urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
140.174.14.99  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cosmeticscriminal.com/
Effective URL: https://www.elfcosmetics.com/cosmetic-criminals
Submission: On January 01 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 63 IPs in 4 countries across 47 domains to perform 199 HTTP transactions. The main IP is 140.174.14.99, located in Frankfurt am Main, Germany and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 139937.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.141.88.95 393259 (YOTTAA-AS-1)
1 16 140.174.14.99 393259 (YOTTAA-AS-1)
6 151.101.2.133 54113 (FASTLY)
3 35.190.10.96 15169 (GOOGLE)
13 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:231... 16509 (AMAZON-02)
2 173.231.16.77 18450 (WEBNX)
6 151.101.130.133 54113 (FASTLY)
1 2600:9000:244... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
6 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:215... 16509 (AMAZON-02)
1 3.33.220.150 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
6 13.32.110.90 16509 (AMAZON-02)
1 140.174.14.166 393259 (YOTTAA-AS-1)
2 184.31.94.141 16625 (AKAMAI-AS)
1 44.215.235.184 14618 (AMAZON-AES)
1 34.102.147.248 396982 (GOOGLE-CL...)
9 151.101.193.21 54113 (FASTLY)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
3 2600:9000:236... 16509 (AMAZON-02)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 142.250.186.34 15169 (GOOGLE)
1 54.230.112.243 16509 (AMAZON-02)
2 2a04:4e42:8d::84 54113 (FASTLY)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2a04:4e42:600... 54113 (FASTLY)
5 2.20.180.2 20940 (AKAMAI-ASN1)
2 2600:9000:244... 16509 (AMAZON-02)
12 52.17.48.134 16509 (AMAZON-02)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 143.204.9.20 16509 (AMAZON-02)
2 151.101.1.35 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
1 34.120.253.250 396982 (GOOGLE-CL...)
1 151.101.129.140 54113 (FASTLY)
1 54.93.85.9 16509 (AMAZON-02)
4 35.190.43.134 15169 (GOOGLE)
3 151.101.128.84 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
2 34.249.192.31 16509 (AMAZON-02)
1 34.98.67.3 396982 (GOOGLE-CL...)
3 192.229.221.25 15133 (EDGECAST)
1 2a03:2880:f17... 32934 (FACEBOOK)
1 184.86.251.219 20940 (AKAMAI-ASN1)
8 34.98.72.95 396982 (GOOGLE-CL...)
3 2a02:26f0:310... 20940 (AKAMAI-ASN1)
1 34.149.26.29 396982 (GOOGLE-CL...)
1 34.107.155.179 396982 (GOOGLE-CL...)
1 35.186.202.199 15169 (GOOGLE)
1 108.129.60.35 16509 (AMAZON-02)
6 18.165.183.67 16509 (AMAZON-02)
2 18.65.39.123 16509 (AMAZON-02)
12 91.235.133.113 30286 (THM)
2 91.235.132.130 30286 (THM)
1 91.235.134.131 30286 (THM)
1 2600:1901:0:5... 396982 (GOOGLE-CL...)
1 34.111.8.32 396982 (GOOGLE-CL...)
1 34.102.193.48 396982 (GOOGLE-CL...)
199 63
1    204.141.88.95 (United States)

ASN393259 (YOTTAA-AS-1, US)
cosmeticscriminal.com
16    140.174.14.99 (Frankfurt am Main, Germany)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
6    151.101.2.133 (United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
3    35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com
collector-pxxt4gy2ig.px-cloud.net
13    2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2600:9000:2315:e800:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
2    173.231.16.77 (United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org
api.ipify.org
6    151.101.130.133 (United States)

ASN54113 (FASTLY, US)
sdk.iad-05.braze.com
1    2600:9000:2440:8000:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
1    2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
6    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2600:9000:2156:5c00:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
1    3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org
2    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
5    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
6    13.32.110.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-90.vie50.r.cloudfront.net
async-px.dynamicyield.com
1    140.174.14.166 (Frankfurt am Main, Germany)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
2    184.31.94.141 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-94-141.deploy.static.akamaitechnologies.com
static.ordergroove.com
1    44.215.235.184 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-235-184.compute-1.amazonaws.com
px.dynamicyield.com
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
9    151.101.193.21 (United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    2a02:26f0:480:f::213:7ece (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com
3    2600:9000:236e:e00:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.usehero.com
4    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
www.googleadservices.com
1    54.230.112.243 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-112-243.mrs52.r.cloudfront.net
sc-static.net
2    2a04:4e42:8d::84 (United States)

ASN54113 (FASTLY, US)
s.pinimg.com
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
5    2.20.180.2 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-20-180-2.deploy.static.akamaitechnologies.com
analytics.tiktok.com
2    2600:9000:2440:8e00:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
12    52.17.48.134 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
api.usehero.com
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    143.204.9.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-9-20.mxp64.r.cloudfront.net
t.contentsquare.net
2    151.101.1.35 (United States)

ASN54113 (FASTLY, US)
t.paypal.com
5    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.ru
1    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
1    151.101.129.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
1    54.93.85.9 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-85-9.eu-central-1.compute.amazonaws.com
external-api.jebbit.com
4    35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com
tr.snapchat.com
tr6.snapchat.com
3    151.101.128.84 (United States)

ASN54113 (FASTLY, US)
ct.pinterest.com
2    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
analytics.google.com
2    34.249.192.31 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-192-31.eu-west-1.compute.amazonaws.com
c.contentsquare.net
1    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
3    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
1    2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    184.86.251.219 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-86-251-219.deploy.static.akamaitechnologies.com
analytics.pangle-ads.com
8    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
3    2a02:26f0:3100::210:6e29 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
elfcosmetics.a.bigcontent.io
1    34.149.26.29 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 29.26.149.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.107.155.179 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 179.155.107.34.bc.googleusercontent.com
page.cdnbasket.net
1    35.186.202.199 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 199.202.186.35.bc.googleusercontent.com
view.cdnbasket.net
1    108.129.60.35 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-129-60-35.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
6    18.165.183.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-67.zrh55.r.cloudfront.net
upload.usehero.com
2    18.65.39.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-39-123.ams1.r.cloudfront.net
cdn-scripts.signifyd.com
12    91.235.133.113 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
2    91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net
h.online-metrix.net
1    91.235.134.131 (United States)

ASN30286 (THM, US)
w2txo5aaquwpgc2q3wmzi742kwnwib3fyvb3vr4641f800e5619eeab4am1.e.aa.online-metrix.net
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
ids.cdnwidget.com
1    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
1    34.102.193.48 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 48.193.102.34.bc.googleusercontent.com
e.cdnwidget.com
Apex Domain
Subdomains		 Transfer
21 usehero.com
cdn.usehero.com — Cisco Umbrella Rank: 53942
api.usehero.com — Cisco Umbrella Rank: 46106
upload.usehero.com — Cisco Umbrella Rank: 88319
319 KB
16 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 139937
304 KB
14 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 10774
imgs.signifyd.com — Cisco Umbrella Rank: 8345
94 KB
13 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 625
323 KB
11 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3050
t.paypal.com — Cisco Umbrella Rank: 3583
238 KB
11 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 9310
st.dynamicyield.com — Cisco Umbrella Rank: 8286
async-px.dynamicyield.com — Cisco Umbrella Rank: 8253
px.dynamicyield.com — Cisco Umbrella Rank: 39125
228 KB
9 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 3848
api.bounceexchange.com — Cisco Umbrella Rank: 3755
162 KB
7 google.com
www.google.com — Cisco Umbrella Rank: 6
analytics.google.com — Cisco Umbrella Rank: 266
2 KB
7 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 25002 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 9663
1 MB
6 doubleclick.net
9231397.fls.doubleclick.net Failed
10742279.fls.doubleclick.net Failed
stats.g.doubleclick.net — Cisco Umbrella Rank: 184
googleads.g.doubleclick.net — Cisco Umbrella Rank: 68
6 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
21 KB
6 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3700
1 KB
5 google.ru
www.google.ru — Cisco Umbrella Rank: 5960
842 B
5 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 818
150 KB
4 snapchat.com
tr.snapchat.com — Cisco Umbrella Rank: 1096
tr6.snapchat.com — Cisco Umbrella Rank: 1403
710 B
4 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 4291
c.contentsquare.net — Cisco Umbrella Rank: 4768
srm.ba.contentsquare.net — Cisco Umbrella Rank: 22103
69 KB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 3974
w2txo5aaquwpgc2q3wmzi742kwnwib3fyvb3vr4641f800e5619eeab4am1.e.aa.online-metrix.net
16 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 6828
page.cdnbasket.net — Cisco Umbrella Rank: 6830
view.cdnbasket.net — Cisco Umbrella Rank: 6834
1014 B
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 158403
8 KB
3 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2512
33 KB
3 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 1083
1 KB
3 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 68342
external-api.jebbit.com — Cisco Umbrella Rank: 83668
60 KB
3 px-cloud.net
collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 271980
1 KB
2 cdnwidget.com
ids.cdnwidget.com — Cisco Umbrella Rank: 5618
e.cdnwidget.com — Cisco Umbrella Rank: 20333
335 B
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 692
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 240
91 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 1174
21 KB
2 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 32223
63 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2685
438 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
211 KB
1 pangle-ads.com
analytics.pangle-ads.com — Cisco Umbrella Rank: 2641
967 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 98
185 B
1 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 10004
405 B
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1988
637 B
1 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 5411
6 KB
1 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1770
9 KB
1 sc-static.net
sc-static.net — Cisco Umbrella Rank: 1399
18 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 173
2 KB
1 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 6735
12 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 8466
15 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 4002
408 B
1 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 1095
149 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 10791
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 950
322 B
1 cosmeticscriminal.com
cosmeticscriminal.com
325 B
0 rlcdn.com Failed
idsync.rlcdn.com Failed
0 pointmediatracker.com Failed
pixel.pointmediatracker.com Failed
199 47
Domain Requested by
16 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
13 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
12 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 api.usehero.com cdn.usehero.com
9 www.paypal.com www.elfcosmetics.com
www.paypal.com
www.paypalobjects.com
8 assets.bounceexchange.com www.elfcosmetics.com
6 upload.usehero.com cdn.usehero.com
6 async-px.dynamicyield.com cdn.dynamicyield.com
6 www.google-analytics.com www.elfcosmetics.com
www.google-analytics.com
6 sdk.iad-05.braze.com cdn-fsly.yottaa.net
6 cdn-fsly.yottaa.net www.elfcosmetics.com
5 www.google.ru
5 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
5 www.google.com 1 redirects www.elfcosmetics.com
4 googleads.g.doubleclick.net 1 redirects www.elfcosmetics.com
3 elfcosmetics.a.bigcontent.io
3 www.paypalobjects.com www.elfcosmetics.com
www.paypalobjects.com
3 ct.pinterest.com s.pinimg.com
www.elfcosmetics.com
3 tr.snapchat.com www.elfcosmetics.com
sc-static.net
3 cdn.usehero.com www.elfcosmetics.com
cdn.usehero.com
3 cdn.dynamicyield.com www.elfcosmetics.com
3 collector-pxxt4gy2ig.px-cloud.net www.elfcosmetics.com
2 h.online-metrix.net imgs.signifyd.com
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 c.contentsquare.net
2 analytics.google.com www.googletagmanager.com
2 t.paypal.com
2 bat.bing.com www.elfcosmetics.com
2 js.jebbit.com www.elfcosmetics.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 static.ordergroove.com www.elfcosmetics.com
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 api.ipify.org cdn-fsly.yottaa.net
2 www.googletagmanager.com www.elfcosmetics.com
1 e.cdnwidget.com
1 api.bounceexchange.com www.elfcosmetics.com
1 ids.cdnwidget.com assets.bounceexchange.com
1 w2txo5aaquwpgc2q3wmzi742kwnwib3fyvb3vr4641f800e5619eeab4am1.e.aa.online-metrix.net
1 srm.ba.contentsquare.net t.contentsquare.net
1 view.cdnbasket.net assets.bounceexchange.com
1 page.cdnbasket.net assets.bounceexchange.com
1 data.cdnbasket.net assets.bounceexchange.com
1 tr6.snapchat.com sc-static.net
1 analytics.pangle-ads.com analytics.tiktok.com
1 www.facebook.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 external-api.jebbit.com js.jebbit.com
1 alb.reddit.com
1 tag.wknd.ai www.elfcosmetics.com
1 t.contentsquare.net www.elfcosmetics.com
1 www.redditstatic.com www.elfcosmetics.com
1 sc-static.net www.elfcosmetics.com
1 www.googleadservices.com www.elfcosmetics.com
1 websdk.appsflyer.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 px.dynamicyield.com cdn.dynamicyield.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 www.google.de www.elfcosmetics.com
1 insight.adsrvr.org www.elfcosmetics.com
1 js.cnnx.link www.googletagmanager.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 st.dynamicyield.com www.elfcosmetics.com
1 cosmeticscriminal.com 1 redirects
0 idsync.rlcdn.com Failed
0 pixel.pointmediatracker.com Failed www.elfcosmetics.com
0 10742279.fls.doubleclick.net Failed www.googletagmanager.com
0 9231397.fls.doubleclick.net Failed www.googletagmanager.com
199 68
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA		 2023-08-15 -
2024-09-13		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M02		 2023-09-03 -
2024-10-01		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2023-02-07 -
2024-02-18		 a year crt.sh
*.iad-05.braze.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-07-27 -
2024-08-27		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2023-07-11 -
2024-08-07		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2023-08-04 -
2024-08-17		 a year crt.sh
tag.rmp.rakuten.com
GTS CA 1D4		 2023-12-02 -
2024-03-01		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-13 -
2024-08-20		 10 months crt.sh
*.appsflyer.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-27 -
2024-07-27		 a year crt.sh
*.usehero.com
Amazon RSA 2048 M02		 2023-08-28 -
2024-09-24		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
sc-static.net
Amazon RSA 2048 M03		 2023-12-21 -
2025-01-18		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-31 -
2024-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-10-11 -
2024-01-09		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-25 -
2024-02-21		 6 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M01		 2023-05-24 -
2024-06-21		 a year crt.sh
api.usehero.com
Amazon RSA 2048 M02		 2023-02-05 -
2024-03-05		 a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01		 2023-10-24 -
2024-04-21		 6 months crt.sh
t.contentsquare.net
Amazon RSA 2048 M01		 2023-09-13 -
2024-10-11		 a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-09-21 -
2024-10-21		 a year crt.sh
tag.wknd.ai
R3		 2023-11-20 -
2024-02-18		 3 months crt.sh
*.google.com.ru
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-09-01 -
2024-02-28		 6 months crt.sh
*.snap.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-13 -
2024-04-12		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
dep.ba.contentsquare.net
Amazon RSA 2048 M01		 2023-03-20 -
2024-04-17		 a year crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2023-02-13 -
2024-02-13		 a year crt.sh
*.pangle-ads.com
RapidSSL TLS ECC CA G1		 2023-08-10 -
2024-09-09		 a year crt.sh
assets.bounceexchange.com
GTS CA 1D4		 2023-11-20 -
2024-02-18		 3 months crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2023-03-14 -
2024-04-13		 a year crt.sh
data.cdnbasket.net
GTS CA 1D4		 2023-11-12 -
2024-02-10		 3 months crt.sh
page.cdnbasket.net
GTS CA 1D4		 2023-11-15 -
2024-02-13		 3 months crt.sh
view.cdnbasket.net
GTS CA 1D4		 2023-11-20 -
2024-02-18		 3 months crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-11-07 -
2024-12-06		 a year crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M01		 2023-07-03 -
2024-07-31		 a year crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
h.online-metrix.net
Trustwave Organization Validation SHA256 CA, Level 1		 2023-01-09 -
2024-01-23		 a year crt.sh
*.e.aa.online-metrix.net
Trustwave Organization Validation SHA256 CA, Level 1		 2023-06-14 -
2024-07-01		 a year crt.sh
ids.cdnwidget.com
R3		 2023-11-13 -
2024-02-11		 3 months crt.sh
*.wunderkind.co
R3		 2023-12-06 -
2024-03-05		 3 months crt.sh
e.cdnwidget.com
R3		 2023-11-06 -
2024-02-04		 3 months crt.sh

