89072ed5290fd0ede27d1478827aa423332cd85b8ece3c402b23928ec5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains X-Content-Type-Options nosniff Request headers Accept text/plain, */*; q=0.01 Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:55 GMT strict-transport-security max-age=31536000; includeSubdomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br server cloudflare content-type application/json; charset=UTF-8 access-control-allow-origin https://www.elfcosmetics.com cache-control no-cache access-control-allow-credentials true cf-ray 8c403c411f5bd2ef-FRA alt-svc h3=":443"; ma=86400 expires -1
GET H3	200	ig.css cdn8.eu.inside.chat//	12 KB 3 KB	36ms 35ms	Stylesheet text/css	2606:4700::6812:911 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn8.eu.inside.chat//ig.css?dev=1&_87cd0da-5 Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:911 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0620ac5a71e007dde5311ed35aaf25c74fb96e9093fa38b53d026b7026b2089a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:55 GMT strict-transport-security max-age=31536000; includeSubdomains content-encoding br cf-cache-status HIT cf-bgj minify server cloudflare age 1261 cf-polished origSize=12809 etag W/"a16715e934551b7e92ffecfeee0b3a81" vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=691200 cf-ray 8c403c40fccabb7d-FRA alt-svc h3=":443"; ma=86400 expires Tue, 24 Sep 2024 10:39:55 GMT
GET H2	200	runtime_c81e76ee00d795b1eebf8d27949f8dc5.br.js Show response assets.bounceexchange.com/assets/smart-tag/versioned/	908 B 1 KB	91ms 22ms	Script text/javascript	34.98.72.95 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_c81e76ee00d795b1eebf8d27949f8dc5.br.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 95.72.98.34.bc.googleusercontent.com Software UploadServer / Resource Hash 546e554a3c51ce180d022de9ff5506f14603b38d40ece9f2be43c88328358a52 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 20:50:45 GMT content-encoding br ad-auction-allowed true age 568150 x-guploader-uploadid AD-8ljtQDi6hYyAXeLrUPslF85gdHhuwQoG-3iJgWVIyJa4WrxVkH1M4BvsM67sIbyTQbd6KxNg x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding br alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 509 last-modified Mon, 09 Sep 2024 20:50:37 GMT server UploadServer etag "1c2c5753dfb57640a8ba54f111934b30" x-goog-generation 1725915037857422 x-goog-hash crc32c=zwy9lg==, md5=HCxXU9+1dkCoulTxEZNLMA== access-control-allow-origin * access-control-expose-headers etag, Content-Type cache-control public,max-age=31536000 x-goog-stored-content-length 509 accept-ranges bytes content-type text/javascript
GET H2	200	index.html www.paypalobjects.com/muse/analytics/ Frame 632E	0 0	24ms 24ms	Document text/html	192.229.221.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/muse/analytics/index.html Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.25 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CBF) / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control s-maxage=31536000, public,max-age=3600 content-encoding gzip content-length 16754 content-type text/html date Mon, 16 Sep 2024 10:39:55 GMT dc ccg11-origin-www-1.paypal.com etag "64f25363-dacc+gzip" expires Mon, 16 Sep 2024 11:39:55 GMT last-modified Fri, 01 Sep 2023 21:10:59 GMT paypal-debug-id 595aa036bcdf6 server ECAcc (frc/4CBF) strict-transport-security max-age=63072000; includeSubDomains; preload timing-allow-origin https://www.paypal.com,https://www.sandbox.paypal.com traceparent 00-0000000000000000000595aa036bcdf6-f31f9fd4a5cddafd-01 vary Accept-Encoding x-cache HIT x-content-type-options nosniff
GET H3	200	token_create.js Show response ct.pinterest.com/static/ct/	4 KB 2 KB	33ms 32ms	Script application/javascript	2.19.224.184 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ct.pinterest.com/static/ct/token_create.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_256_GCM Server 2.19.224.184 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-19-224-184.deploy.static.akamaitechnologies.com Software / Resource Hash 9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552 Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:55 GMT content-encoding gzip strict-transport-security max-age=31536000 ; includeSubDomains ; preload x-cdn akamai akamai-grn 0.04d53e17.1726483195.3579b3ff etag "16d5d552603d86726ae439fc61299d42" x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript cache-control max-age=7200 alt-svc h3=":443"; ma=600 content-length 2114 quic-version 0x00000001
GET H2	200	ct.html ct.pinterest.com/ Frame 0143	0 0	114ms 52ms	Document text/html	2.19.224.184 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ct.pinterest.com/ct.html Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.19.224.184 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-19-224-184.deploy.static.akamaitechnologies.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload Request headers Referer https://www.elfcosmetics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers akamai-grn 0.39d53e17.1726483195.22658df4 alt-svc h3=":443"; ma=600 cache-control max-age=86400 content-encoding gzip content-length 323 content-type text/html; charset=utf-8 date Mon, 16 Sep 2024 10:39:55 GMT pinterest-version 04c72559290fb12af78741d63dcb884b64587706 referrer-policy origin strict-transport-security max-age=31536000 ; includeSubDomains ; preload vary Accept-Encoding x-cdn akamai x-envoy-upstream-service-time 1 x-pinterest-rid 1305659646858253 x-pinterest-rid-128bit 60eef77952bbac6fb532594fb57b5ff0
GET H2	200	ts t.paypal.com/	42 B 306 B	190ms 190ms	Image image/gif	151.101.195.1 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1726483195141&g=-120&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&disableSetCookie=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.195.1 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers expires Mon, 16 Sep 2024 10:39:55 GMT date Mon, 16 Sep 2024 10:39:55 GMT via 1.1 varnish strict-transport-security max-age=63072000; includeSubDomains; preload x-cache MISS p3p CP="CAO IND OUR SAM UNI STA COR COM" paypal-debug-id 99ec3f28d59c9 server-timing "traceparent;desc="00-000000000000000000099ec3f28d59c9-f26589ced0b8cfbf-01"";content-encoding;desc="",x-cdn;desc="fastly" x-served-by cache-fra-etou8220122-FRA pragma no-cache correlation-id 99ec3f28d59c9 traceparent 00-000000000000000000099ec3f28d59c9-80d1f2073a6519f6-01 x-timer S1726483195.152688,VS0,VE171 vary Accept-Encoding content-type image/gif access-control-expose-headers Server-Timing cache-control max-age=0, no-cache, no-store, must-revalidate accept-ranges bytes timing-allow-origin * x-cache-hits 0
GET H2	200	main-v2_9d211eb186177a1005c747735de6140a.br.js Show response assets.bounceexchange.com/assets/smart-tag/versioned/	514 KB 112 KB	24ms 23ms	Script text/javascript	34.98.72.95 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_9d211eb186177a1005c747735de6140a.br.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 95.72.98.34.bc.googleusercontent.com Software UploadServer / Resource Hash 2aa7d34f035906f4d5039227e2d40c1d5d2863794f1e042a8a20e13a1b16dd30 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Fri, 13 Sep 2024 13:25:05 GMT content-encoding br ad-auction-allowed true age 249290 x-guploader-uploadid AD-8ljvmrniWFz53HQg23BI1t1BETAbXFFik4UIfZC_UKFP0VpfErrfSyFzs8xvCWNIJnzQELQuYGR-Apg x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding br alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 114633 last-modified Fri, 13 Sep 2024 13:24:58 GMT server UploadServer etag "86660a498dc1afb96826e43f2316a91e" x-goog-generation 1726233898916550 x-goog-hash crc32c=6nl7zg==, md5=hmYKSY3Br7loJuQ/IxapHg== access-control-allow-origin * access-control-expose-headers etag, Content-Type cache-control public,max-age=31536000 x-goog-stored-content-length 114633 accept-ranges bytes content-type text/javascript
GET H2	200	cjs_min_3a843477d8e318f67237a66d0a58c542.js Show response assets.bounceexchange.com/assets/smart-tag/versioned/	49 KB 16 KB	43ms 43ms	Script text/javascript	34.98.72.95 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_3a843477d8e318f67237a66d0a58c542.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 95.72.98.34.bc.googleusercontent.com Software UploadServer / Resource Hash 6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sat, 17 Aug 2024 12:31:36 GMT content-encoding gzip ad-auction-allowed true age 2585299 x-guploader-uploadid AHxI1nMBDyvf-sz1KiU2EN8fOlKUBt7pi0V395ttZyea23XhC9h2ZzfZrt66tC9C9hgNq2UUjAw x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15748 last-modified Mon, 22 Apr 2024 20:59:52 GMT server UploadServer etag "1eb885454ea6bef1c9747800702959de" x-goog-generation 1713819592631797 x-goog-hash crc32c=Joap5g==, md5=HriFRU6mvvHJdHgAcClZ3g== access-control-allow-origin * access-control-expose-headers etag, Content-Type cache-control public,max-age=31536000,no-transform x-goog-stored-content-length 15748 accept-ranges bytes content-type text/javascript; charset=utf-8
GET H3	200	start Show response www8.eu.inside.chat/signalr/	25 B 245 B	62ms 62ms	XHR application/json	2606:4700::6812:811 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www8.eu.inside.chat/signalr/start?transport=webSockets&clientProtocol=2.1&k=IN-1011171%3A7002033-b9f90a02f7370356b5403fd37d1a269bfd5fb18269c72afcac2d8c20ebb45ff0-5-5%3A29119407%3A1521&c=97b8931846329d17755b033ae70ae79e&nc=0&connectionToken=mUJM9m6pwSuzDC1%2FvS6QaUU4D2adkwu5gPrKYwN6dtq%2BLwDypJfvpSNmYRDrWCDakEBd4OYY584DnKa4XprTyW5XvDpxDkDIeAr2OsfTA1cP5RGO4LLxugPsdYMbnPwr&connectionData=%5B%7B%22name%22%3A%22insidesocialhub%22%7D%5D&_=1726483194500 Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:811 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains X-Content-Type-Options nosniff Request headers Accept text/plain, */*; q=0.01 Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Mon, 16 Sep 2024 10:39:55 GMT strict-transport-security max-age=31536000; includeSubdomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br server cloudflare content-type application/json; charset=UTF-8 access-control-allow-origin https://www.elfcosmetics.com cache-control no-cache access-control-allow-credentials true cf-ray 8c403c425b9cd2ef-FRA alt-svc h3=":443"; ma=86400 expires -1
GET H3	200	inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js Show response assets.bounceexchange.com/assets/smart-tag/versioned/	19 KB 5 KB	23ms 23ms	Script text/javascript	34.98.72.95 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 95.72.98.34.bc.googleusercontent.com Software UploadServer / Resource Hash 183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 12:42:22 GMT content-encoding br ad-auction-allowed true age 1720653 x-guploader-uploadid AHxI1nOxGYgOBwBsQ4a1LL2Kdx1xWjTfXXG0OAvh62arnKGKbWcB3RsAGbFEnEnCQDvMoqaLW0IJb6dq5g x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding br alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5475 last-modified Tue, 27 Aug 2024 12:42:08 GMT server UploadServer etag "0a2858f64e1bb28926cd4f2404ec0a43" x-goog-generation 1724762528130326 x-goog-hash crc32c=df/Fww==, md5=CihY9k4bsokmzU8kBOwKQw== access-control-allow-origin * access-control-expose-headers etag, Content-Type cache-control public,max-age=31536000 x-goog-stored-content-length 5475 accept-ranges bytes content-type text/javascript