This page contains 14 frames:

Primary Page: https://www.elfcosmetics.com/cosmetic-criminals
Frame ID: 21C4665F943F0F06E08B6C4170366100
Requests: 152 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9214776528230;auiddc=2120577767.1704152547;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: B8E2D910DD1BCB08A60899082848C419
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7672830592695;auiddc=2120577767.1704152547;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals
Frame ID: 61A0EA2ECFFA99F49C824A1A068BF63E
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Frame ID: FA9920752D7B1B6BB1C5322F8229B6D0
Requests: 4 HTTP requests in this frame

Frame: https://cdn.usehero.com/plugin.5.46.0.js
Frame ID: 54E15DC47716AB9B53CE34F3E54F47AA
Requests: 12 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=501f2895-4df1-4a95-88b4-86aef580a3ff&u_sclid=e97c2a15-c7d7-4815-a236-19e145cd77e3
Frame ID: DED982BB654A59D2E68796AB612612D3
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 325606D7E4634D30E6350F740BEB5A03
Requests: 3 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: A1138938A15932D0F3D46B0F8B3B73A1
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 3AA0BA64410771AADA863E52E5679075
Requests: 1 HTTP requests in this frame

Frame: https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Frame ID: E61C105AD47C1D787434F61EABD1AC29
Requests: 3 HTTP requests in this frame

Frame: https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Frame ID: EA2793C4FC1CB3BFA29F2050F66F5E3D
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/DSfc8J29YoPsk_7E?abaa41ad3b3cda49=9AE6AsZojrpq_B-_3aOQX7sfvnoI-2AX5M01Cx-WRtQMSbfzg2VDh8Y4SrCZjoStKchOeKPQa6NuK5PeDO8yF1TjuIWclXfeO4h7f3Hc_gtyvL-Y8tWdW79wmJfgnplNdO6Zpfi_phkpuPBXGPYe4KS9I0of97GBekUkMTAnAmXqWt5XNwkMdJynfO-DKFuWlCpfQ04b4MXBFhjNYZI
Frame ID: 722CF5A57323E179B687C355A6BA3CC4
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/uqh9frqcwuCoIU4o?44e9e068c6c7d6f9=qMPuZjaFJYrNGbSrrssEFy5h54E19nsgeC5-CJsl50KOhS6gDR7Qe27LeJ63Y0D8R0U3vdq3DPDeN7u3074XSRMztHq_xltC55FlMAkzl3dwaJ4RT0joTsuhpaYRhdNaSvul6Cn-31RPV_te0r3criSDmRp1PSyXiO5EQ_kXlxVVudbKua6f0zObU-0QrWW-kY4iX5thg6uz3LNJwAzw
Frame ID: 8A21075CD35FA4465FD1E957AA2F29F5
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/-JA84ltNZyg169Mx?273ae7f69f101345=BweRgm_JDHVz2C4-og7Lw4gGVmOaTeqjVvz4yjO5Yur3Dt-spBkl3w2J3cXwQsm69chw7TKD_3uagE4HEwgNQeYUBGlROFgEDqMEuGr2Y3xCncJ8i0iauwZ-QML3LZtpyqhaMh8GZzEmA3RVsEWqZOi_ALlOhl_hu7Flmw-m89sXXapCy2fnl2pTBsIu2A4c55IfsXtfTEBpt5E8foDa
Frame ID: A1D3F31E06F37B2101307D5700D01EF8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Back ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://cosmeticscriminal.com/ HTTP 301
    https://www.elfcosmetics.com/cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

199
Requests

95 %
HTTPS

37 %
IPv6

47
Domains

68
Subdomains

63
IPs

4
Countries

3619 kB
Transfer

14259 kB
Size

62
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticscriminal.com/ HTTP 301
    https://www.elfcosmetics.com/cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=wgde4q3tPDWK0i5U1iM3ATTJGzq5LvQMDANf_Hk8GDc HTTP 303
  • https://www.elfcosmetics.com/callback?usid=2b369fc0-6b09-4eda-83d2-b82a058a72b0&code=tXtEctM7f0iPMLYUL2NJM-WSclpTD-dIPqj4VwsI4Bw
Request Chain 87
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1651539164&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=2120577767.1704152547&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&ocp_id=402TZa6UIr3D7_UP56eKkAQ&sscte=1&crd=&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmVD4Y9pUIvC5psezQLymKC6ZE2UdBSc2Fo&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TXdLSEdyUkFUV2pWeHV1SHBpaUtDcTJ5cjliZFM5RGtSYllrSVFnR2ZjZFBVGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpU29ENXphTTBqRzE5SUo2bkNzNy1NNG41TV9HeDVVNUN6R3lnRWhLSGtwd2tqamk0WllnbDQ5TkEiEwjukfb5rr2DAxW94bsIHeeTAkI HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1651539164&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=2120577767.1704152547&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TXdLSEdyUkFUV2pWeHV1SHBpaUtDcTJ5cjliZFM5RGtSYllrSVFnR2ZjZFBVGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpU29ENXphTTBqRzE5SUo2bkNzNy1NNG41TV9HeDVVNUN6R3lnRWhLSGtwd2tqamk0WllnbDQ5TkEiEwjukfb5rr2DAxW94bsIHeeTAkI&is_vtc=1&ocp_id=402TZa6UIr3D7_UP56eKkAQ&cid=CAQSGwAvHhf_pxaMRTb4wJZ903jg8lFR_V5fBZ2jZw&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmUm-11EDv5wxd8ly7kT5QlWh1K1eIS1lRU&random=1347757777 HTTP 302
  • https://www.google.ru/pagead/1p-conversion/698270988/?random=1651539164&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=2120577767.1704152547&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TXdLSEdyUkFUV2pWeHV1SHBpaUtDcTJ5cjliZFM5RGtSYllrSVFnR2ZjZFBVGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpU29ENXphTTBqRzE5SUo2bkNzNy1NNG41TV9HeDVVNUN6R3lnRWhLSGtwd2tqamk0WllnbDQ5TkEiEwjukfb5rr2DAxW94bsIHeeTAkI&is_vtc=1&ocp_id=402TZa6UIr3D7_UP56eKkAQ&cid=CAQSGwAvHhf_pxaMRTb4wJZ903jg8lFR_V5fBZ2jZw&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmUm-11EDv5wxd8ly7kT5QlWh1K1eIS1lRU&random=1347757777&ipr=y

199 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cosmetic-criminals
www.elfcosmetics.com/
Redirect Chain
  • https://cosmeticscriminal.com/
  • https://www.elfcosmetics.com/cosmetic-criminals
809 KB
215 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
9b7d9e67f37fc3ae2bcbc2bbe5f7c249cc1091ac00165cbc35a7b6ca3fdeaee5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
218913
content-type
text/html; charset=utf-8
date
Mon, 01 Jan 2024 23:42:25 GMT
etag
W/"ad63f-uFgaGNpOU4fjjmzPnM/3CLeeNDE"
vary
Accept-Encoding
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
x-amz-apigw-id
Q4kbEFNQCYcEhDg=
x-amz-cf-id
eH_kmx_7nVW2HBcuyOI8uPXwOoxp6VD6AMeCZQY2AblxgaSSXvpvdA==
x-amz-cf-pop
FRA56-P7
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
710207
x-amzn-remapped-date
Mon, 01 Jan 2024 23:42:25 GMT
x-amzn-requestid
c157e45d-99ee-4938-8bd9-4c3587335fcb
x-amzn-trace-id
Root=1-65934de0-21f6bf4b7b53be9d57da92cb;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
36218cae0e41/[1756,1718,-] 36D18cae0e63/[-,1796.599]
x-yottaa-optimizations
ob/1000000100001000 si/36D18cae0e63-1703880237-2982694824 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Mon, 01 Jan 2024 23:42:23 GMT
location
https://www.elfcosmetics.com/cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658dc47cd93140973bd48cc9 rid/658dc848d93140973bd496fa stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
26D1cc8d585f/[-,0.243]
x-yottaa-optimizations
ob/0 si/26D1cc8d585f-1703880238-5714972281 tts/1704152543382 ti/0 ai/658dc47cd93140973bd48cc9
init.js
www.elfcosmetics.com/XT4Gy2ig/ 		165 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
c0a4c27638ad58a050f6627ad6a25ccf5f92ed58dc768b32f4db7630c7e15946

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:25 GMT
content-encoding
gzip
etag
"294fa-HPgqA0xYIs+kDwU9CB3+Hdgs26Y"
active-cdn
Akamai
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-yottaa-metrics
36D18cae0e63/[-,8.667]
x-px-hash
NDg3NWIwMTJmMjM2MGFkMGE4NGE0OTkxMDJlZDVhZjcwMDI0NjdiZTBmOGIwNmEyMDRkYjllNzI0Y2QwODEzMQ==
x-yottaa-optimizations
ob/0 si/36D18cae0e63-1703880237-2982694827 tts/1704152545952 ti/0 ai/5a0c9b7632f01c35d42101b2
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/gif
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/ 		0
0
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		2 MB
619 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
7DhVfT1FfID7USGHRQIdkAPtGlAbpV1z
via
1.1 20340eb7909bfa098c771e4c93be880a.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:26 GMT
x-amz-cf-pop
LHR62-C3
age
2349603
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/3411a5fe3887-1690921777-1105583644 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Miss from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
633349
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230076-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704152546.002197,VS0,VE2
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3421a5fe3894/[940,855,-] 3411a5fe3887/[-,1341.400]
accept-ranges
bytes
x-amz-cf-id
zSQSSJjgsZfkn5dSovYi7NApT_4Bn2YTkgHSWcIeodTCmRzlXV8CdA==
x-cache-hits
1
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		2 MB
454 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
ee3xb.NTbr4bzXJ3SxfA7qqa0mkCetT8
via
1.1 c4ff0051ca0c026ecfda9d67a3f79e8a.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:26 GMT
x-amz-cf-pop
LHR62-C3
age
2349603
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/3411a5fe3873-1698160819-275618161 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Miss from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
464645
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230076-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704152546.002515,VS0,VE7
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3421a5fe3896/[886,822,-] 3411a5fe3873/[-,1169.911]
accept-ranges
bytes
x-amz-cf-id
n542JaN-VUIDKG1s4EnnR-WPZM9V7lEkW5OphkeYfjSAWk6H3DzrPg==
x-cache-hits
1
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
3Wq5BoaKPulOYkW6Fp3r6wFQLlG6RLjA
via
1.1 d45e064f8c3e1035d136019303749e0e.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:26 GMT
x-amz-cf-pop
DFW57-P1
age
1040088
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/3211a5fec6ec-1699966125-864528434 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
11125
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230076-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704152546.002765,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3221a5fec69c/[103,93,-] 3211a5fec6ec/[hit]
accept-ranges
bytes
x-amz-cf-id
s5hBPhvFX-Vd0WhOVKf-vdneybTeE5XHmEvMns86anHptC0f6cJ07w==
x-cache-hits
3
us.svg
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/flag-icons/us.svg?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 0babf5cf71b3ffbd2b1b3edc368c0afc.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:26 GMT
x-amz-cf-pop
ORD53-C3
age
1666086
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/2611cc028372-1700446747-1312811677 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230076-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704152546.002777,VS0,VE2
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
2621cc8d5883/[11,5,-] 2611cc028372/[-,14.634]
accept-ranges
bytes
x-amz-cf-id
O1v_abstrG1OLPiZysDMSzFVzBR6LxtZQD1czvbIrZaFwxhnLKY_ew==
x-cache-hits
1
download-on-the-app-store-badge.png
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/download-on-the-app-store-badge.png?yocs=1u_1y_1A_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f114a64c26edb67def4dd84a00694f76e0573aedddb68428c52c6ea8b00de4c3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
Akq7KTd_WVm0_2HVhDA1m.JC63cBf7G7
via
1.1 812f46bf61001f0b27e402ec485db73c.cloudfront.net (CloudFront), 1.1 varnish
date
Mon, 01 Jan 2024 23:42:26 GMT
x-amz-cf-pop
ORD53-C3
age
1025364
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/10000000000100 si/2611cc8d5868-1700446742-1487526394 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
3724
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230076-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704152546.002503,VS0,VE1
content-type
image/webp
cache-control
public, max-age=31104000
x-yottaa-metrics
2621cc028334/[4,-,1703126220285] 2611cc8d5868/[-,7.166]
accept-ranges
bytes
x-amz-cf-id
VVM4RiPtfuHkcKxHjLLm6_y6mrprOygq1sAc3DmwJxnEXCaB1gYF7A==
x-cache-hits
1
google-play-badge.png
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/static/img/global/google-play-badge.png?yocs=1u_1y_1A_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e8f118daabadc747ba3e2236a27edce749bb73dde4f16c6c6acc5cce36009a36

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
XXBoQCUlKEOsesGOGsNaSVfpZce.5TGs
via
1.1 39a169e5169cc741a7c793f95d144134.cloudfront.net (CloudFront), 1.1 varnish
date
Mon, 01 Jan 2024 23:42:26 GMT
x-amz-cf-pop
PHL50-C1
age
1412007
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/10000000000100 si/23114047a14c-1695931013-2245064134 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
3318
x-amz-meta-bundle
10314
x-served-by
cache-fra-eddf8230076-FRA
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704152546.002750,VS0,VE2
content-type
image/webp
cache-control
public, max-age=31104000
x-yottaa-metrics
23214047a112/[5,-,1702739280047] 23114047a14c/[-,9.710]
accept-ranges
bytes
x-amz-cf-id
22hJBqa2fakE_ygDr9tdiGYN2VdCcz0ODECsaZA3y4ZKddg8qdRnHg==
x-cache-hits
1
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		540 B
787 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
748685db7fb6cde494ee41167f555c919bab0d1fa3fd24032ee446a42f653eea

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jan 2024 23:42:26 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
540
OtAutoBlock.js
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		1 MB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/OtAutoBlock.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
18665
content-md5
3CHjrTrl4YSKzn90GsMA3A==
content-length
154812
x-ms-lease-status
unlocked
last-modified
Mon, 30 Oct 2023 13:08:00 GMT
server
cloudflare
etag
0x8DBD9493E0E92B7
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f8fafcb2-f01e-003b-4c0e-177c27000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e681b5f4db3-FRA
expires
Tue, 02 Jan 2024 23:42:26 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5rel+BW+cbOCNkEJ4C4NBQ==
age
76187
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6841
x-ms-lease-status
unlocked
last-modified
Thu, 21 Dec 2023 21:19:55 GMT
server
cloudflare
etag
0x8DC026A943751A5
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d530a67f-201e-0007-3283-3455e0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e681b5e4db3-FRA
gtm.js
www.googletagmanager.com/ 		428 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7d5980bf260a05234a968e378f8da7401700be4f17a98cae2fb8f5300a19cd72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
123464
x-xss-protection
0
last-modified
Mon, 01 Jan 2024 21:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 01 Jan 2024 23:42:26 GMT
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		378 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:e800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
30ca5a7ae3f12eb7d187d400d8c23903395c7e9c3fa7f85cb742785af28f2c81