GET H3	200	sms-v2_e39203556bab2366e56296ce42e974a7.br.js Show response assets.bounceexchange.com/assets/smart-tag/versioned/	3 KB 1 KB	25ms 24ms	Script text/javascript	34.98.72.95 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://assets.bounceexchange.com/assets/smart-tag/versioned/sms-v2_e39203556bab2366e56296ce42e974a7.br.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 95.72.98.34.bc.googleusercontent.com Software UploadServer / Resource Hash c9f83027cf2e267d24b2cfe366bc6664841765f0aaf362faf0156bccdce42355 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Sat, 24 Aug 2024 03:43:25 GMT content-encoding br ad-auction-allowed true age 2012190 x-guploader-uploadid AHxI1nNshvnqUYkij9mtX2caGWCtmjzPWKdH_HPU_N3ZEZVVHyjBQJBlfY1vYG5dfAjoWwABUr7xwpFcKw x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding br alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1303 last-modified Wed, 21 Aug 2024 15:38:42 GMT server UploadServer etag "684b816ff7fa85526ab4b729fb5f0c91" x-goog-generation 1713883053015461 x-goog-hash crc32c=ikqFlg==, md5=aEuBb/f6hVJqtLcp+18MkQ== access-control-allow-origin * access-control-expose-headers etag, Content-Type cache-control public,max-age=31536000 x-goog-stored-content-length 1303 accept-ranges bytes content-type text/javascript
GET H3	200	onsite-v2_abbdf7a49be9b52b097917b7b527b262.br.js Show response assets.bounceexchange.com/assets/smart-tag/versioned/	16 KB 5 KB	24ms 24ms	Script text/javascript	34.98.72.95 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_abbdf7a49be9b52b097917b7b527b262.br.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 95.72.98.34.bc.googleusercontent.com Software UploadServer / Resource Hash a8b68b46f44aac34f59d2926e8db6bdae4bc3b7fe3aad60948e97f428b087531 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Wed, 28 Aug 2024 15:38:45 GMT content-encoding br ad-auction-allowed true age 1623670 x-guploader-uploadid AHxI1nM4eJMswaKVjdixbtGu33Pt8_5_VI2i-7ZKGwrFGD3vyEqHV5SiJ9GTTwDnfEEPPlmaCZSmCInugg x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding br alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5039 last-modified Wed, 28 Aug 2024 15:38:30 GMT server UploadServer etag "13eb7a6c2a8c85bdca9cba840b00db2c" x-goog-generation 1724859510756984 x-goog-hash crc32c=YWhgXQ==, md5=E+t6bCqMhb3KnLqECwDbLA== access-control-allow-origin * access-control-expose-headers etag, Content-Type cache-control public,max-age=31536000 x-goog-stored-content-length 5039 accept-ranges bytes content-type text/javascript
GET H3	200	jquery-3.7.1.min.js Show response assets.bounceexchange.com/assets/bounce/	85 KB 30 KB	23ms 22ms	Script text/javascript	34.98.72.95 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://assets.bounceexchange.com/assets/bounce/jquery-3.7.1.min.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H3 Security QUIC, , AES_128_GCM Server 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 95.72.98.34.bc.googleusercontent.com Software UploadServer / Resource Hash fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 03 Sep 2024 12:53:47 GMT content-encoding br ad-auction-allowed true age 1115168 x-guploader-uploadid AD-8ljvr2NS-ioH-eMaG7upuIuEYIW10XYtpBlN6iMWoPG2jTwmz3OPzbgRKaytA6IBLhgOxQt1yXcI2Xg x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31011 last-modified Thu, 29 Aug 2024 19:52:43 GMT server UploadServer etag W/"2c872dbe60f4ba70fb85356113d8b35e" vary Accept-Encoding x-goog-generation 1724961163637413 x-goog-hash crc32c=fsBEgw==, md5=LIctvmD0unD7hTVhE9izXg== access-control-allow-origin * access-control-expose-headers etag, Content-Type cache-control public,max-age=31536000 x-goog-stored-content-length 87533 accept-ranges none content-type text/javascript; charset=UTF-8
GET H2	200	script-tag.js Show response cdn-scripts.signifyd.com/api/	10 KB 4 KB	109ms 22ms	Script application/javascript	108.138.26.78 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-scripts.signifyd.com/api/script-tag.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.26.78 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-26-78.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:29:23 GMT content-encoding gzip via 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront) last-modified Tue, 23 Apr 2024 14:51:40 GMT server AmazonS3 x-amz-cf-pop FRA56-P7 age 633 x-amz-server-side-encryption AES256 etag W/"73ca6f23f3e08738233832c7a7a0c30c" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1800 x-amz-cf-id 2jDkqSLTKnEET3TvRMQAjrJQi-MgoHMvrkTYv9vGZxYO-6yJAo6i4Q==
GET H2	200	company_toolkit.js Show response cdn-scripts.signifyd.com/api/	4 KB 2 KB	22ms 22ms	Script application/javascript	108.138.26.78 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn-scripts.signifyd.com/api/company_toolkit.js Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.26.78 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-26-78.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:22:06 GMT content-encoding gzip via 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront) last-modified Tue, 30 May 2023 10:18:44 GMT server AmazonS3 x-amz-cf-pop FRA56-P7 age 1069 x-amz-server-side-encryption AES256 etag W/"2c3950f122b3977df61b0e077aaa92c8" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1800 x-amz-cf-id _xUl8W_rS5KjGiSc94iRahyI9Xuc6MweSzxDshuLN6j9iZ1YYCzq5g==
GET H2	200	us.svg www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/	9 KB 0	0ms 0ms	Image image/svg+xml	140.174.14.97 YOTTAA-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.elfcosmetics.com/mobify/bundle/11899/static/img/flag-icons/us.svg Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 140.174.14.97 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US), Reverse DNS Software / Resource Hash b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22 Request headers Referer https://www.elfcosmetics.com/elf-cosmetic-criminals User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:54 GMT via 1.1 bc3ecf5f025b0be9b8c39c5dd2dace2e.cloudfront.net (CloudFront) content-encoding gzip x-amz-cf-pop FRA60-P6 age 2046548 x-yottaa-optimizations ob/1101 si/36D18cae0e61-1724347365-5356863540 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0 x-cache Hit from cloudfront x-amz-meta-deploy 840429 alt-svc h3=":443"; ma=86400 content-length 676 x-amz-meta-bundle 11899 x-yottaa-forcecache true content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31104000 x-yottaa-metrics 36218cae0e40/[2,-,1724436617523] 36D18cae0e61/[hit] x-amz-cf-id brXGXDEPWHs0n9oz7baIJvhnHS_E_4uKuHZ2FIQhQoruJHU-GDtsOg==
GET H2	451	458359.gif idsync.rlcdn.com/	0 98 B	107ms 31ms	Image text/plain	35.244.174.68 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://idsync.rlcdn.com/458359.gif?partner_uid=5882b2db-56bd-4b84-a787-559b6bcb7300 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:55 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
GET H/1.1	200 OK	1re8luhk2rsn6fij.js Show response imgs.signifyd.com/	96 KB 14 KB	155ms 30ms	Script text/javascript	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/1re8luhk2rsn6fij.js?e2g0p9ii7rfc0k5s=w2txo5aa&2h1e873tkfj9un9h=LzA2YzY2MmFkMjkyMzFjNjllMTkwZDZlMzUw Requested by Host: www.elfcosmetics.com URL: https://www.elfcosmetics.com/elf-cosmetic-criminals Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash 798d384cfe5b0bdad020ed797a82bfddb30648073135fd69a9ba6b83ed324013 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 10:39:55 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Content-Encoding gzip Transfer-Encoding chunked P3P CP=IVAa PSAa Connection Keep-Alive, Keep-Alive X-XSS-Protection 1; mode=block Pragma no-cache Server Apache Vary Accept-Encoding Content-Type text/javascript;charset=UTF-8 Cache-Control no-cache, no-store, must-revalidate X-Robots-Tag noindex, nofollow Keep-Alive timeout=2, max=100 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	b2B7rI-rw-U584vV Show response imgs.signifyd.com/ Frame 81DD	302 KB 51 KB	36ms 36ms	Script text/javascript	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/1re8luhk2rsn6fij.js?e2g0p9ii7rfc0k5s=w2txo5aa&2h1e873tkfj9un9h=LzA2YzY2MmFkMjkyMzFjNjllMTkwZDZlMzUw Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash 4c1a16efc81ef05bc40c4e5da0a6415ca7de997fc3d192fd7982a6171c02fcc9 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 10:39:55 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Content-Encoding gzip Transfer-Encoding chunked tmx-nonce a1726672a225442e Connection Keep-Alive, Keep-Alive X-XSS-Protection 1; mode=block Pragma no-cache Server Apache Vary Accept-Encoding Content-Type text/javascript;charset=UTF-8 Cache-Control no-cache, no-store, must-revalidate X-Robots-Tag noindex, nofollow Keep-Alive timeout=2, max=99 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	4CA3ZdY5BXML1RV1 imgs.signifyd.com/ Frame 81DD	81 B 475 B	73ms 24ms	Image image/png	91.235.133.113 THM
General Check archive.org Show headers Download Go to Show image Full URL https://imgs.signifyd.com/4CA3ZdY5BXML1RV1?efce5508972beced=Pe2lS1KnVo43RiUDGQkeQgMMN3FCLMGftMzXdWzgClCHYQ8ZdqD-jqg8n13bJwfdVH_CFzJYPpVYcnJjz2i7Sr7DTUKnVZCQHQ6dJZn-ZGaK97C1cID650t8Dj8mHfdKPjQAzhI8t40Ds6FpAKjFoV1BrhoB87JqN5LwC10 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Mon, 16 Sep 2024 10:39:55 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Server Apache Content-Type image/png Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Keep-Alive timeout=2, max=100 Content-Length 81 X-XSS-Protection 1; mode=block Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	k5l5mmI_8MkrS9Z0 imgs.signifyd.com/ Frame 81DD	81 B 475 B	76ms 26ms	Image image/png	91.235.133.113 THM
General Check archive.org Show headers Download Go to Show image Full URL https://imgs.signifyd.com/k5l5mmI_8MkrS9Z0?9b9531a530d0eda4=alcFKn59-xE7oAGB08_tVlCzkXYNfxLHNItuImk7TFEnu0ajTM33edB1_PZgBNYvYXp1Wk5rIM0aEuKL-hUpHWM5cdAe2iFlbTOYI8C6Px0K3yuQFutPWPmPSUs6lIZUP8pAWrMdxeIzzem8dsB4JjoRUI0yBH_sbmXGHqI Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Mon, 16 Sep 2024 10:39:55 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Server Apache Content-Type image/png Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Keep-Alive timeout=2, max=100 Content-Length 81 X-XSS-Protection 1; mode=block Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	204	unip Show response trc-events.taboola.com/1691051/log/3/	0 250 B	78ms 26ms	XHR text/plain	141.226.228.48 TABOOLA-AS