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:26 GMT
content-encoding
gzip
via
1.1 7dc1e6ca5d933ea10694c61d8475b502.cloudfront.net (CloudFront)
last-modified
Thu, 28 Dec 2023 20:49:56 GMT
server
DYCDN
age
24
x-amz-cf-pop
DUS51-P2
x-amz-server-side-encryption
AES256
etag
W/"b89b7a9d333258d9640358edad54dc22"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
CbnyFVDUMmEyyBeDKD3ypdk1CN4ZM7vtYo5wJUUqWw_8AUn7GVcA-w==
api_static.js
cdn.dynamicyield.com/api/8772046/ 		385 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:e800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
2c8574ba42424a1dcf02c58fda5e3482e2262e0b0dddd09e5935bd94e5eba03e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 07:09:09 GMT
content-encoding
gzip
via
1.1 7dc1e6ca5d933ea10694c61d8475b502.cloudfront.net (CloudFront)
last-modified
Thu, 28 Dec 2023 20:49:57 GMT
server
DYCDN
age
61146
x-amz-cf-pop
DUS51-P2
x-amz-server-side-encryption
AES256
etag
W/"81d82ff6d3b7239a1cfc7723116ee4aa"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
aZQFNFYBnXHsYEyLN08bEccUdlWwcX6uoG3H5yEE6CfHudPI4cxxnA==
/
api.ipify.org/ 		19 B
219 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.231.16.77 , United States, ASN18450 (WEBNX, US),
Reverse DNS
api.ipify.org
Software
nginx/1.25.1 /
Resource Hash
ef8f4b683ebee11444235f7d6c4a5022757f2f83b82cbad144928120bec02ef8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 01 Jan 2024 23:42:26 GMT
Server
nginx/1.25.1
Connection
keep-alive
Content-Length
19
Vary
Origin
Content-Type
application/json
/
api.ipify.org/ 		19 B
219 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.231.16.77 , United States, ASN18450 (WEBNX, US),
Reverse DNS
api.ipify.org
Software
nginx/1.25.1 /
Resource Hash
ef8f4b683ebee11444235f7d6c4a5022757f2f83b82cbad144928120bec02ef8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 01 Jan 2024 23:42:26 GMT
Server
nginx/1.25.1
Connection
keep-alive
Content-Length
19
Vary
Origin
Content-Type
application/json
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=2b369fc0-6b09-4eda-83d2-b82a058a72b0&code=tXtEctM7f0iPMLYUL2NJM-WSclpTD-dIPqj4VwsI4Bw
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=2b369fc0-6b09-4eda-83d2-b82a058a72b0&code=tXtEctM7f0iPMLYUL2NJM-WSclpTD-dIPqj4VwsI4Bw
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 93efd892a8e99dc59164afbee331cd56.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
FRA56-P7
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
24455521-7bba-4276-962a-929d831d19d5
x-yottaa-optimizations
ob/1000 si/36D18cae0e63-1703880237-2982694830 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
Q4kbjFb9iYcEgfg=
content-length
0
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-65934de3-1e81755a5deefc7e6044927f;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
36218cae0e45/[478,476,-] 36D18cae0e63/[-,479.378]
x-amzn-remapped-date
Mon, 01 Jan 2024 23:42:27 GMT
x-amz-cf-id
uBO9W8GfXmf4MldWO-eKBd-pL2BiWTr3T9ZMxMI1g6StsSIEKpgtFw==

Redirect headers

date
Mon, 01 Jan 2024 23:42:26 GMT
x-correlation-id
83ee9e68ea719273
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-P7
age
0
x-yottaa-optimizations
ob/0 si/36D18cae0e63-1703880237-2982694829 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23261, 1972115
x-ratelimit-1m-reset
33231, 33230
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=2b369fc0-6b09-4eda-83d2-b82a058a72b0&code=tXtEctM7f0iPMLYUL2NJM-WSclpTD-dIPqj4VwsI4Bw
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=wgde4q3tPDWK0i5U1iM3ATTJGzq5LvQMDANf_Hk8GDc
x-yottaa-metrics
36218cae0e44/[163,162,-] 36D18cae0e63/[-,165.004]
cf-ray
83ee9e68ea719273-FRA
x-amz-cf-id
UeYfsHVPekDfG7J4Ycrgh06q4Z7P4IHWgVUC57U_WlryPdp0gLJKhg==
/
sdk.iad-05.braze.com/api/v3/data/ 		323 B
454 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest

Response headers

date
Mon, 01 Jan 2024 23:42:26 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
27bab154-2543-432a-bf3f-a592f092c17f
x-served-by
cache-fra-eddf8230130-FRA
x-runtime
0.023447
etag
W/"1a09824b6d7bbd0f5e82a23d14da408a"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-fra-eddf8230130-FRA
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
51267
content-md5
4swZDWVp4C0QChiGUbrcTg==
content-length
1746
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:04 GMT
server
cloudflare
etag
0x8DBE5260423F079
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
47594d34-001e-002f-61c0-213448000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e692d4671b8-FRA
expires
Tue, 02 Jan 2024 23:42:26 GMT
st
st.dynamicyield.com/ 		114 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=nas741rjh0meir8beovfcq8ndnc1fxbn&ref=&scriptVersion=1.213.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-US%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2440:8000:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
43bdd0f2761bb3d6fd105e1d160455b0b1fd80bfe459092250c59bf9d40dc603

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
via
1.1 131833a268da05f8888d9c0861591892.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P3
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
uOX5ruYZ0uU4TCm71RXc6SrKn62eQjPfPd_pQB5bbYQooBr1fku3zw==
expires
Mon, 01 Jan 2024 23:42:26 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		76 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
751e95dfdb17c61920e29decb3f17a1d2b9e38e71b7f1f86261459239427a2e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
83ee9e6a5c1a1c28-FRA
access-control-allow-headers
Content-Type
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 01 Jan 2024 21:48:17 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6850
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 01 Jan 2024 23:48:17 GMT
activityi;src=9231397;type=retarget;cat=globa0;ord=9214776528230;auiddc=2120577767.1704152547;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1...
9231397.fls.doubleclick.net/ Frame B8E2 		0
0
activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7672830592695;auiddc=2120577767.1704152547;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0...
10742279.fls.doubleclick.net/ Frame 61A0 		0
0
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5c00:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:37:51 GMT
via
1.1 google, 1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA50-C1
age
275
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
la_AZNoKbeDBdnMwiovQNsAsFhbrcJRLUo86jp7xdwUVHPmTkB1P6g==
/
insight.adsrvr.org/track/pxl/ 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
server
Kestrel
content-length
70
content-type
image/gif
kpi
pixel.pointmediatracker.com/ 		0
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		756 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3a1d21d72024edca7b98d0a539e7bd1251ecf72f27cdf1a9355f2ce3b24a9e82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
619d9ddc-bfca-461e-b3da-4ab5a51d2119
x-served-by
cache-fra-eddf8230130-FRA
x-runtime
0.216722
etag
W/"3a1d21d72024edca7b98d0a539e7bd12"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-fra-eddf8230130-FRA
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202306.1.0/ 		404 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XJk1ZZTljtwHFT3qcIJg+w==
age
78674
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99599
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:36 GMT
server
cloudflare
etag
0x8DB82A15D413626
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e6add574db3-FRA
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1191148075&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=945276169&gjid=1418889044&cid=666190451.1704152547&tid=UA-432816-1&_gid=1960249925.1704152547&_r=1&_slc=1&gtm=45He3bt0n81WL3STMXv896608294&gcd=11l1l1l1l1&dma=0&z=23402550
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/b3580e16-19d9-4554-ba1a-ac19abea14a3/ 		199 KB
36 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/b3580e16-19d9-4554-ba1a-ac19abea14a3/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1df881dfa3c790fb46a3ab0d0edd13cfaf25c0c369cca89ec8115cfdf338236
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
37862
content-md5
bM5EAFhwhSHsrqZI9IpFVg==
content-length
36174
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:18 GMT
server
cloudflare
etag
0x8DBE5260C9926DA
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
40ed0566-901e-0002-3b0e-17873b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e6b0e9f71b8-FRA
expires
Tue, 02 Jan 2024 23:42:27 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=666190451.1704152547&jid=945276169&gjid=1418889044&_gid=1960249925.1704152547&_u=YEBAAEAAAAAAACgAI~&z=1431229298
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 01 Jan 2024 23:42:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5mNZducabMgxSDzBo+ZI8w==
age
59253
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:30 GMT
server
cloudflare
etag
0x8DB82A159AF8EA6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e6b3ebb71b8-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 		61 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sXFDxCJwbPEMIT/8f5Prwg==
age
47558
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:33 GMT
server
cloudflare
etag
0x8DB82A15AFF8646
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
99943331-001e-00a9-52a5-21f8f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e6b4ebc71b8-FRA
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
v0pzgeeelPwcAOki15i3HA==
age
39270
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1766
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:32 GMT
server
cloudflare
etag
0x8DB82A15AB9FB83
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
7a892ea0-601e-0080-09c3-13c685000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e6b4ebd71b8-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
47558
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
05545e90-b01e-002a-0255-23e693000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
83ee9e6b4ebe71b8-FRA
dy-coll-min.js
cdn.dynamicyield.com/scripts/1.213.0/ 		199 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:e800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
19b9a6628fa003af26766ce1578420be5068227a572c78f0e20b53e2f2fc1886

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:00:40 GMT
content-encoding
gzip
via
1.1 7dc1e6ca5d933ea10694c61d8475b502.cloudfront.net (CloudFront)
last-modified
Sun, 15 Oct 2023 07:23:37 GMT
server
DYCDN
age
1816908
x-amz-cf-pop
DUS51-P2
etag
W/"b587b1ed184fe1cb6e2ea31f12e547c2"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
z-vhysJM-W8MY-tSDDTsOk2e9_lG1iKzSxTnCa3pEdLZXON38vw49A==
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
67260
x-ms-lease-status
unlocked
last-modified
Thu, 21 Dec 2023 21:20:05 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
81552adf-c01e-000f-5b93-344fef000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
83ee9e6b7de14db3-FRA
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
516 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
54252
x-ms-lease-status
unlocked
last-modified
Thu, 21 Dec 2023 21:20:04 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
a9b48ef7-701e-0078-4f9b-349a7b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
83ee9e6b8ee771b8-FRA
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
17357
content-length
4036
x-ms-lease-status
unlocked
last-modified
Thu, 21 Dec 2023 21:20:05 GMT
server
cloudflare
etag
0x8DC026A9A33BA9F
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
2916b006-b01e-0077-67ae-34ec17000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
83ee9e6b9df74db3-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
60924
x-ms-lease-status
unlocked
last-modified
Thu, 21 Dec 2023 21:20:05 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
a220a8b7-a01e-006b-498a-34be77000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
83ee9e6b9df84db3-FRA
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=666190451.1704152547&jid=945276169&_u=YEBAAEAAAAAAACgAI~&z=1631599040
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=666190451.1704152547&jid=945276169&_u=YEBAAEAAAAAAACgAI~&z=1631599040
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=498765&uid=-6291528424329359901&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=3b045124674e9303b99fc3d215e5da47&expSes=91438&aud=1092373.1167402.1232212.1324059.1426804.1443347.1846919.884367.884385.884387.998337.1182144.799438.799440&expVisitId=-4782961200611201672&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704152547175&rri=8058271
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-90.vie50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 5d650f4d20204610aaf075ff8f6494c6.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
NzoF1geLvW2EpkYzWscxWV9MOFrNzmApd00EuMU_-si3U9G8wqcEpw==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=531006&uid=-6291528424329359901&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=3b045124674e9303b99fc3d215e5da47&expSes=91438&aud=1092373.1167402.1232212.1324059.1426804.1443347.1846919.884367.884385.884387.998337.1182144.799438.799440&expVisitId=-4782961199522515312&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704152547176&rri=1542034
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-90.vie50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 5d650f4d20204610aaf075ff8f6494c6.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
WZWCC7CQUatsEEIxjwO_jqWJnF5aJWNNr8hrfUd5n2xqztaxKMoouA==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=487053&uid=-6291528424329359901&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=3b045124674e9303b99fc3d215e5da47&expSes=91438&aud=1092373.1167402.1232212.1324059.1426804.1443347.1846919.884367.884385.884387.998337.1182144.799438.799440&expVisitId=-4782961199878846853&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704152547176&rri=8896989
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-90.vie50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 5d650f4d20204610aaf075ff8f6494c6.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
K2PpzMU5TLXT3YP-m0Ei35bVSWlM7nxOG7yFC6KhNJ0vflID0_B-YQ==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=118813&uid=-6291528424329359901&sec=8772046&t=ri&e=1575901&p=1&ve=12692962&va=%5B28207095%5D&ses=3b045124674e9303b99fc3d215e5da47&expSes=91438&aud=1092373.1167402.1232212.1324059.1426804.1443347.1846919.884367.884385.884387.998337.1182144.799438.799440&expVisitId=-4782961198122330402&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704152547177&rri=4290876
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-90.vie50.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 5d650f4d20204610aaf075ff8f6494c6.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
kfL1Yqhnsie8Pf1fg5_zWsM-5FTsIshfo8A4e_U_skG0EpPXHzuNjg==
expires
0
uia
async-px.dynamicyield.com/ 		0
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1704152547178
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-90.vie50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 5d650f4d20204610aaf075ff8f6494c6.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
WLryZVOB1HZCOrciV9UvI8fxlpBJ4xlXxZc_v3r_B8iS-xKsRGHidg==
expires
0
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1191148075&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=25%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=666190451.1704152547&tid=UA-432816-1&_gid=1960249925.1704152547&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=1614747062
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 08:47:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
53708
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1191148075&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=50%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=666190451.1704152547&tid=UA-432816-1&_gid=1960249925.1704152547&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=624865017
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 08:47:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
53708
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1191148075&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=75%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=666190451.1704152547&tid=UA-432816-1&_gid=1960249925.1704152547&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=1621523509
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 08:47:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
53708
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1191148075&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&dp=%2Fcosmetic-criminals&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ux&ea=scrolled%20page&el=95%25&_u=aEDAAEABAAAAACgAIAC~&jid=&gjid=&cid=666190451.1704152547&tid=UA-432816-1&_gid=1960249925.1704152547&gtm=45He3bt0n81WL3STMXv896608294&cd4=0&cd6=&cd7=&cd8=&cd9=0&cd14=content&cd19=&cd21=US&gcd=11l1l1l1l1&dma=0&z=775920767
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 08:47:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
53708
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1704152547260_626441
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-90.vie50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
1txMowGwNxnKK9YxAQCAG-q8T110Pky3Ypd-je4Hl7vNQhBLJxBt1Q==
expires
0
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
140.174.14.166 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Mon, 01 Jan 2024 23:42:27 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		600 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
a86f3a312a265017611f789e39a8987fe705315395d212c4cca0250c28258377