General Check archive.org Show headers Download Go to Full URL https://trc-events.taboola.com/1691051/log/3/unip?en=pre_d_eng_tb&tos=1656&scd=0&ssd=1&est=1726483194256&ver=36&isls=true&src=i&invt=1500&msa=6432&rv=1&tim=1726483195912&vi=1726483194254&ri=9eb85cc6a4a2b4503368afcd5518d8d9&ref=null&cv=20240905-22-RELEASE&item-url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&it=JS_PIXEL Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ Attribution-Reporting-Eligible trigger User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-origin https://www.elfcosmetics.com pragma no-cache date Mon, 16 Sep 2024 10:39:56 GMT cache-control no-cache access-control-allow-credentials true server nginx p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
GET H3	200	a www.googletagmanager.com/	0 11 B	27ms 27ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=43&u=AgAAAIAIAAAAAACI&ut=AgAI&h=Ag&z=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:55 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
OPTIONS H2	200	unip trc-events.taboola.com/1691051/log/3/ Frame	0 0	142ms 28ms	Preflight	141.226.228.48 TABOOLA-AS
General Check archive.org Show headers Download Go to Full URL https://trc-events.taboola.com/1691051/log/3/unip?en=pre_d_eng_tb&tos=1656&scd=0&ssd=1&est=1726483194256&ver=36&isls=true&src=i&invt=1500&msa=6432&rv=1&tim=1726483195912&vi=1726483194254&ri=9eb85cc6a4a2b4503368afcd5518d8d9&ref=null&cv=20240905-22-RELEASE&item-url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&it=JS_PIXEL Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL), Reverse DNS Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers attribution-reporting-eligible Access-Control-Request-Method GET Origin https://www.elfcosmetics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers attribution-reporting-eligible access-control-allow-origin https://www.elfcosmetics.com allow GET, HEAD, POST, TRACE, OPTIONS content-length 0 date Mon, 16 Sep 2024 10:39:56 GMT p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" server nginx
GET H/1.1	200 OK	clear.png Show response imgs.signifyd.com/fp/ Frame 81DD	81 B 536 B	74ms 24ms	XHR image/png	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/fp/clear.png Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept */*, w2txo5aa/a1726672a225442elza2yzy2mmfkmjkymzfjnjllmtkwzdzlmzuw Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 Last-Modified Mon, 16 Sep 2024 10:39:56 GMT Server Apache Etag ec1681d3f8f649329bf58ad9d1265f2e Content-Type image/png Access-Control-Allow-Origin https://www.elfcosmetics.com Cache-Control private, must-revalidate, max-age=0 Connection Keep-Alive Keep-Alive timeout=2, max=100 Content-Length 81 Expires Sat, 15 Sep 2029 10:39:56 GMT
GET H/1.1	200 OK	cmhW4mmy8S5lcRM- imgs.signifyd.com/ Frame 2410	0 0	81ms 27ms	Document text/html	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/cmhW4mmy8S5lcRM-?1d8b67dcba041213=Xn71WXeyiLD03fl6giTRFOWmQMNaO6ceZrthK4CIMU1ma5ndhVbXKuZl4qcowwZ6l8sOebFKIneruyB_7HTsNR9iJo14qJyf3l2zO_ib6B6ajDgbu1LLrv8o2CET9OVww7eIbSoH7vtOr29g2QgFyF9_or3BMEyyKnteAUxTlrmW7R3j2Ri0oxrXf2SQ6bpKZPKWJ0MBJu-07wp1LIY Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive, Keep-Alive Content-Encoding gzip Content-Type text/html;charset=UTF-8 Date Mon, 16 Sep 2024 10:39:56 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT Keep-Alive timeout=2, max=100 Pragma no-cache Server Apache Strict-Transport-Security max-age=31536000 Transfer-Encoding chunked Vary Accept-Encoding X-Content-Type-Options nosniff X-Robots-Tag noindex, nofollow X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	PLSQk1JlDnPxGlug Show response imgs.signifyd.com/ Frame 81DD	0 398 B	26ms 25ms	Script text/javascript	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/PLSQk1JlDnPxGlug?af75d6f7710f59b8=egbp4OvWuHy8qGfrF3y8YHDy9ltUUhTmA6gWbYJtnP0cxf5GnwUI0zhqSyTbsk_frSlkPjA1mh667WCSf5JAsD7QmCxc6UF6sdltrgiDhRi6cWlxEtYl9J_YHbtKye8mU_am0p0626mY9KT4EPQhH4WbyR8&jb=3b3c266e7b6b3535693e32396c3e6b383d3a643e69693f6a31663e343a653a3a6a3e633b3e3e61 Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Server Apache Content-Type text/javascript Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Keep-Alive timeout=2, max=99 Content-Length 0 X-XSS-Protection 1; mode=block Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	6Lhfa-0lwmv-63dY Show response imgs.signifyd.com/ Frame 81DD	134 B 654 B	27ms 25ms	Script text/javascript	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/6Lhfa-0lwmv-63dY?d70c0197591dfaf3=bZHyTVPwl1A31RjycqtqFGv15vvmz2EODpsLI3j1BSZ93MsbK_p6jJU9cz-ERp_ES-m0UBPwxSFNIKcPW1SVMwFLXT1voBs4yGLeiQLmZ0nB_xfKtrXoHGgjNp7Sm3hsvv5uhGW7I2BPLN5gYDjImg Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash 32bab26aef7e3237faf999bc78ef3486c5e62a998556e27bdd341fff8430be18 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Content-Encoding gzip Server Apache Vary Accept-Encoding Transfer-Encoding chunked Content-Type text/javascript;charset=UTF-8 Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive, Keep-Alive Keep-Alive timeout=2, max=99 X-XSS-Protection 1; mode=block Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	dUHftiLyZ2EEkgTY h.online-metrix.net/ Frame D2A9	0 0	136ms 27ms	Document text/html	91.235.132.130 THM
General Check archive.org Show headers Download Go to Full URL https://h.online-metrix.net/dUHftiLyZ2EEkgTY?1fa7efde708085bb=5vVZj36C5w3PikygvVlmisI8V79OJ-jCPpnLkf0s_eQDMuBF3p8iJnuw_z3SKyL6EbjbYSuhfr1BVXLpLCWzhdq8T3TtUpva_lXlOrGiARxvCSbiBAT30Kw4q7lMX4AyVahC8MkvwFmBXk5HtuxA-n7OFj2W5hnnaymsSxw8dIOC3CvJ3Qp0nEYFK_O7HdyYLrjSiqbsvl47X2ld6dFc Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.132.130 , United States, ASN30286 (THM, US), Reverse DNS h.online-metrix.net Software Apache / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive, Keep-Alive Content-Encoding gzip Content-Type text/html;charset=UTF-8 Date Mon, 16 Sep 2024 10:39:56 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT Keep-Alive timeout=2, max=100 Pragma no-cache Server Apache Strict-Transport-Security max-age=31536000 Transfer-Encoding chunked Vary Accept-Encoding X-Content-Type-Options nosniff X-Robots-Tag noindex, nofollow X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	D7wE_fmV2RN3V4ND imgs.signifyd.com/ Frame 1DAB	0 0	77ms 28ms	Document text/html	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/D7wE_fmV2RN3V4ND?d151d9a48104d77d=__TBPqwH8tSfpv0sTqX0PdHv6tG6dUKrp9GiGSU4Vxfl7RGyYARmfPqLJFYFDhAIYpJ-Hb8Zz5GRV-h8-fxjfUrMIAsInkqRXt5MyHdIQvWBGGjKtnqjQa1KlshVwf66KfXjQh403ghdH9aDs1pJpGsqBOKimA9jUNtUiVO73bWxAYq5TrZ5QXH5pQhb6R4sIV1giILNR1g9rpUm7R1O Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive, Keep-Alive Content-Encoding gzip Content-Type text/html;charset=UTF-8 Date Mon, 16 Sep 2024 10:39:56 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT Keep-Alive timeout=2, max=100 Pragma no-cache Server Apache Strict-Transport-Security max-age=31536000 Transfer-Encoding chunked Vary Accept-Encoding X-Content-Type-Options nosniff X-Robots-Tag noindex, nofollow X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	yi4-IHWFKyr-uEdh Show response h64.online-metrix.net/ Frame 81DD	0 399 B	827ms 172ms	Script text/javascript	192.225.158.1 THM
General Check archive.org Show headers Download Go to Full URL https://h64.online-metrix.net/yi4-IHWFKyr-uEdh?e33cf9a7bb51cebb=94q8D8cuQnE0F4bSZ7QEGFWMYBiTxS60ZowZfdwXVRfFhi7EOeUD05jbhYmdTuiw-tCWuDo1S2_sxRlU9HP_17j5UsfYVwg_UUvpAr7-IBF3gazBs0jkiKDc0lEpkEm1vcSAERY4jFY3hHFDFEknRiJj_O-t3Gmj Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 192.225.158.1 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Server Apache Content-Type text/javascript Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Keep-Alive timeout=2, max=100 Content-Length 0 X-XSS-Protection 1; mode=block Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	204 204	PLSQk1JlDnPxGlug Show response imgs.signifyd.com/ Frame 81DD	0 218 B	26ms 25ms	Script text/javascript	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/PLSQk1JlDnPxGlug?af75d6f7710f59b8=egbp4OvWuHy8qGfrF3y8YHDy9ltUUhTmA6gWbYJtnP0cxf5GnwUI0zhqSyTbsk_frSlkPjA1mh667WCSf5JAsD7QmCxc6UF6sdltrgiDhRi6cWlxEtYl9J_YHbtKye8mU_am0p0626mY9KT4EPQhH4WbyR8&ja=3a3a35352e2c6b3f3e382470353c3a2e6e37333c3a3a70393a303a246b6637393e3a307a393830322e79707b3539373d38723b393f3a246e7a78353924313c323a2c3b3a383a2c333e3a302e393838322439343a38263b3a383a2e3b3c3a38243932323726313f3f382631333f3a266f7c373a356e3d336e3b3b3e316d3c606c383a316a3e36686639383d6a386b66316b3e266f66373a247b6b66373a3e2c6460376a7e7e7a7b2d3b412f304c25384e7f7d772c6d666661677965677c616179266965652d38446f666c256b677367677e6969256b78696f6164616e7b2c786e353d247a60376f303838666c6b3f3d3d393939643e65686d303339316d68346331333a3b386c24626037333e3c39633c6c6e3d693d3039363b313d696a6f643a3b3b3132316c39663a6c24607b653744616477722c607b6a35436270656d6f2d3a3a3130302c6a71677f354e616677722e60796a7d3741627865656d2e6e62613731382e666e6d3f302c6e6f7c7a35322e7c786e354f7f7a677a672f384c4a6d7a6c636c2c6d6b7c60783d36383a336639693a606d6b32386d3c696b3d3c323a3238696c39353f363a316c6c3c3f383a393e31663e6f69633a3c6669313e6b6e6a6e3538393b3b3931366b246e7237607c7e70712d3941273a4c2d304e7f757d266f666e6b6571676f7e616b7b2e696d6725384e6d66662f6b65736f6d7e6161256b7063656364696479247a377a647d6f69645d6c6c6b7b602f35476e6b6c716d2b786e7d6f6b64577d63666c65757955676d6c616155726661736d7a2f35476e6b6c716d2b786e7d6f6b64576b6e676a6f5d6b6978676a69742f374f666b647b6f2172647f676b66557977616b697e61676f2d3d4f646b66796d29786c7f65636e557b606563697f6b76672d3f4d646964716f297a667d6f636c55786f6964786c6b7b6f722f3d4d6c616e7b6f2172647f6f6b665774666b557a64697367782f3f4d6e696c79672b70667d6f636e5d6c6f7663647c7a273d4d646b64796f297866776d6364577b7e67557463657d6d7a2f35476e6b6c716d2b786e7d6f6b6457606b7e692f374f6c6b647b6d266d6e5563377f6d68676e5f6f6245442f3a323926322f3a3a2247786f6c4d462f3a384d532f303a3224382d38304160786f6f617f652b5f6d604d442f38384f4651462f38384d5b2538323b2e3a2d3a3a284d786f6e45442f3a324d5b2738384d465b442f303a4f592d3a383124322f323a4b60786f6f617f6d2b5f6f6a49617c556f6a41637c2d38325d6f684f44494e4d4e4f5f63667b7e616c6b6f645d69787a63717b27394a2f38384d52565568666d666c5f676b646d6b702d3942273a3a455a5c556b6e61785d6967647e7a67662739482f3a384d585e5d696f66677a5562776e6c65705762696e6e576466676b7e2d3b4827383a4f505c57646f727e68556b646b6d722d3942273a3a4d5a5c576466676b7e576a6667646e2f3b4a2d323a475254556e7a6b675d6c6f7076602f3b402d3a324f505e557867667b6d656457676e6679677e5f6964696770273b482530384f5056577b6a6b6c6f78577c6f7a7e7f786d57646f6e2739422f3a384f5856577e657a7c7f7a67576b6d6778786f7b7b636d645568787c6b2539402f323a4d505e5f766d7274777a6f5761676572786d79796167645d786d7e6b2d3b422f303a45525c577e657a7c7f7267576c616e7c6d70556964637b677e70657a636b2d3b422f303a45525c577e657a7c7f7267576761707a6770556b666b6578557665556f6c6f6d2539402f323a4d505e5f715a4d42273b482d3038474759576f666d656f6c7e5563666c6d785577636e7e2d3b48253038454551576c6a6d577a67646c6f7857656372676b7a2d3b4a253832454559577b7e616c6c6b7266576e6d70617e637e617c6f7b2d39402f383a474d5b5f7e6772747f7a6d55666e676b74273b482d3038474759577e6f707c7f706f556c64676974556e636e6f697a2f33402d38304d4d5957766d70767f7a6f5560696664556c6667697c2539402f323a474d595f766d7274777a6f576a696464556e6665697c556e63646f697a2d3348273830454d5b5576677a7e657a576b7a7069715d656a606f6b7c2f31482f38385f4d424d4e5563656467785f607d6c66677a556e6e6769762f3b482f3a385d47484d46576b676d7a706f73796d6c557467707e75706d5569717c6b27394a2f38385f4f404d46556b676570786779736f6c577