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		272 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.31.94.141 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-94-141.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8dea6b2240fed7b9dccb7a71b05a27a2b41908306b12c498c2c718856568a3cd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Mon, 01 Jan 2024 23:42:27 GMT
Last-Modified
Mon, 22 May 2023 13:58:04 GMT
Server
Apache
ETag
"22004f-4412b-5fc48a8e49847"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
57612
Expires
Mon, 01 Jan 2024 23:57:27 GMT
clog
px.dynamicyield.com/ 		0
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.dynamicyield.com/clog
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/1.213.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.215.235.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-215-235-184.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
expires
0
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
23e447597e860285844304f61396b84ed59102e937a830e01630a7223efc1a5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Mon, 01 Jan 2024 23:42:27 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
js
www.paypal.com/sdk/ 		405 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c25e27d26fc59d8db546ca87f451b425b4f2ae246403e3d46fd503d8fa7576b3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-Akr5IM6ZIOJoS/A+9Ca3Ha25xWRh15++Z3lhhrz3bArQpRdi' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-Akr5IM6ZIOJoS/A+9Ca3Ha25xWRh15++Z3lhhrz3bArQpRdi' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-Akr5IM6ZIOJoS/A+9Ca3Ha25xWRh15++Z3lhhrz3bArQpRdi' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-Akr5IM6ZIOJoS/A+9Ca3Ha25xWRh15++Z3lhhrz3bArQpRdi' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Jan 2024 23:42:27 GMT
age
920
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, MISS
p3p
true
paypal-debug-id
f725689c6d6e1
server-timing
"traceparent;desc="00-0000000000000000000f725689c6d6e1-12499c4f55d9ca0b-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
113486
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230103-FRA, cache-fra-eddf8230103-FRA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f725689c6d6e1-3ba7cf8f1372d396-01
x-timer
S1704152547.427449,VS0,VE9
etag
W/"1bb4e-mBLFArM8yReuY0bbhBjaU7OhzIw"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
1, 0
/
websdk.appsflyer.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=banners&
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Mon, 01 Jan 2024 23:42:27 GMT
Content-Encoding
gzip
x-amz-request-id
2YBD1Y83SA1VBPZN
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
11792
x-amz-id-2
Vo5gJfn4DHGgFFcnzwzpG4njjvgMt8LlOnQtX6RdM+uNb3LkYv06L++KpTpVEqpBqbyFMWzosrU=
Last-Modified
Wed, 14 Jun 2023 06:58:45 GMT
Server
AmazonS3
ETag
"5a676288bcea03bd05e483bc4ce066ae"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=2427
Accept-Ranges
bytes
X-DataStream-Cache-Status
1
Expires
Tue, 02 Jan 2024 00:22:54 GMT
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e0df0b2dc290fe0685caa7bbe576c22168fd28997b9a73bba4065ae426087c7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
x-pwa-request
true
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-correlation-id
83ee9e6d7f9a9b7c
cf-cache-status
DYNAMIC
via
1.1 9b7b71910b45e646f6476bbd270127a4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-P7
age
0
x-yottaa-optimizations
ob/1000 si/36D18cae0e63-1703880237-2982694832 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
x-ratelimit-1m-remaining
23248, 1971334
x-ratelimit-1m-reset
32499, 32498
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
36218cae0e46/[166,164,-] 36D18cae0e63/[-,167.266]
cf-ray
83ee9e6d7f9a9b7c-FRA
x-amz-cf-id
-tnmjRPBfRUTfpltxbtgq02oATmcyt89h8GGrplNkGYsPlrs8dvEJg==
en-us.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/vendors~offers/locale/ 		61 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/vendors~offers/locale/en-us.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.31.94.141 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-94-141.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dfc983293c9baf693a719da3c69be679cbe8aea18c8f35a7abfef41f14800e9c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Mon, 01 Jan 2024 23:42:27 GMT
Last-Modified
Mon, 22 May 2023 13:58:04 GMT
Server
Apache
ETag
"200109-f346-5fc48a8d9f7d1"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6295
Expires
Mon, 01 Jan 2024 23:57:27 GMT
loader.js
cdn.usehero.com/ 		98 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/loader.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:e00:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 22:55:35 GMT
content-encoding
gzip
via
1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
2812
x-amz-server-side-encryption
AES256
etag
W/"fbf714a58cbac38c0deea519667d9044"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
TP0r70bYidoXOGEuE_dRiyeZeQPtpg_JT-CXWloWwKaocVkSIrP_dg==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/?random=1704152546966&cv=11&fst=1704152546966&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=2120577767.1704152547&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8b6c04281cebc6251aefd33b50cb337bfc0a7b3f84ce18cf6edf538d3d3d3a81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1230
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/698270988/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/698270988/?random=1704152546969&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&bttype=purchase&auid=2120577767.1704152547&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
3a5d7ae7d3238a007a1015f9cd17060deebeacb1bb45f050e2d37456067bf30c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1608
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/?random=1704152546987&cv=11&fst=1704152546987&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=2120577767.1704152547&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
df6b271831f064000985634d90dc89eaac5e72310c1819adc13488ad9267a9e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1260
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1704152546988&cv=11&fst=1704152546988&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&auid=2120577767.1704152547&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2862c51094fb61b87ea95e27c1fffb5edd19eec7821d6fcabe7529aaad524f47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1258
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
scevent.min.js
sc-static.net/ 		41 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.112.243 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-112-243.mrs52.r.cloudfront.net
Software
CloudFront /
Resource Hash
ab12e815caea6aba8fe2da60e7d298cccb649166f81926ff64e5dc56ea526522

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
via
1.1 6539a76bb06cb86ff6a4a036edfec006.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
MRS52-C1
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
17610
x-amz-cf-id
PNd0uzNJMGMBCRj8y0vq37ZJPwTExlnuMw29dHFr8fRidjbEmewOxA==
local
www.paypal.com/credit-presentment/experiments/ Frame FA99 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
44b213f5bd62e27e3fbdfae203db1bcc5d4e18c26c801afcf7dc8a240255bfe7
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
5849
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1524
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Mon, 01 Jan 2024 23:42:27 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-XAmp36Pofur6P3giEc4Nq1wjs3w"
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f3448596146a7
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f3448596146a7-ef8a5b31713f2eb7-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f3448596146a7-cd56fe9f914816ff-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, MISS
x-cache-hits
2232, 0
x-served-by
cache-fra-eddf8230103-FRA, cache-fra-eddf8230103-FRA
x-timer
S1704152548.541923,VS0,VE5
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.416&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8545ec6d9935a9732ca0df8f12c939e9c57afb354a9fbd2da861e2f995e08ffb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-/hoGpAdyc0Ar/rrjakOVmXNSRDNoCWuKvbx/TWm1T6VI69M0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-/hoGpAdyc0Ar/rrjakOVmXNSRDNoCWuKvbx/TWm1T6VI69M0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
5432
x-cache
HIT, MISS
paypal-debug-id
f95038781f6bf
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4794
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230103-FRA, cache-fra-eddf8230103-FRA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f95038781f6bf-30a6475ed6311ea5-01
x-timer
S1704152548.543941,VS0,VE3
etag
W/"3690-EfYh/OMS3dazrr0LtkwC/g2hokQ"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
2, 0
core.js
s.pinimg.com/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:8d::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
br
x-cdn
fastly
etag
"8d7d8ce32aa2a45d64e9f04a9a5cb1c4"
x-amz-server-side-encryption
AES256
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Accept-Encoding, Origin
cache-control
max-age=7200
alt-svc
h3=":443";ma=600
content-length
1793
fbevents.js
connect.facebook.net/en_US/ 		202 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 01 Jan 2024 23:42:27 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54273
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
JpqVqeBLetAz7bqeSymh64RZnjRxBDCseWvZJc72SN2u1gpe/VeMP7NmnrakLmL86O1tSlIbtnq6fpDfrcavkw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Tue, 12 Dec 2023 19:56:38 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8123
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.180.2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-20-180-2.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
6cde9a89e584c1b5cf607b942b8c01db090198f25ad108691e5a8e7f5f6c3c45

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
1c09d7c8
date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2401012342275B0023CBBA934298B554-6B77BAD7D1919F5A-00
x-cache
TCP_MISS from a193-108-94-130.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=0, origin; dur=92
content-length
1948
pragma
no-cache
server
nginx
x-tt-logid
202401012342275B0023CBBA934298B554
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
92,193.108.94.130
x-tt-trace-host
013316a0361d5ae8f56af6bf1f3b730d2bf179e9dcd5d8ea6c92e15a9a2a25388c2327577f289e12b747bca5d8abf8c469961f3397321ad18db2d70f44f6009e565b324570b4858dd9a65c40bfe38893c519af7b53111abc1a7f1722bbfee5f936
expires
Mon, 01 Jan 2024 23:42:27 GMT
widget.js
js.jebbit.com/companion/v1/ 		44 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2440:8e00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
Uw77y8f3Lm7O6.ZhO9qLmkRQyA3BbYtB
date
Mon, 01 Jan 2024 06:44:39 GMT
via
1.1 f11ab4f93d35c4b95d55e40354b7ca2a.cloudfront.net (CloudFront)
last-modified
Thu, 21 Dec 2023 18:01:49 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P3
age
61070
x-amz-server-side-encryption
AES256
etag
"c3a781ab856fe1e791e7bbb3d0023f28"
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45036
x-amz-cf-id
VLX2gND77QrEcd8O6DAvdC_v5tskylbcrIjybu5TJlmWTKOvU8oVpw==
logger
www.paypal.com/xoplatform/logger/api/ 		1017 B
908 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a1cde78c92b661f741f3d9d71380dda42f412d8ee15c331b57d3911d5f1fd68e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS
paypal-debug-id
f54598925fe1f
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-fra-eddf8230085-FRA, cache-fra-eddf8230085-FRA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f54598925fe1f-0ec3b3131a32e762-01
x-timer
S1704152548.879063,VS0,VE194
etag
W/"3f9-3KQ6XzM7kgDafTJWwldK+meZkvo"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
x-cache-hits
0, 0
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-length
0
date
Mon, 01 Jan 2024 23:42:27 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f5459897687df
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f5459897687df-54b840da282eb959-01
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-served-by
cache-fra-eddf8230085-FRA, cache-fra-eddf8230085-FRA
x-timer
S1704152548.643074,VS0,VE222
display
api.usehero.com/webplugin/ 		163 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&state=untouched&outboundFeature=
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
849fc336bb6843be3717f3e0582290145c140fd07d42e0ad9faa77ac8c9da72a
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
3afddf75-9a10-4566-9d27-1a2ed7809a8a
cross-origin-resource-policy
same-origin
x-geo-longitude
7.25710
pragma
no-cache
referrer-policy
same-origin
etag
W/"a3-q7HYdDMuG+RfqpO/QG9aNpvlv0c"
x-frame-options
SAMEORIGIN
x-geo-zip
53639
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
50.70170
x-accuracy
200
expires
0
date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
Europe/Berlin
x-envoy-upstream-service-time
11
content-length
163
x-xss-protection
0
x-request-id
3afddf75-9a10-4566-9d27-1a2ed7809a8a
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
DE
x-geo-city
Königswinter
js
www.paypal.com/sdk/ Frame FA99 		405 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=USD&vault=true&components=buttons,messages
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c25e27d26fc59d8db546ca87f451b425b4f2ae246403e3d46fd503d8fa7576b3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-Akr5IM6ZIOJoS/A+9Ca3Ha25xWRh15++Z3lhhrz3bArQpRdi' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-Akr5IM6ZIOJoS/A+9Ca3Ha25xWRh15++Z3lhhrz3bArQpRdi' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-Akr5IM6ZIOJoS/A+9Ca3Ha25xWRh15++Z3lhhrz3bArQpRdi' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-Akr5IM6ZIOJoS/A+9Ca3Ha25xWRh15++Z3lhhrz3bArQpRdi' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Jan 2024 23:42:27 GMT
age
920
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, MISS
p3p
true
paypal-debug-id
f725689c6d6e1
server-timing
"traceparent;desc="00-0000000000000000000f725689c6d6e1-12499c4f55d9ca0b-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
113486
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230103-FRA, cache-fra-eddf8230103-FRA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f725689c6d6e1-3ba7cf8f1372d396-01
x-timer
S1704152548.587388,VS0,VE12
etag
W/"1bb4e-mBLFArM8yReuY0bbhBjaU7OhzIw"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
2, 0
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:27 GMT
last-modified
Fri, 10 Nov 2023 20:09:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: F39954A132A942898E88C58E2B75B1A9 Ref B: FRAEDGE1313 Ref C: 2024-01-01T23:42:27Z
etag
"80abcdf1114da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13175
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		283 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.9.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-9-20.mxp64.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e164d3eb3e9b278fea4e13e0d68d3f1bb3fc421c3a2b709710ddfe8762dc4fad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sun, 31 Dec 2023 22:17:58 GMT
content-encoding
br
via
1.1 f7a79e15a22014280e8c7ec641b68a52.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP64-C1
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
69384
last-modified
Tue, 19 Dec 2023 14:04:54 GMT
server
AmazonS3
etag
"cf13703979657a27cb3c3eeda3bbb72a"
vary
Accept-Encoding, Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
qemhHV2E2u5blc7DG_7aaGbnxBro0ga7lUR4Wk6Ags4k4T3SMsvUHg==
ts
t.paypal.com/ 		42 B
510 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704152547589&g=-60&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits
0
date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
00391a8a83981
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-eddf8230127-FRA
pragma
no-cache
correlation-id
00391a8a83981
traceparent
00-000000000000000000000391a8a83981-a7cfc3adf44f7c04-01
x-timer
S1704152548.690183,VS0,VE158
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 01 Jan 2024 23:42:27 GMT
/
www.google.ru/pagead/1p-conversion/698270988/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1651539164&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1651539164&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A...
  • https://www.google.ru/pagead/1p-conversion/698270988/?random=1651539164&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%...
42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ru/pagead/1p-conversion/698270988/?random=1651539164&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=2120577767.1704152547&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TXdLSEdyUkFUV2pWeHV1SHBpaUtDcTJ5cjliZFM5RGtSYllrSVFnR2ZjZFBVGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpU29ENXphTTBqRzE5SUo2bkNzNy1NNG41TV9HeDVVNUN6R3lnRWhLSGtwd2tqamk0WllnbDQ5TkEiEwjukfb5rr2DAxW94bsIHeeTAkI&is_vtc=1&ocp_id=402TZa6UIr3D7_UP56eKkAQ&cid=CAQSGwAvHhf_pxaMRTb4wJZ903jg8lFR_V5fBZ2jZw&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmUm-11EDv5wxd8ly7kT5QlWh1K1eIS1lRU&random=1347757777&ipr=y
Protocol
H2
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.ru/pagead/1p-conversion/698270988/?random=1651539164&cv=11&fst=1704152546969&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&value=0&auid=2120577767.1704152547&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ09MSnJBWVF6YzdkeXEzUjRfdm9BUkltQUpSUmV6TXdLSEdyUkFUV2pWeHV1SHBpaUtDcTJ5cjliZFM5RGtSYllrSVFnR2ZjZFBVGlpDaEVJZ09MSnJBWVFvNEhPNVBQaXZ0M1NBUkl1QVBDSGtpU29ENXphTTBqRzE5SUo2bkNzNy1NNG41TV9HeDVVNUN6R3lnRWhLSGtwd2tqamk0WllnbDQ5TkEiEwjukfb5rr2DAxW94bsIHeeTAkI&is_vtc=1&ocp_id=402TZa6UIr3D7_UP56eKkAQ&cid=CAQSGwAvHhf_pxaMRTb4wJZ903jg8lFR_V5fBZ2jZw&eitems=ChEIgOLJrAYQ1tWj2sWOtp_NARIdANJWnmUm-11EDv5wxd8ly7kT5QlWh1K1eIS1lRU&random=1347757777&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
i.js
tag.wknd.ai/4142/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/4142/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
9a77cbb7b054563b83506932790e70186ba3a92e69a147216e3176337178adbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:40:22 GMT
content-encoding
gzip
via
1.1 google
age
125
x-envoy-upstream-service-time
1
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5754
server
istio-envoy
etag
84d224ee45e478
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJiMzY5ZmMwLTZiMDktNGVkYS04M2QyLWI4MmEwNThhNzJiMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDE1MjUxNywic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrS2dYbEhKS3dYYVJsS2dVbXFZWXh1cEY6OmNoaWQ6ICIsImV4cCI6MTcwNDE1NDM0NywiaWF0IjoxNzA0MTUyNTQ3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1Mjk2NTU4NDI5NTEzMDY0In0.MmYCuXBwKUXRpuH-WKtD6nRGH8dKlpBxdvWUw1BjHIxnNT_hHjbvMo9KxvzN2TacE4iQZhbtx6u0oPLk89-_ew
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 93efd892a8e99dc59164afbee331cd56.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA56-P7
age
0
x-yottaa-optimizations
ob/0 si/36D18cae0e63-1703880237-2982694833 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
36218cae0e47/[164,163,-] 36D18cae0e63/[-,166.106]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
83ee9e6ec87271d9-FRA
x-dw-request-base-id
SZjyBeRNk2UBAAB_
x-amz-cf-id
bRYSgxyVPykeGOjqVzCiUO6a9Tvozd2kKvWje-g60FkUFmvbBBvHxw==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/ 		114 B
788 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJiMzY5ZmMwLTZiMDktNGVkYS04M2QyLWI4MmEwNThhNzJiMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDE1MjUxNywic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrS2dYbEhKS3dYYVJsS2dVbXFZWXh1cEY6OmNoaWQ6ICIsImV4cCI6MTcwNDE1NDM0NywiaWF0IjoxNzA0MTUyNTQ3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1Mjk2NTU4NDI5NTEzMDY0In0.MmYCuXBwKUXRpuH-WKtD6nRGH8dKlpBxdvWUw1BjHIxnNT_hHjbvMo9KxvzN2TacE4iQZhbtx6u0oPLk89-_ew
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
via
1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
content-encoding
gzip
x-amzn-remapped-content-length
114
x-amz-cf-pop
FRA56-P7
age
0
x-amzn-remapped-connection
close
x-yottaa-optimizations
ob/1000 si/36D18cae0e63-1703880237-2982694834 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-amzn-requestid
9833f056-7f42-42a0-a919-b6357c472ad4
x-cache
Miss from cloudfront
x-amz-apigw-id
Q4kboFe_iYcEbUA=
content-length
108
etag
W/"72-HgdmTgyCF/DQfqnMU3u+4UstAzI"
x-amzn-trace-id
Root=1-65934de3-44b2f49927e49ed3342d1f48;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
36218cae0e48/[763,762,-] 36D18cae0e63/[-,765.106]
x-amzn-remapped-date
Mon, 01 Jan 2024 23:42:28 GMT
x-amz-cf-id
cPgDsqbOJx9c3gQr9xJ1W0xwRn0jgRXRKs_Wn6Fuajutx71SAOSHCw==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		213 B
883 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=37.58.57.3
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d80439477bb2a33a0ffa5ab943d9015bedcb7ba4dbc2c62ae69e0df6255067fd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
de-DE,de;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
age
0
x-yottaa-optimizations
ob/1000 si/36D18cae0e63-1703880237-2982694835 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=37.58.57.3
x-yottaa-metrics
36218cae0e49/[222,220,-] 36D18cae0e63/[-,223.678]
cf-ray
83ee9e6f3c6f9229-FRA
x-dw-request-base-id
SZj1BeRNk2UBAAB_
x-amz-cf-id
UjUfnYxRA9g18Vpgqqtt-JNOa-zPKifcJvj5AtJ7IlcJdLHbgcHG2w==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		213 B
884 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=37.58.57.3
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d80439477bb2a33a0ffa5ab943d9015bedcb7ba4dbc2c62ae69e0df6255067fd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
de-DE,de;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
age
0
x-yottaa-optimizations
ob/1000 si/36D18cae0e63-1703880237-2982694836 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=37.58.57.3
x-yottaa-metrics
36218cae0e27/[244,242,-] 36D18cae0e63/[-,244.520]
cf-ray
83ee9e6f3bac37e6-FRA
x-dw-request-base-id
22Rf-ORNk2UBAAB_
x-amz-cf-id
DJyk3coEgwvvxhBbgc6oXlTVULE3bYJPKXDjPTZ4UqzTe3oV5e4m_A==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bckKgXlHJKwXaRlKgUmqYYxupF/ 		11 B
826 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bckKgXlHJKwXaRlKgUmqYYxupF/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
x-pwa-request
true
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJiMzY5ZmMwLTZiMDktNGVkYS04M2QyLWI4MmEwNThhNzJiMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDE1MjUxNywic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrS2dYbEhKS3dYYVJsS2dVbXFZWXh1cEY6OmNoaWQ6ICIsImV4cCI6MTcwNDE1NDM0NywiaWF0IjoxNzA0MTUyNTQ3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1Mjk2NTU4NDI5NTEzMDY0In0.MmYCuXBwKUXRpuH-WKtD6nRGH8dKlpBxdvWUw1BjHIxnNT_hHjbvMo9KxvzN2TacE4iQZhbtx6u0oPLk89-_ew
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
x-correlation-id
83ee9e6f3cea9223
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 4a95385e61c9df8f5f8de6338a3fe59a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
age
0
x-yottaa-optimizations
ob/1000 si/36D18cae0e63-1703880237-2982694837 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
sfdc_load
4
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bckKgXlHJKwXaRlKgUmqYYxupF/baskets?siteId=elf-us
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
83ee9e6f3cea9223-FRA
x-amz-cf-id
rST7fCW38x3iy2sqA_ToCm_mF7b1kuK9S6wwJUgIk47ucuYfUzOAHA==
x-yottaa-metrics
36218cae0e28/[166,165,-] 36D18cae0e63/[-,166.699]
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		77 B
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1b9282666fa91e4ab0acdb92fd7b50f9e0058653b1be4869a213398ab49da248
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
4640f1d6-3586-44cc-b28a-e63083423553
x-served-by
cache-fra-eddf8230130-FRA
x-runtime
0.084965
etag
W/"1b9282666fa91e4ab0acdb92fd7b50f9"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-fra-eddf8230130-FRA
js
www.googletagmanager.com/gtag/ 		271 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0b780703749e9d94be4394dd37aab70406a66f4c4ca719c7e6480309cec68d28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92068
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 01 Jan 2024 23:42:27 GMT
/
www.google.com/pagead/1p-user-list/10812184462/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10812184462/?random=1704152546966&cv=11&fst=1704150000000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_PKooSCtUhV4shPYNuDvzbPhS7HwOiw&random=1205413384&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ru/pagead/1p-user-list/10812184462/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ru/pagead/1p-user-list/10812184462/?random=1704152546966&cv=11&fst=1704150000000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_PKooSCtUhV4shPYNuDvzbPhS7HwOiw&random=1205413384&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/865242110/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/865242110/?random=1704152546987&cv=11&fst=1704150000000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSGwAvHhf__NZojPjcgwm2lrQ16BwHqiNuh7VgGw&random=1850026770&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ru/pagead/1p-user-list/865242110/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ru/pagead/1p-user-list/865242110/?random=1704152546987&cv=11&fst=1704150000000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSGwAvHhf__NZojPjcgwm2lrQ16BwHqiNuh7VgGw&random=1850026770&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/698270988/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/698270988/?random=1704152546988&cv=11&fst=1704150000000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_Nm2XWsveRdjGzhJCvYMTrjl5Hxi0rw&random=775722012&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ru/pagead/1p-user-list/698270988/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ru/pagead/1p-user-list/698270988/?random=1704152546988&cv=11&fst=1704150000000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&frm=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_Nm2XWsveRdjGzhJCvYMTrjl5Hxi0rw&random=775722012&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
main.74d80534.js
s.pinimg.com/ct/lib/ 		65 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.74d80534.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:8d::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
content-encoding
br
x-cdn
fastly
etag
"cb251578b1e91b3cc440fd1521770cc5"
x-amz-server-side-encryption
AES256
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Accept-Encoding, Origin
cache-control
max-age=1209600
alt-svc
h3=":443";ma=600
content-length
18895
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1704152547706&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=4557db1c-fa76-4853-92f0-136ae5da7130&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2440:8e00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
RTEvjx9S_f.J6xhm_CGfuKjdaFCgE8S4
date
Mon, 01 Jan 2024 01:03:01 GMT
via
1.1 f11ab4f93d35c4b95d55e40354b7ca2a.cloudfront.net (CloudFront)
last-modified
Thu, 21 Dec 2023 18:01:49 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P3
age
82665
x-amz-server-side-encryption
AES256
etag
"8e754beaa7f32e405c184f00c12cece1"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15502
x-amz-cf-id
OPxRw6ShDXV5xUiACOnRv352qGqzUKyjuuz2n5sHaceqHKkdyweyAg==
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.85.9 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-85-9.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
x-dns-prefetch-control
off
content-length
2
x-xss-protection
1; mode=block
pragma
no-cache
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options
noopen
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
expires
0
5013978.js
bat.bing.com/p/action/ 		0
116 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Mon, 01 Jan 2024 23:42:27 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 752752B52AB34BE5812535BBF2F7CB7F Ref B: FRAEDGE1313 Ref C: 2024-01-01T23:42:27Z
x-cache
CONFIG_NOCACHE
p
tr.snapchat.com/ 		68 B
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&ev=PAGE_VIEW&intg=gtm&pids=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_c1=cff08c2a-9501-4194-a09b-e41ba4062008&u_sclid=e97c2a15-c7d7-4815-a236-19e145cd77e3&u_scsid=501f2895-4df1-4a95-88b4-86aef580a3ff&bt=1d53c387&d_bvs=%5B%5D&df=true&huah=true&m_dcl=2913&m_fcps=2923&m_pi=2913&m_pl=4152&m_pv=2&m_rd=4724&m_sh=1200&m_sl=0&m_sw=1600&pl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&trackId=f039f7c8-1782-424b-b819-9684f015e091&ts=1704152547792&v=3.7.3-2312182359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
hash
www.paypal.com/credit-presentment/experiments/ Frame FA99 		40 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_512f740d83_mjm6ndi6mjc&disableSetCookie=true&features=disable-set-cookie
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1VU0QmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Jan 2024 23:42:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
0
edge-cache-tag
up-treatments-hash
x-cache
MISS, MISS
paypal-debug-id
f545989b7c05b
server-timing
"traceparent;desc="00-0000000000000000000f545989b7c05b-1ef8f81685e0a18e-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
56
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230103-FRA, cache-fra-eddf8230103-FRA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f545989b7c05b-2b7112a50dc8d90d-01
x-timer
S1704152548.809516,VS0,VE205
etag
W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-expose-headers
Server-Timing
cache-control
s-maxage=86400, max-age=0
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0
1638306756445368
connect.facebook.net/signals/config/ 		146 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.138&r=stable&domain=www.elfcosmetics.com
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7bab85eaa8d74cec964409d9e0a5c6d7ed0000b23b6400c562333c6483761ca2
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 01 Jan 2024 23:42:27 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
37888
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
WsUlLYx1X2N5AiyX7QtbdkboBLCDdEbobdgojTxFJI1PQY8buwmJYdQtL1rqj3lEQTSCr9nbkK5MOHMwv6IIKg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/user/ 		297 B
620 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1704152547853&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.74d80534.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
04c6083a9781b397d0b570f97154a3fa61aac68dfba173617e5a6351786b7470