e657a7c7f7267576f7c612d3b402f3a3a5d4d4a4d4e55696565787a6579716f64557c6d7274777a6f5f677c6939273b4a2738385d4f4a4f465d696567787a6d7379676e5f7e6d707e75706d5573317c692d314a2d303a5f4f484f44556165677a7a6d7b736f6655746f707c7f7267577933766b557b706f6a27394a2f38385f4f404d46556c6d6a756d5d7865646c6d78657057636e64672f3b402d3a325d4d484d44576e67687f6d577b60616e6778732f3b4a2f32325f4f424544556c67787c6a557c6f727c7d78672f39482d3a38574f404d4c556c7a6b775d6a7f66646d787b273b4a2738385d4f4a4f465d6665796d576b6f64766f787e2d3b482530385d45404f46576f7d647663576e78697f2f31482f38385f4d424d4e55706564716d6f6c57676f666d3b3e246f645d6235323c6e3b693a3e6b323f396a3432676b64323c3e3361663c6b37603d693e32306a3a6b6c3f3f393e2c756d667c354166746f6e2f323a4166692e247f6d6c70354366766d642738384378617b2f303a457a6d664f4c2f303a45646f616465246f66685d60373d67313f673d3069336a383f3a6b3c393969313938633f363c386d3a64643f6f30633e323f676e6c&jb=39393424647b354f67726b66646b2f3a4e3f2c3a2f38382050313b2739422f3a3846696c7d72253038723034573e36232d383a49787a6e6f5d6f6a4361742f304c35393f263936273a3a2849405e454e2d3a412f3a3a6661636f27383a4d6d6b636f2327383049607a656d672d3846333a32263226382c3a2d383a5b696c6378632f3a4e3d333d2c3936 Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 Server Apache Connection Keep-Alive Keep-Alive timeout=2, max=98 Content-Type text/javascript;charset=UTF-8
GET H/1.1	200 OK	mV_v_zW4neH-_OHe w2txo5aa2ljoamupr2vzdmiskcjlygcyyezu3vlla1726672a225442eam1.e.aa.online-metrix.net/ Frame 81DD	81 B 438 B	136ms 25ms	Image image/png	91.235.134.131 THM
General Check archive.org Show headers Download Go to Show image Full URL https://w2txo5aa2ljoamupr2vzdmiskcjlygcyyezu3vlla1726672a225442eam1.e.aa.online-metrix.net/mV_v_zW4neH-_OHe?46db22560f2d4475=I7L7cvxa5BEMLp1gW4mcrW57pUKHhDuT2BVgUa1xrRx4s5nV00eToDiQqYOwOPOtEQSeQhBaIFoK2PJtbrkJujGtkzEL8HsWHvsHP9SCZOxt07IHMKcHY9HiwXWHmba4iGaO2ioOu6M3wyf90Yt-21ez2XBNPm2efZBi Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.134.131 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Server Apache Content-Type image/png Cache-Control no-cache, no-store, must-revalidate Connection close Content-Length 81 X-XSS-Protection 1; mode=block Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	204 204	Lht6hE-Czk4SAc1v Show response imgs.signifyd.com/ Frame 81DD	0 218 B	28ms 27ms	Script text/javascript	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/Lht6hE-Czk4SAc1v?4d2541015c8f08f7=z6SolZAPN9qphVksaD-A6fOXIiqgX9YQOhpflGv8PkLN-MVZqK34jK5nVNOHUivgMIPGMGcrK3-i3KtwhtetN3o3y-wgc_31ZJLrCNpw45lbSpbjVfrKFH7drsmy_9pOoyDemycwDZst1uWqTj9J4aocPAx6Tf3TLrpEvqK2C3qTkIhyznSW5U-uPPC68Botgr2Ia23JZlv3JsbhzlA&jac=1&je=303e2624656f6c6a3520312f3a493b2d3a49312f384969393137683a6e6569313e323667693264613a3e3a353d3f373b6b6c383e6d69316f386e3f306e38333368346e3a6d39623a6a3e64363f6e3b32383f34393e3e23 Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 Server Apache Connection Keep-Alive Keep-Alive timeout=2, max=98 Content-Type text/javascript;charset=UTF-8
GET H/1.1	204 204	9VKlMpv-XlTM8fK6 imgs.signifyd.com/ Frame 81DD	0 400 B	27ms 26ms	Image image/png	91.235.133.113 THM
General Check archive.org Show headers Download Go to Show image Full URL https://imgs.signifyd.com/9VKlMpv-XlTM8fK6?fdbf0361ee03038a=8ntldqoahjDNP-qAAc5PzugdqIHHPqSQ4CZGtOJpF0cmip5XcjMEJjf7nYSPUQWhCuqV1au7J5FTaH7-Wf1oEs2GJHDnHh2yzdAXXN4vYzYNg_I7ydinLu4gO39o5mDt0XIdUoxzVrD1LjB-XF5OlOcq21gjwER3U806j6-NT87U0NZ2cD9BmLQkePZ8uGGedzEMN12eGlrWkqUOsb4&jf=3c3b36247b636c5d7a6666377c6e78576b61525b3e7c4e4e7d4d487550307a4a2e796966576e61766d3739353a3e36323b3b333e2e796b6e557e71786d3d7d67683a6f6b6c7961247b63645d636f713f3b3837333b3a3b3b383c323d386b303e3c38696739643a3a383b303438323263303c3c3a6b6d316e38393a39383d32393e38383838343c6439633c6a6e6835616d69393b6d6b39636b6d616f6c3e6e386d333768396c6d3f6c3533603d383f3d693e353539393335386c3c606c3f313f38323a306d3f336833683b6a39343f3b3965686d6a6e65356d6f61363a383e34393e3b693d68396d303c676b3b6b3f3e6c6338313964393a6c333331393d3631396c30666d3a2479616e557b616d3f393a3e3d383a323b323a666f3f3c333630386f643b696f3f36693d343b3d683f31393b6469696b69383e363a3033343b306b6862646e3d6637313a6b303d38343c3b3c6b3b6d3a666c6b3a3a3a38343f366933693a6c3b3464313f336031396b3a313b32396d3e6b6a3a3d373f696c6b3d6c62333038616b383d6e3937306c64646d3d3f32396a643b6a3e3a3f302c71636c783538 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Server Apache Content-Type image/png;charset=UTF-8 Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive, Keep-Alive Keep-Alive timeout=2, max=97 X-XSS-Protection 1; mode=block Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H/1.1	200 OK	PLSQk1JlDnPxGlug Show response imgs.signifyd.com/ Frame 81DD	0 398 B	25ms 25ms	Script text/javascript	91.235.133.113 THM
General Check archive.org Show headers Download Go to Full URL https://imgs.signifyd.com/PLSQk1JlDnPxGlug?af75d6f7710f59b8=egbp4OvWuHy8qGfrF3y8YHDy9ltUUhTmA6gWbYJtnP0cxf5GnwUI0zhqSyTbsk_frSlkPjA1mh667WCSf5JAsD7QmCxc6UF6sdltrgiDhRi6cWlxEtYl9J_YHbtKye8mU_am0p0626mY9KT4EPQhH4WbyR8&jac=1&je=3e3b31242e7d616b35393538263b3d2638243339263b38263932322c392e3b30382c7767613732333f2439333c26303b3d243b3b392c75633c373a383831303368363a32393a313232393a33383b3938316e323a326e6c386e30356b696b2e78653d646d2c626b7c7b7e3d273f4825303a666d746d6427383a2f39493924323a2f384b2d3a3279766b747f7b2d3832273b4b25303a6960637a6f6b646f2f383a2d3d462c6b7f6c6035636b3568396f3e6d3c38336b6961613e6c3a633f6b33333a33393e3b3e34683f693b393f393c603e64326c6c3e3834383a333a6e6f3c64383b64696c323e3d312c677239376b393b633e673a35336d303b64323f3d66316e6e6a326c303a3d6933323c3c6b3a686f693b6b3b622c776b68372d3f4825303a6b726160637c676b7c77786d2f383a2d39432f38382d3a3a2538412f32386a617e6e677b7925303a2f3b432d3a302f3a382f3a4b2f3038687869666c732f30382539492d3f42273d4e25304b2f3a306e7d6e665e6f787b61656c4663797c2d3a322f314b253f4a2d3f44273a4925303a6767606164672f3a382f3b496c6366796f2d3a4b253830676f6e6d642f32302d3941273a382d303a2d30492d383878646b766c6578652d3a322f314b25383a2d3832273a4925303a7a64637c6e6d78655c6f7a7b636d642f383a2d3b412f303825383a2d3843273a38776d7f3c3c273a3a2739496c6b647b6f273d4e2c7d69643d2f354825383a6a78616c6c7925303a2f3b432d3d402f3d4e2f3a4b2f303867656a6164652f30382539496e6b6c716d2f32412d383a726469766c6778672d3a3827394b2f3a3a2d3238273d442c7b606e3d6d786f6e