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
content-encoding
gzip
x-cdn
fastly
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
x-pinterest-rid
1205532573540513
content-length
172
pin-unauth
dWlkPVpHSTNPRGsyWkRJdFl6WmpZeTAwT0dWbUxXSXpabVF0TlRVeFpHRTFNV1JqT1RGaA
pragma
no-cache
referrer-policy
origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
8c23f27d55c77c9c78a5d022d53a766b1295cc23
expires
Sat, 01 Jan 2000 00:00:00 GMT
main.MWNkZmM2YTcxMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		420 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxMQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.180.2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-20-180-2.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8eeb23a1dcd42802d5d861556c6ae4848a05fd28cd22bb8ed884015b62eefd9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
1c09d871
date
Mon, 01 Jan 2024 23:42:28 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20231221122624D9293D01BB51BC6B60D1
x-tt-trace-id
00-231221122624D9293D01BB51BC6B60D1-7BEC15D3A6F66FF8-00
vary
Accept-Encoding
x-cache
TCP_HIT from a193-108-94-130.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01b9b7b97dd4f0fdd09aa6e3973af63ce1a76feee5700427a60a2fbf8d6aa063a7a7d687afebfb0e73e4df7233ff665f3eae842c61342f06bdd427ee646ebc67b5f61a79fcdd54986041e8cce3891f244b79729fe5c6812e36d1d093906462feb0
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
112277
/
ct.pinterest.com/v3/ 		35 B
182 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2274d80534%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1704152548044
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:28 GMT
referrer-policy
origin
x-cdn
fastly
content-type
image/gif
access-control-allow-origin
*
pinterest-version
8c23f27d55c77c9c78a5d022d53a766b1295cc23
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
1
alt-svc
h3=":443";ma=600
x-pinterest-rid
1387868487430056
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
analytics.google.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je3bt0v879088318z8896608294&_p=1704152546565&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=666190451.1704152547&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=&sid=1704152548&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&en=page_view&_fv=1&_ss=1&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=US&up.user_loyalty_status=false&tfd=5022
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:28 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=666190451.1704152547&gtm=45je3bt0v879088318z8896608294&aip=1&dma=0&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:28 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ru/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ru/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=666190451.1704152547&gtm=45je3bt0v879088318z8896608294&aip=1&dma=0&gcd=11l1l1l1l1&z=1570215678
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:28 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
plugin.5.46.0.js
cdn.usehero.com/ Frame 54E1 		244 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/plugin.5.46.0.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:e00:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 22:44:29 GMT
content-encoding
gzip
via
1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
3486
x-amz-server-side-encryption
AES256
etag
W/"e840bbd769b547fed1c31518dde8fa55"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
3gCEEtbI4Oh6ha5BFLZXpblyJmrJAV9PPnpCE3qaU1te5cug47vcVQ==
pageview
c.contentsquare.net/ 		0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?pid=1926&uu=4b3a53a5-0b47-a080-adb3-d12b9347504c&sn=1&hd=1704152548&pn=1&dw=1600&dh=1202&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&uc=0&la=en-US&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&v=13.76.1&pvt=n&ex=&r=191961
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.192.31 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-192-31.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:28 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
logger
www.paypal.com/xoplatform/logger/api/ Frame FA99 		0
0
jsp
ut.rd.linksynergy.com/ 		148 B
405 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
908be1aa5d8df692cb9fc1d678a83f8336cacceb5332b3f5fbc318b46ad63e96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type
text/plain; charset=utf-8
date
Mon, 01 Jan 2024 23:42:28 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
x-samesite
secure
muse.js
www.paypalobjects.com/muse/ 		55 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48DA) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
946d3f0ef38bc
dc
ccg11-origin-www-1.paypal.com
content-length
16488
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (ama/48DA)
traceparent
00-0000000000000000000946d3f0ef38bc-897d058aa8501879-01
etag
"64f25363-daa8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Tue, 02 Jan 2024 00:42:28 GMT
3b5d0988-8a18-4492-9135-4f473257d529
https://www.elfcosmetics.com/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.elfcosmetics.com/3b5d0988-8a18-4492-9135-4f473257d529
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a19915f513441bab259dbf5472a9501139e4eda8d1891ca5a0bd4efd6d60dd4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Length
7329
Content-Type
application/javascript
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&rl=&if=false&ts=1704152548206&sw=1600&sh=1200&v=2.9.138&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1704152548200.509293144&ic=fbpixel&ler=empty&it=1704152547813&coo=false&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 01 Jan 2024 23:42:28 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jan 2024 23:42:27 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f7c9da597a7577e800a7f709ba64a761c39300db3c0d05ce959915681c7bdb4c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
de-DE,de;q=0.9
x-pwa-request
true
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJiMzY5ZmMwLTZiMDktNGVkYS04M2QyLWI4MmEwNThhNzJiMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDE1MjUxNywic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrS2dYbEhKS3dYYVJsS2dVbXFZWXh1cEY6OmNoaWQ6ICIsImV4cCI6MTcwNDE1NDM0NywiaWF0IjoxNzA0MTUyNTQ3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1Mjk2NTU4NDI5NTEzMDY0In0.MmYCuXBwKUXRpuH-WKtD6nRGH8dKlpBxdvWUw1BjHIxnNT_hHjbvMo9KxvzN2TacE4iQZhbtx6u0oPLk89-_ew
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
via
1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
FRA56-P7
age
0
x-yottaa-optimizations
ob/1000 si/36D18cae0e63-1703880237-2982694838 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
content-length
1049
pragma
no-cache
etag
cb638ff5f975f9987e9da406bb10496000fc57be30a0c42190f0b5b12c2a758c
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
x-dw-resource-state
cb638ff5f975f9987e9da406bb10496000fc57be30a0c42190f0b5b12c2a758c
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
36218cae0e29/[335,333,-] 36D18cae0e63/[-,336.112]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
83ee9e72885d2c4b-FRA
x-dw-request-base-id
SZgPBuRNk2UBAAB_
x-amz-cf-id
Ca8cmHZk6VGnrMwmysxOO2kzNmdWG4Flr9CM33QH8KVXSyCdb_TgQQ==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
c69c204f-fba0-4685-aea8-ad32f799fa5d.js
tr.snapchat.com/config/com/ 		186 B
205 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/config/com/c69c204f-fba0-4685-aea8-ad32f799fa5d.js?v=3.7.3-2312182359
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
09752e471359d7a3290ab06143136a67ce11d447160a2aa5ecad593c2f79775d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
Origin
https://www.elfcosmetics.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
content-type
application/javascript
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
0
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
186
i
tr.snapchat.com/cm/ Frame DED9 		0
0
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 6d96f6742a3e24fad8577272b38c550a.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
age
2349586
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1101 si/36D18cae0e63-1701461947-2109683794 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
36218cae0e47/[2,-,1701802948009] 36D18cae0e63/[hit]
x-amz-cf-id
pu9Z7XRVkh0v9T_0_kgnCF8qilbbCbmFlSQocNvV_kaXlXA3LJyIbA==
chunk.716.df63d46a2a86670d4b68.js
cdn.usehero.com/ Frame 54E1 		841 KB
185 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:e00:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:28:17 GMT
content-encoding
br
via
1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
852
x-amz-server-side-encryption
AES256
etag
W/"01e9e2a8624bcf27fee5e0a11db65672"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
DMD_0xQSjyMH86F7fWUrRVWas3Nt8252hhs7VEroeRkbSfSnUB7u_Q==
dvar
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=13.76.1&pid=1926&pn=1&sn=1&uu=4b3a53a5-0b47-a080-adb3-d12b9347504c&dv=H4sIAAAAAAAAA6tWcnSKd4mMd8%2FJT0rMUXDOzyspys9RCEktLlGyUnKpzEvMzUxWiMxMzUlRcK0oSC3KTM1LTi1W0oHqQ4gpGAI1hCUWZSaWZObnAXkwJT755QqeeSWpeSATA%2FILSnOAikoqlWoB8S1cunwAAAA%3D&ct=2&r=996383
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.192.31 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-192-31.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:28 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
identify_ce767.js
analytics.tiktok.com/i18n/pixel/static/ 		135 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_ce767.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.180.2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-20-180-2.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
1c09d92a
date
Mon, 01 Jan 2024 23:42:28 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20231221122623D9293D01BB51BC6B606B
x-tt-trace-id
00-231221122623D9293D01BB51BC6B606B-7443A4F0F0BE92FB-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a193-108-94-130.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01aca25577c87df7c9a46f117df6401c6755f4ceb7305294417082ecdecae777b11c9209be33c52121d50427fdadc7d00270704956c2cffccb483dd1b62e1b354cfa82c1951ab6efb3405ac8f3526dbdcc11eaea7077bd973bcce62c05387cecc1
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
36092
pangle_pixel
analytics.pangle-ads.com/api/v2/ 		0
967 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.251.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-251-219.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
6812d50b.6e60e193
date
Mon, 01 Jan 2024 23:42:28 GMT
x-bytefaas-request-id
20240101234228FC0B61B3C9F18C5029F8
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240101234228FC0B61B3C9F18C5029F8-255EE13A0BFB34C3-00
x-cache
TCP_MISS from a184-84-216-219.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
x-parent-response-time
94,184.84.216.219
server-timing
cdn-cache; desc=MISS, edge; dur=85, origin; dur=9, inner; dur=6
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240101234228FC0B61B3C9F18C5029F8
x-cache-remote
TCP_MISS from a23-207-199-39.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
access-control-max-age
86400
access-control-allow-methods
*
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-bytefaas-execution-duration
4.11
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-gw-dst-psm
ad.union.pangle_web_traffic
x-tt-trace-host
015ad3f5024a4db9078ede5395b44fec868b9ed1f67ffd4a7cc0787f88b8052feffcfe4639b19342e7db6b73d0b4b09d3cf400a0065474103e17e4085c1eb6541ecf7f18839237f310a0a9159d66e0c8b0f8f860ab9e94f7d18aea20dc34453ecea087b272bbfa7090d80cf877d2381f14
x-origin-response-time
9,23.207.199.39
access-control-allow-headers
*
expires
Mon, 01 Jan 2024 23:42:28 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.180.2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-20-180-2.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1c09d943
date
Mon, 01 Jan 2024 23:42:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2401012342285B0023CBBA934298B578-6972C3E3F476317A-00
x-cache
TCP_MISS from a193-108-94-130.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=58, cdn-cache; desc=MISS, edge; dur=6, origin; dur=144
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202401012342285B0023CBBA934298B578
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
145,193.108.94.130
x-tt-trace-host
013316a0361d5ae8f56af6bf1f3b730d2bf179e9dcd5d8ea6c92e15a9a2a25388c2327577f289e12b747bca5d8abf8c469961f3397321ad18db2d70f44f6009e560227658a364223b9bbb5cc25b27ae99837191d94000bed9c658f5a6d67b74b2a
access-control-allow-headers
Authorization,*
expires
Mon, 01 Jan 2024 23:42:28 GMT
runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 23:20:28 GMT
content-encoding
br
age
1383720
x-guploader-uploadid
ABPtcPowh8zWksmNWadvjW-E4F1mJEwh8JQ0duJB33m0-Bm1iToQTCMElzz8mU-k1Nd_PFCTHHQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1317
last-modified
Wed, 13 Dec 2023 20:29:20 GMT
server
UploadServer
etag
"dbc90523c425a5d782995c1a39051881"
x-goog-generation
1699889631731187
x-goog-hash
crc32c=Xs/EYg==, md5=28kFI8QlpdeCmVwaOQUYgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1317
accept-ranges
bytes
content-type
text/javascript
index.html
www.paypalobjects.com/muse/analytics/ Frame 3256 		55 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B6) /
Resource Hash
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16892
content-type
text/html
date
Mon, 01 Jan 2024 23:42:28 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc"
expires
Tue, 02 Jan 2024 00:42:28 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
6d9e6836d712a
server
ECAcc (ama/48B6)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-00000000000000000006d9e6836d712a-cc01e12d8b257289-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
shopper
api.usehero.com/localisation/ Frame 54E1 		35 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/localisation/shopper?appId=efcf9631-4c6b-4874-9f76-51f71464249a&version=5.46.0
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-time-zone
Europe/Berlin
klarna-correlation-id
4354a45d-ae8e-4b16-bfbd-30d6b9d57284
x-envoy-upstream-service-time
17
x-geo-longitude
7.25710
x-request-id
4354a45d-ae8e-4b16-bfbd-30d6b9d57284
access-control-max-age
21600
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-country
DE
cache-control
max-age=86400, public
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-geo-zip
53639
access-control-allow-headers
DNT,Accept-Language,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-region-id,x-api-version
x-accuracy
200
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 6d96f6742a3e24fad8577272b38c550a.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
age
2349586
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1101 si/36D18cae0e63-1701461947-2109683794 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
36218cae0e47/[2,-,1701802948009] 36D18cae0e63/[hit]
x-amz-cf-id
pu9Z7XRVkh0v9T_0_kgnCF8qilbbCbmFlSQocNvV_kaXlXA3LJyIbA==
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::210:6e29 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
null
date
Mon, 01 Jan 2024 23:42:28 GMT
server
Unknown
x-amz-server-side-encryption
AES256
x-amp-srv
A
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
5378
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::210:6e29 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:28 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
996
icon-noun-snowflake-1044022
elfcosmetics.a.bigcontent.io/v1/static/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-snowflake-1044022?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::210:6e29 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Mon, 01 Jan 2024 23:42:28 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
1418
p
tr6.snapchat.com/ 		0
47 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr6.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
via
1.1 google
server
API Gateway
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ct.html
ct.pinterest.com/ Frame A113 		565 B
402 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443";ma=600
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Mon, 01 Jan 2024 23:42:28 GMT
pinterest-version
8c23f27d55c77c9c78a5d022d53a766b1295cc23
referrer-policy
origin
x-cdn
fastly
x-envoy-upstream-service-time
1
x-pinterest-rid
3861625427329559
act
analytics.tiktok.com/api/v2/pixel/ 		0
844 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWNkZmM2YTcxMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.180.2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-20-180-2.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
cb97741.1c09d9a7
date
Mon, 01 Jan 2024 23:42:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24010123422861DDEE6F6D268C721BE2-4E98F795F40A5D9D-00
x-cache
TCP_MISS from a193-108-94-130.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
131,193.108.94.130
server-timing
cdn-cache; desc=MISS, edge; dur=97, origin; dur=41, inner; dur=32
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024010123422861DDEE6F6D268C721BE2
x-cache-remote
TCP_MISS from a23-218-223-23.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
41,23.218.223.23
x-tt-trace-host
013316a0361d5ae8f56af6bf1f3b730d2bf80912926e596a0d8ee88a62ce49b346ed6478732d773a6f46c6101712d14608c3175545309e60a1adca4dd683959f56041ba9c40b21abd52f3ea938ef44ce637f7826c80999d77a581a8aaff6efe48dc054844045cdf2c5b71d97557c6e222e
access-control-allow-headers
Authorization,*
expires
Mon, 01 Jan 2024 23:42:28 GMT
settings
api.usehero.com/webplugin/ Frame 54E1 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/settings?appId=efcf9631-4c6b-4874-9f76-51f71464249a
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
a621c00d3d17b69f6464fda64a981a503705c3f310bb6656fd6d944db9d9498c
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding
gzip
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
d1d79034-f9d2-4d69-860b-f0a5336a048d
cross-origin-resource-policy
same-origin
x-geo-longitude
7.25710
pragma
no-cache
referrer-policy
same-origin
etag
W/"64e-TsrMJEw9RxpPbtp3lBYo0V2IESU"
x-frame-options
SAMEORIGIN
x-geo-zip
53639
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
50.70170
x-accuracy
200
expires
0
date
Mon, 01 Jan 2024 23:42:28 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
Europe/Berlin
x-envoy-upstream-service-time
12
x-xss-protection
0
x-request-id
d1d79034-f9d2-4d69-860b-f0a5336a048d
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
DE
x-geo-city
Königswinter
noop.js
www.paypalobjects.com/muse/ Frame 3256 		18 B
210 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/noop.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (daa/7D8C) /
Resource Hash
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypalobjects.com/muse/analytics/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
paypal-debug-id
e8c57f12db610
dc
ccg11-origin-www-1.paypal.com
content-length
18
last-modified
Sat, 13 Feb 2021 00:26:56 GMT
server
ECAcc (daa/7D8C)
traceparent
00-0000000000000000000e8c57f12db610-d4e3e51f5bf369f8-01
etag
"60271cd0-12"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Mon, 01 Jan 2024 23:42:27 GMT
main-v2_8aebf97cc6bdaca1cfc56940afdbc7d5.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		452 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_8aebf97cc6bdaca1cfc56940afdbc7d5.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
828011e932c7f65177e00c50ef88564628178b9d3190845404b02e3132a14c90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 13 Dec 2023 20:29:14 GMT
content-encoding
br
age
1653194
x-guploader-uploadid
ABPtcPo02xoiCE7TlR3IPLs1y_pfQhg7VjRWLfRVh5Ox8vA6nfgfHJpz4w8cyFeyEkVD45Ry4UNEzGmFMA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
103229
last-modified
Wed, 13 Dec 2023 20:29:02 GMT
server
UploadServer
etag
"2404e3009bfbe89e5d2c7f7b24179df7"
x-goog-generation
1702499342060242
x-goog-hash
crc32c=kCJJLw==, md5=JATjAJv76J5dLH97JBed9w==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
103229
accept-ranges
bytes
content-type
text/javascript
cjs_min_1e55b565811f11b08485230cf1d150d6.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 13 Dec 2023 16:23:26 GMT
content-encoding
gzip
age
1667942
x-guploader-uploadid
ABPtcPr3NAYW6aHfRigw2-mEsUEiHH97JvkmqjWs4M5xJIUgxesTZjwNvGl_KyjAijB591FQyPKxXwd7JQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15751
last-modified
Wed, 13 Dec 2023 16:23:11 GMT
server
UploadServer
etag
"d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation
1702484591435387
x-goog-hash
crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15751
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
p
tr.snapchat.com/ 		0
15 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 01 Jan 2024 23:42:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ts
t.paypal.com/ 		42 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704152548843&g=-60&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits
0
date
Mon, 01 Jan 2024 23:42:29 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
c3fb4d0543448
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-eddf8230127-FRA
pragma
no-cache
correlation-id
c3fb4d0543448
traceparent
00-0000000000000000000c3fb4d0543448-81d680b03399bb02-01
x-timer
S1704152549.846349,VS0,VE198
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 01 Jan 2024 23:42:28 GMT
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6

Request headers

Referer
https://www.elfcosmetics.com/cosmetic-criminals
accept-language
de-DE,de;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:29 GMT
content-encoding
gzip
via
1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA56-P7
age
0
x-yottaa-optimizations
ob/1000 si/36D18cae0e63-1703880237-2982694841 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_US/PWA-UpdateSession
x-yottaa-metrics
36218cae0e2a/[413,411,-] 36D18cae0e63/[-,414.464]
cf-ray
83ee9e76788e9bca-FRA
x-dw-request-base-id
khlRTuVNk2UBAAB_
x-amz-cf-id
EI4ZoImyudX8_rBtt8NUf5QpaK3H5EfcbIcvqGQs183XEiytG2bTQA==
expires
Thu, 01 Dec 1994 16:00:00 GMT
inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 20:50:30 GMT
content-encoding
br
age
1306318
x-guploader-uploadid
ABPtcPojFr0aVJBep54gO4ODTn0mKxsZLJuPeNAwYbZ_CIR-rmNQ3xtFdzm6eyKDC4ePJthHMju0y8FM2g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4862
last-modified
Wed, 13 Dec 2023 20:28:54 GMT
server
UploadServer
etag
"e08d76c0eee63d930afa55862092fe13"
x-goog-generation
1699889612802679
x-goog-hash
crc32c=om6Z6Q==, md5=4I12wO7mPZMK+lWGIJL+Ew==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4862
accept-ranges
bytes
content-type
text/javascript
sms-v2_59133b5ff2491255abf0da3a6c439b40.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/sms-v2_59133b5ff2491255abf0da3a6c439b40.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7d6b2e34f8baa2cbb0d0352ba4401894ca78bd0e98a8f0259798be00d3f9f4ec

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 06:43:15 GMT
content-encoding
br
age
1789153
x-guploader-uploadid
ABPtcPqhZ8DIwXJhJg-XdRSq2teAeZFu_PKhxRslrKKdHhg35pFCof1ITh4-NdZndQA0I0MnmL8
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1301
last-modified
Mon, 11 Dec 2023 15:58:57 GMT
server
UploadServer
etag
"fc8b1adafd5fdfc3a8542a947659bc4f"
x-goog-generation
1698960948550187
x-goog-hash
crc32c=pCs8WQ==, md5=/Isa2v1f38OoVCqUdlm8Tw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1301
accept-ranges
bytes
content-type
text/javascript
onsite-v2_5631bf90701659009118a89f964ae570.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_5631bf90701659009118a89f964ae570.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 17:21:53 GMT
content-encoding
br
age
282035
x-guploader-uploadid
ABPtcPpO7eI6lU4tmuaq-gLMxK1i2fSGmn3r5co0PsRrV0roBd9nGK25Sd8HEurgnzUi0gfNXCc
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4962
last-modified
Wed, 13 Dec 2023 20:29:09 GMT
server
UploadServer
etag
"801d41813e7b11c4986b4ca00307283b"
x-goog-generation
1701276222542985
x-goog-hash
crc32c=+KL22A==, md5=gB1BgT57EcSYa0ygAwcoOw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4962
accept-ranges
bytes
content-type
text/javascript
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.26.29 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
29.26.149.34.bc.googleusercontent.com
Software
/
Resource Hash
6aa055db917c214d6a4fcc8ace5561934847c2f397ddafb71e34ea9a23f82731

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.107.155.179 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
179.155.107.34.bc.googleusercontent.com
Software
/
Resource Hash
bfcdaa379bdd1818a27139be4f4b3aa1526143fa657afbbcb8be769dc69c42dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.186.202.199 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
199.202.186.35.bc.googleusercontent.com
Software
/
Resource Hash
f34c6a3c394365248df5229025f8b77cd254160fe7c97d66a4ed70cb2121ee95