Requested by Host: imgs.signifyd.com URL: https://imgs.signifyd.com/b2B7rI-rw-U584vV?e99fde793b994cfe=W8yp0f2SIFkHYed1rgdtjeDa__d9ynL9oFGfhyIt3j67rShPStjTyvrkJhcqOf-X__4UzqHdKt4h6gWTSWcSL3tMOY3uzQPSTFR1aEMwa9EtlIXT4Hp8Iip_crM3S_ag_BVeQAfFnwITv_piQmKPliXH4SOdxja699y-DZoxR7PkCTXdpkLMaX6M37HC46by4GkWQp2eNO66siWV&jb=3d3a26246279677735446b647d722c627b653f4663647d702e6a79607f3d49607a656d672e607360354960706765672f3a3a3b3a30 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 91.235.133.113 , United States, ASN30286 (THM, US), Reverse DNS Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Pragma no-cache Date Mon, 16 Sep 2024 10:39:56 GMT Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Server Apache Content-Type text/javascript Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Keep-Alive timeout=2, max=96 Content-Length 0 X-XSS-Protection 1; mode=block Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H3	200	a www.googletagmanager.com/	0 11 B	28ms 28ms	Image text/html	2a00:1450:4001:827::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?id=GTM-WL3STMX&v=3&t=t&pid=1110980960&cv=164&rv=4990&tc=330&tag_exp=0&es=1&e=*&eid=44&u=AgAAAIAIAAAAAACI&ut=AgAI&h=Ag&z=0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 16 Sep 2024 10:39:56 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
POST H2	200	collect Show response sgtm.elfcosmetics.com/g/	65 B 213 B	368ms 367ms	XHR text/plain	34.49.124.132 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4990v9125640115z8896608294za200zb896608294&gcs=G100&gcd=13u3u3u2u5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=1759136562.1726483194&ecid=591900263&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE-BW&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=EA&sst.rnd=2070673177.1726483192&sst.etld=google.de&sst.gcsub=region1&sst.adr=1&sst.ude=0&sid=1726483193&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=4&tfd=12531&richsstsse Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 132.124.49.34.bc.googleusercontent.com Software Google Frontend / Resource Hash e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.elfcosmetics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 16 Sep 2024 10:39:59 GMT via 1.1 google x-content-type-options nosniff server Google Frontend content-type text/plain access-control-allow-origin https://www.elfcosmetics.com cache-control no-cache access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-accel-buffering no
GET H2	204	unip Show response trc-events.taboola.com/1691051/log/3/	0 249 B	29ms 28ms	XHR text/plain	141.226.228.48 TABOOLA-AS
General Check archive.org Show headers Download Go to Full URL https://trc-events.taboola.com/1691051/log/3/unip?en=pre_d_eng_tb&tos=4663&scd=0&ssd=1&est=1726483194256&ver=36&isls=true&src=i&invt=3000&msa=6432&rv=1&tim=1726483198919&vi=1726483194254&ri=9eb85cc6a4a2b4503368afcd5518d8d9&ref=null&cv=20240905-22-RELEASE&item-url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&it=JS_PIXEL Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.elfcosmetics.com/ Attribution-Reporting-Eligible trigger User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-origin https://www.elfcosmetics.com pragma no-cache date Mon, 16 Sep 2024 10:39:58 GMT cache-control no-cache access-control-allow-credentials true server nginx p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
OPTIONS H2	200	unip trc-events.taboola.com/1691051/log/3/ Frame	0 0	28ms 27ms	Preflight	141.226.228.48 TABOOLA-AS
General Check archive.org Show headers Download Go to Full URL https://trc-events.taboola.com/1691051/log/3/unip?en=pre_d_eng_tb&tos=4663&scd=0&ssd=1&est=1726483194256&ver=36&isls=true&src=i&invt=3000&msa=6432&rv=1&tim=1726483198919&vi=1726483194254&ri=9eb85cc6a4a2b4503368afcd5518d8d9&ref=null&cv=20240905-22-RELEASE&item-url=https%3A%2F%2Fwww.elfcosmetics.com%2Felf-cosmetic-criminals&it=JS_PIXEL Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL), Reverse DNS Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers attribution-reporting-eligible Access-Control-Request-Method GET Origin https://www.elfcosmetics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers attribution-reporting-eligible access-control-allow-origin https://www.elfcosmetics.com allow GET, HEAD, POST, TRACE, OPTIONS content-length 0 date Mon, 16 Sep 2024 10:39:58 GMT p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" server nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

cdn-fsly.yottaa.net

URL

https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/

Domain

pixel.pointmediatracker.com

URL

https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=4f337865-ab1c-4914-a60c-cc92490a274e&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=107336941

Domain

www.elfcosmetics.com

URL

blob:https://www.elfcosmetics.com/d2408623-20aa-41fb-827a-c8a134e54825