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
jquery-3.5.1.min.js
assets.bounceexchange.com/assets/bounce/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 21:13:15 GMT
content-encoding
br
age
1304953
x-guploader-uploadid
ABPtcPoq4bikuDjEXxhIRqOeFVUNHyQjQn_3DSypmEUzQdxzIuVdDqphGxJDLU-A7xxdZ4uIQJQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31584
last-modified
Wed, 13 Dec 2023 20:28:32 GMT
server
UploadServer
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary
Accept-Encoding
x-goog-generation
1702499312244758
x-goog-hash
crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
89476
accept-ranges
none
content-type
text/javascript; charset=UTF-8
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 3AA0 		2 KB
969 B 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
1743857
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Tue, 12 Dec 2023 19:18:11 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Mon, 11 Dec 2023 15:58:02 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1702310281887143
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
ABPtcPrjUNKCUQvWeOTvxf-0mr-WQ02rhQ2tN-VtSj3pWrPNeUXgAvxSv4kDB2Hyr_DvQODau0I
graphql
www.paypal.com/targeting/ Frame 3256 		435 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
be3c40ad90921613ee92d2a482fd8b3b88ce5298b300a4f947f803edee483d9d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-ssgMS4NZ1vXJ1GgAne2zwDQN3UZogcsSrZLWEvoVMP91CrX4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypalobjects.com/
disable-set-cookie
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-ssgMS4NZ1vXJ1GgAne2zwDQN3UZogcsSrZLWEvoVMP91CrX4' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Jan 2024 23:42:29 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
paypal-debug-id
f609293ef31bb
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230103-FRA, cache-fra-eddf8230103-FRA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f609293ef31bb-aef47acd02c1b2f2-01
x-timer
S1704152549.213061,VS0,VE252
etag
W/"1b3-WiuePwwxVpfctaotis6Sw7cXRFM"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0
graphql
www.paypal.com/targeting/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,disable-set-cookie
Access-Control-Request-Method
POST
Origin
https://www.paypalobjects.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type,disable-set-cookie
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Mon, 01 Jan 2024 23:42:29 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f609293d5b6d4
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f609293d5b6d4-798045b6fbe77c26-01
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-served-by
cache-fra-eddf8230085-FRA, cache-fra-eddf8230085-FRA
x-timer
S1704152549.004228,VS0,VE199
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Mon, 01 Jan 2024 23:42:29 GMT
expires
0
klarna-correlation-id
caa677bd-afb8-46cb-beda-a9b59a3edb99
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
200
x-content-type-options
nosniff
x-country
DE
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
4
x-frame-options
SAMEORIGIN
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-geo-longitude
7.25710
x-geo-zip
53639
x-permitted-cross-domain-policies
none
x-request-id
caa677bd-afb8-46cb-beda-a9b59a3edb99
x-time-zone
Europe/Berlin
x-xss-protection
0
metrics
api.usehero.com/ Frame 54E1 		0
991 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Mon, 01 Jan 2024 23:42:29 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
Europe/Berlin
klarna-correlation-id
c0b258d1-9064-4156-8aec-cbddb3f72b48
x-envoy-upstream-service-time
67
cross-origin-resource-policy
same-origin
x-geo-longitude
7.25710
x-xss-protection
0
x-request-id
c0b258d1-9064-4156-8aec-cbddb3f72b48
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
53639
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-country
DE
x-accuracy
200
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Mon, 01 Jan 2024 23:42:29 GMT
expires
0
klarna-correlation-id
b543838b-1fea-40b0-bec9-d2ca75f3a58e
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
200
x-content-type-options
nosniff
x-country
DE
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
6
x-frame-options
SAMEORIGIN
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-geo-longitude
7.25710
x-geo-zip
53639
x-permitted-cross-domain-policies
none
x-request-id
b543838b-1fea-40b0-bec9-d2ca75f3a58e
x-time-zone
Europe/Berlin
x-xss-protection
0
metrics
api.usehero.com/ Frame 54E1 		0
990 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Mon, 01 Jan 2024 23:42:29 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
Europe/Berlin
klarna-correlation-id
cd81de8b-48c0-4e5b-971d-49cdfe3aff75
x-envoy-upstream-service-time
9
cross-origin-resource-policy
same-origin
x-geo-longitude
7.25710
x-xss-protection
0
x-request-id
cd81de8b-48c0-4e5b-971d-49cdfe3aff75
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
53639
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-country
DE
x-accuracy
200
expires
0
metrics
api.usehero.com/ Frame 54E1 		0
991 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Mon, 01 Jan 2024 23:42:29 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
Europe/Berlin
klarna-correlation-id
cadee87b-32a0-4619-bbb1-70df23a9ac6e
x-envoy-upstream-service-time
11
cross-origin-resource-policy
same-origin
x-geo-longitude
7.25710
x-xss-protection
0
x-request-id
cadee87b-32a0-4619-bbb1-70df23a9ac6e
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
53639
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-country
DE
x-accuracy
200
expires
0
lineup
api.usehero.com/info/ Frame 54E1 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/info/lineup?appId=efcf9631-4c6b-4874-9f76-51f71464249a&id=3VNlAm9GwR
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
10cb648577cd959f9689219debd64d9d4b54d98d5d62ce13cf912e764f0fba55
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
28834f16-3196-44f0-b839-385dfceef27d
cross-origin-resource-policy
same-origin
x-geo-longitude
7.25710
pragma
no-cache
referrer-policy
same-origin
etag
W/"11c-2y57Lxw3r1MSdxf4yUcKTvs8Bzk"
x-frame-options
SAMEORIGIN
x-geo-zip
53639
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
public, max-age=120
x-geo-latitude
50.70170
x-accuracy
200
expires
0
date
Mon, 01 Jan 2024 23:42:29 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
Europe/Berlin
x-envoy-upstream-service-time
7
content-length
284
x-xss-protection
0
x-request-id
28834f16-3196-44f0-b839-385dfceef27d
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
DE
x-geo-city
Königswinter
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Mon, 01 Jan 2024 23:42:29 GMT
expires
0
klarna-correlation-id
887f73dc-b31c-465f-a64e-f99ac6acd052
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
200
x-content-type-options
nosniff
x-country
DE
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
5
x-frame-options
SAMEORIGIN
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-geo-longitude
7.25710
x-geo-zip
53639
x-permitted-cross-domain-policies
none
x-request-id
887f73dc-b31c-465f-a64e-f99ac6acd052
x-time-zone
Europe/Berlin
x-xss-protection
0
metrics
api.usehero.com/ Frame 54E1 		0
990 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Mon, 01 Jan 2024 23:42:29 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
Europe/Berlin
klarna-correlation-id
6106d68b-accf-431d-bfe7-7663769f8462
x-envoy-upstream-service-time
9
cross-origin-resource-policy
same-origin
x-geo-longitude
7.25710
x-xss-protection
0
x-request-id
6106d68b-accf-431d-bfe7-7663769f8462
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
53639
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-country
DE
x-accuracy
200
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.48.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-48-134.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Mon, 01 Jan 2024 23:42:29 GMT
expires
0
klarna-correlation-id
fbe7d2d8-2ae4-48fe-bbc0-f2f80f87d95e
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
200
x-content-type-options
nosniff
x-country
DE
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
6
x-frame-options
SAMEORIGIN
x-geo-city
Königswinter
x-geo-latitude
50.70170
x-geo-longitude
7.25710
x-geo-zip
53639
x-permitted-cross-domain-policies
none
x-request-id
fbe7d2d8-2ae4-48fe-bbc0-f2f80f87d95e
x-time-zone
Europe/Berlin
x-xss-protection
0
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=13.76.1&pid=1926&pn=1&sn=1&uu=4b3a53a5-0b47-a080-adb3-d12b9347504c
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.129.60.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-129-60-35.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Mon, 01 Jan 2024 23:42:29 GMT
content-length
2
content-type
application/json
g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
upload.usehero.com/avatars/ Frame 54E1 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-67.zrh55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 16:22:23 GMT
via
1.1 aca4cfc16ad0f84e78738cc400bfb7f4.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 20:33:39 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
age
26407
x-amz-server-side-encryption
AES256
etag
"dd497646e037b78e9dc7ed0418ad50f0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1340
x-amz-cf-id
vNaIvefBxUSrIDCdYfEV7Xc2-ex5JuRpXfX3OPyr9VcZVS8vMWfp8Q==
BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
upload.usehero.com/avatars/ Frame 54E1 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-67.zrh55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 16:22:23 GMT
via
1.1 aca4cfc16ad0f84e78738cc400bfb7f4.cloudfront.net (CloudFront)
last-modified
Tue, 22 Feb 2022 11:23:23 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
age
26407
etag
"3436467bdbf884d229cc844f2d56d81a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1279
x-amz-cf-id
vCRI-yIayXz98hvqGykLq9Favwf-__iae84frH6M0ptk-vuH2HvtQw==
KXuBcpbKnO-gHpck1F3eu0hJr5Ylv-7p-56x56.jpg
upload.usehero.com/avatars/ Frame 54E1 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/KXuBcpbKnO-gHpck1F3eu0hJr5Ylv-7p-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-67.zrh55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c363b09ddcb37d2bb5655e872f15bcb72a98f76d2a58adb85a1daa57bee2a46e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 00:06:28 GMT
via
1.1 aca4cfc16ad0f84e78738cc400bfb7f4.cloudfront.net (CloudFront)
last-modified
Sat, 23 Dec 2023 22:32:37 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
age
84962
etag
"ef4acd5484a8c70f9097e83fe46ff68a"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1314
x-amz-cf-id
6hoiXZ44wKe1DBDK-k7g6KP0I4vwiScFMnGgMw_esF4jW_-1S91W_A==
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:29 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 6d96f6742a3e24fad8577272b38c550a.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
age
2349587
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1101 si/36D18cae0e63-1701461947-2109683794 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
36218cae0e47/[2,-,1701802948009] 36D18cae0e63/[hit]
x-amz-cf-id
pu9Z7XRVkh0v9T_0_kgnCF8qilbbCbmFlSQocNvV_kaXlXA3LJyIbA==
g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
upload.usehero.com/avatars/ Frame E61C 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/g7DpgClT3s-wxtO5FCiqgcJ_ybMbXCFK-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-67.zrh55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 16:22:23 GMT
via
1.1 aca4cfc16ad0f84e78738cc400bfb7f4.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 20:33:39 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
age
26407
x-amz-server-side-encryption
AES256
etag
"dd497646e037b78e9dc7ed0418ad50f0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1340
x-amz-cf-id
j3r8txYku9mgC8mY45Mv-QtdaR1GEhnrvg7uR48GKxhUtHvgKOGCDg==
BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
upload.usehero.com/avatars/ Frame E61C 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-67.zrh55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 16:22:23 GMT
via
1.1 aca4cfc16ad0f84e78738cc400bfb7f4.cloudfront.net (CloudFront)
last-modified
Tue, 22 Feb 2022 11:23:23 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
age
26407
etag
"3436467bdbf884d229cc844f2d56d81a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1279
x-amz-cf-id
e3v479xzQko6hTyIbLv34dLa09y714bMfI61KQ6TxWVni5F6ObBryQ==
KXuBcpbKnO-gHpck1F3eu0hJr5Ylv-7p-56x56.jpg
upload.usehero.com/avatars/ Frame E61C 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/KXuBcpbKnO-gHpck1F3eu0hJr5Ylv-7p-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-67.zrh55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c363b09ddcb37d2bb5655e872f15bcb72a98f76d2a58adb85a1daa57bee2a46e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 00:06:28 GMT
via
1.1 aca4cfc16ad0f84e78738cc400bfb7f4.cloudfront.net (CloudFront)
last-modified
Sat, 23 Dec 2023 22:32:37 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
age
84962
etag
"ef4acd5484a8c70f9097e83fe46ff68a"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1314
x-amz-cf-id
kRHp5f079CE3yv5CColvw5CiGch22aHol1hy2p55Dfmy1aFGGOom4A==
458359.gif
idsync.rlcdn.com/ 		0
0
script-tag.js
cdn-scripts.signifyd.com/api/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-123.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
613a0081b64a7df6a20f9ba46cd384e4061e288f439ba8755cd664fbad3177c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:18:46 GMT
content-encoding
gzip
via
1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront)
last-modified
Wed, 13 Dec 2023 10:00:02 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
age
1434
x-amz-server-side-encryption
AES256
etag
W/"615c232b2321c7908499921b3adc8138"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
U4nguxaLy_94Izo2sfmI2lPRRct5sAvxWJlMDKz1fMj48ovU8dCrtQ==
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-123.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:23:52 GMT
content-encoding
gzip
via
1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
age
1118
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
GTRDJcK_84E0T3Sd4k5WXqVk7uOPszR7FBx7T3Xy-MB6UCU9yhOyaw==
us.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		9 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/us.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
140.174.14.99 Frankfurt am Main, Germany, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:29 GMT
x-amz-version-id
9zy6w68xzC0VtboioQSwQDLT607ezHMK
via
1.1 6d96f6742a3e24fad8577272b38c550a.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
age
2349588
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1101 si/36D18cae0e63-1701461947-2109683794 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-meta-deploy
621192
content-length
676
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
36218cae0e47/[2,-,1701802948009] 36D18cae0e63/[hit]
x-amz-cf-id
pu9Z7XRVkh0v9T_0_kgnCF8qilbbCbmFlSQocNvV_kaXlXA3LJyIbA==
t2h1kwcnzoka3pjv.js
imgs.signifyd.com/ 		95 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/t2h1kwcnzoka3pjv.js?bz7nmjjvlbg3ic69=w2txo5aa&3yze9txs41rs4302=LzUwOWYyZDZkYmQ4OWYwNzNkMTU3MTMyMDUw
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
93e78ec6e3e812cb50ba93c3f4df9369d9471cdd091954845faea46a496926b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
lNUi0PsDhgLdYY50
imgs.signifyd.com/ Frame EA27 		272 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/t2h1kwcnzoka3pjv.js?bz7nmjjvlbg3ic69=w2txo5aa&3yze9txs41rs4302=LzUwOWYyZDZkYmQ4OWYwNzNkMTU3MTMyMDUw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
d0cfe16d7ab185cca32ad2218bf2be38986e91398cf5a5fe15e2dad1aff44b36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
41f800e5619eeab4
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
lzLf8N2SRToqdoTz
imgs.signifyd.com/ Frame EA27 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/lzLf8N2SRToqdoTz?7fd43db0b0d375bc=MVe8W4FlsMPMxDzkzHlziiu0-Z8iu4pO0PQZPeFKIiE7axsUb3YPdOAbhJNfBNF3LTVAyo7QDJxa2vpS5D1uObm-RwFOFgcc0vHCPo6s0c6kbI_I01bXDCca0dDSF8fLy_rcyib5fJAFiG6xzExwvqrjXxVS_r7ibd7ugcI
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
8UPSv195kD_RtC1Z
imgs.signifyd.com/ Frame EA27 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/8UPSv195kD_RtC1Z?15dfde7fbdf78027=iKUnZjePaL6g7otPHht7LLEUPEfL1Aa79tKADQfwrlWBflz_AQZ0pzu8TFngyDeNGIuY-sE02PaTDup-1pLGYlCIVEP_Jl852RenF4gVjr6tlkaESWa52kAiUu0RLa3bVoaZ1gF-RqrVE-Jl2SucabEF8rG46S7DG3SmzXE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
clear.png
imgs.signifyd.com/fp/ Frame EA27 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*, w2txo5aa/41f800e5619eeab4lzuwowyyzdzkymq4owywnznkmtu3mtmymduw
Referer
https://www.elfcosmetics.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 01 Jan 2024 23:42:30 GMT
Server
Apache
Etag
f1b09108324b4ab7ae729871ede425f8
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Sat, 30 Dec 2028 23:42:30 GMT
DSfc8J29YoPsk_7E
imgs.signifyd.com/ Frame 722C 		90 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/DSfc8J29YoPsk_7E?abaa41ad3b3cda49=9AE6AsZojrpq_B-_3aOQX7sfvnoI-2AX5M01Cx-WRtQMSbfzg2VDh8Y4SrCZjoStKchOeKPQa6NuK5PeDO8yF1TjuIWclXfeO4h7f3Hc_gtyvL-Y8tWdW79wmJfgnplNdO6Zpfi_phkpuPBXGPYe4KS9I0of97GBekUkMTAnAmXqWt5XNwkMdJynfO-DKFuWlCpfQ04b4MXBFhjNYZI
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
1719520a2edbdbde4a23a9e88a9c8f5042192f655723ef5d9d9c7d699379bd23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Mon, 01 Jan 2024 23:42:30 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
Wobv5ENQzJza_C32
imgs.signifyd.com/ Frame EA27 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Wobv5ENQzJza_C32?0755886101fab15c=kUjq8x8mhBK_jGNXiiUEABw2W14bK8cKsNoB8oJx7rCoSzVJA5NZoV-XkgwavV-6BH7OCLk9WrQYPTm1z7rAxQFsYNkaH65tzAnL0UlGwVQAaT39M5Ik6bw2Bt9b0ALLkT_1uDaCpJhwAqbPqcS2p8E34u4&jb=3b3c266e7963353c32663d6b316b32636e633f366c326b6b3e30333b6d336d303b3036603b3a37
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
uqh9frqcwuCoIU4o
h.online-metrix.net/ Frame 8A21 		103 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/uqh9frqcwuCoIU4o?44e9e068c6c7d6f9=qMPuZjaFJYrNGbSrrssEFy5h54E19nsgeC5-CJsl50KOhS6gDR7Qe27LeJ63Y0D8R0U3vdq3DPDeN7u3074XSRMztHq_xltC55FlMAkzl3dwaJ4RT0joTsuhpaYRhdNaSvul6Cn-31RPV_te0r3criSDmRp1PSyXiO5EQ_kXlxVVudbKua6f0zObU-0QrWW-kY4iX5thg6uz3LNJwAzw
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.132.130 , United States, ASN30286 (THM, US),
Reverse DNS
h.online-metrix.net
Software
Apache /
Resource Hash
af4ccb5a9b635dc31f2feedb5402c95df0348613e8f44aeb3b6db5392a03ce91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Mon, 01 Jan 2024 23:42:30 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
-JA84ltNZyg169Mx
imgs.signifyd.com/ Frame A1D3 		90 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/-JA84ltNZyg169Mx?273ae7f69f101345=BweRgm_JDHVz2C4-og7Lw4gGVmOaTeqjVvz4yjO5Yur3Dt-spBkl3w2J3cXwQsm69chw7TKD_3uagE4HEwgNQeYUBGlROFgEDqMEuGr2Y3xCncJ8i0iauwZ-QML3LZtpyqhaMh8GZzEmA3RVsEWqZOi_ALlOhl_hu7Flmw-m89sXXapCy2fnl2pTBsIu2A4c55IfsXtfTEBpt5E8foDa
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
8d534968d74abddab43f032b0d097070c91cb9e908710611557a46f8b88c11a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Mon, 01 Jan 2024 23:42:30 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=98
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
Wobv5ENQzJza_C32
imgs.signifyd.com/ Frame EA27 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Wobv5ENQzJza_C32?0755886101fab15c=kUjq8x8mhBK_jGNXiiUEABw2W14bK8cKsNoB8oJx7rCoSzVJA5NZoV-XkgwavV-6BH7OCLk9WrQYPTm1z7rAxQFsYNkaH65tzAnL0UlGwVQAaT39M5Ik6bw2Bt9b0ALLkT_1uDaCpJhwAqbPqcS2p8E34u4&ja=393234362c246b353c302c70353e30266c3f39343a3a723b3a303024696635393e30307a393830322c7170713730723a2e6c7072373324333c3a3a263932303224313e38382c3130383a2c333c3238243b323a3a243936303a2e39303a3a263a2430266f7c3d6930303261606b6e63353d666c6e6e66336f693034313b363f323c68336b3f61266f663d3c2e7b63643f3a3e266e623f607c7e70792f3b4925324c273a447d7d7d246d6c66616773656d7c69637126696f6f2f304e6b6573676f7c61632d6970616f63646b667b26706e35332e78603d373a6e3838636b346a6b6c626f3b393b6237393a3f636f3a6e396a6462306c342e60603d643b6a6b393038636c6c3e333d6f6e3f38363c606c666f3e3b336961613b3d662e627b6f3d556164646d7d712d3a3a313b2c627b623d496a7a6d676f2f38383132322e6a7b677d3d576b666e6f757924627b68753749607a6f6d6f24666a69373e2c66646d3f302666657c703d322e7e7a6637477d7a65706f2f3a4e4265786e616c2c676b7e60723d3638303b6c396332606d6930306f346b6b3f363a3a303a61643b373d363a3b6c6e3c35383a3934396c3e6561633a3e64613336696e68643d383b393331333469246e7837627c7470712d33492d3a4625304e7d77752467646e696f79676d7c6963792c6b6d672f384c6b6f736f6d74616b2563726b65636e6366712e783770667f6f616e5f6c6e6971622f3f4f6e616c716d2178647d67696c577d696c6e6d7f7b556d6f6e61695f7066637167782f3f4f6e616c716d2178647d67696c576b646d6867576969726568697c25354f64696e796f2b7a6475676b665f797d61636b76616765273f476e6966736f2b78647567636c5771626569617f6176672d354d6e696c7367297a6c776d6b665778656b66786461796f702d374f6c6b667b65217264756f61665f766e6b55706e6b7b6d7a2f354f6c696473652b7264776d6364556c65766364767a2d3d456663647965237a6e7d6f636e55797e6f5f7663677f67782f3f4f6e616c716d2178647d67696c576061746b273d4d6c6166796d2e676c556135756f686d665f65624544253a38392e30273a3a284d7a67664f4625383a4d5b25323a3026322f383a4960726f6f617565215f656245442f32324d4e5b442f323a4f5b2d32303b2c3827383a224578656e4544253a384d532530384d4c5146273a384f532f3838392e302f3038416278656761756d2b5f656a43617457676a4169762f30385f6f624d464946474c4f5d616c797e6b646b65645d69727a69717325314a2f32324f5a5c57686c6f646c576d69646f697a2f39482f3a30455a5c5f6b67646f725d6a7f66646f7057606b6c6c556e646f617e273b402f383a4f50545f64646f697c57626c67666e253148273a384f585e556e7a616755666d727e622f394a2532324d585c577b6861666d785f766f7a7c7d78655566676c253348273a324f525e557c6578767d726d576b6f6d727a6f7371636d665768707e692d3b422538324d5a5e557e6f707475706d5f6b67657072677b79696d645d7a6f7e632f394a2d32304f5a5c5d7e6f727e7d72655d6e69647c6d725f636663736d7e70677863632f394a2d32304f5a5c5d79584d482d3342273a30474d5b5f656e6d67656c7e5d61666e6572557d616e742f314a27383a454f5b5f6660675f7a6d66646570576769726763782d39422f383847455355717c63646e6b786c5f64677a697e697c6976677b2f33402f3038474f53557e6d7074757867576466656b7e2d3342273a30474d5b5f7467707e75706f5d6e6465617e5564616e656b702d31482f383a4745535d7c65707c7d72655d606b6c64556464676b742f394a2d323045475b5d7e6f727e7d72655d6061646e57666c6d697e5f6e636c6d69782539482d3a304f4f5157746f787e6f705f61707a61715767626a676b7e253148273a385d45484d4457636f666d7a5d687f6c6c6d725f64646f697c2d3342273a3a574748454457696f677a7a6d73736f6657766f727e7f7a655f637b746b2d3b422530385d45404d4e576b656d7a786d7b73656e5d7c67727e7f786d5f65766b253b4a2d3230554d48474e556167657a726f797b6d645f7e6770767f786f556d7463332d334a2d3a3057474a4d4c5d696d6578786579796d6c5f746f7a7c77786f55793b7463273b422d3a385745404f465f61656f787a6f73796f6c57746572767d706f5579397c635f717a676a2d3b422530385d45404d4e576c6f627f6d577a656e6e677a67785563646e6f25314a253a385f454245445564677a7660577e65727e7d7a652539402d303a5d4f484f4c5f667a617f576a7566646d78732739402d3a3a574f484f445f6c65716d5d6965647e6d7874273b422d3a385745404f465f6f7f6e7c615564786b7f3936266d6e576a37396c6c3d6466643c373c386c646336383d653438606d386f373e6e3a3d35343c3338366e3e383f31267765647635416674656e2d38304b6461262e7d67667835416e746f6e2d303a4378637b25323247706d664f4c2530384f6e65636c6d2e69636e3739&jb=393f352466733545657a6366646925324c3726322f383a225f696e6667777b2d3a304e562d3830333a2c382d39422f38385f696e3c362d31482f383a7036342b2d32384978706c675f6f624963762d3a4c35393d263b362538322049425e47462d3243273a30646163652530384d6561616d212d383049627a676d652f304e33383a243a2636303b312e393a312532325b6b6663786b2d3a4c35393d263b36
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
Content-Type
text/javascript;charset=UTF-8
CsY0aiqIR2PAA5YM
w2txo5aaquwpgc2q3wmzi742kwnwib3fyvb3vr4641f800e5619eeab4am1.e.aa.online-metrix.net/ Frame EA27 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aaquwpgc2q3wmzi742kwnwib3fyvb3vr4641f800e5619eeab4am1.e.aa.online-metrix.net/CsY0aiqIR2PAA5YM?2855ac19394c79b0=rlalZ12i10Gmawv18BEkNNC0_-LRWRqbUOSa1HRDFgwGXRXl6NcXYa9_ubNF1XlkJMlkZkrqOWgmVw0uy47s05utIXPGrNR_GtsW3fB1hGtZA8bStaF3ltpX1vwrxYEWkC84RIyDSsHYFPb-jH1WAw7v4VvI38YMG3m0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.134.131 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
e7AgXHSJmFNE84f8
imgs.signifyd.com/ Frame 722C 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/e7AgXHSJmFNE84f8?ad6dd5e2da27644a=XqUvZH3XyAkE2VGYZA3eJ1YSwNQLsz4QVR4PQbvgESIUoJlEMq-i522OX1XfKXdvUrfsAtSuKCcPzlvIY7XmnGu5w3SkZsZM8pRB23kSpHnC1UZh4ATI67AuLXdpS7Aq4r-xw7UqFcRyAdmm-oCQ1S5Rans&jf=3b3c266e796035396b38323a6a3a39376e333a363a3a6e686d3039673132393d3f34363a383966
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/DSfc8J29YoPsk_7E?abaa41ad3b3cda49=9AE6AsZojrpq_B-_3aOQX7sfvnoI-2AX5M01Cx-WRtQMSbfzg2VDh8Y4SrCZjoStKchOeKPQa6NuK5PeDO8yF1TjuIWclXfeO4h7f3Hc_gtyvL-Y8tWdW79wmJfgnplNdO6Zpfi_phkpuPBXGPYe4KS9I0of97GBekUkMTAnAmXqWt5XNwkMdJynfO-DKFuWlCpfQ04b4MXBFhjNYZI
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imgs.signifyd.com/DSfc8J29YoPsk_7E?abaa41ad3b3cda49=9AE6AsZojrpq_B-_3aOQX7sfvnoI-2AX5M01Cx-WRtQMSbfzg2VDh8Y4SrCZjoStKchOeKPQa6NuK5PeDO8yF1TjuIWclXfeO4h7f3Hc_gtyvL-Y8tWdW79wmJfgnplNdO6Zpfi_phkpuPBXGPYe4KS9I0of97GBekUkMTAnAmXqWt5XNwkMdJynfO-DKFuWlCpfQ04b4MXBFhjNYZI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Cu44HPh4P4xZFu0C
imgs.signifyd.com/ Frame EA27 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/Cu44HPh4P4xZFu0C?a90cdf07a0079c7c=skA56o-ZCQEiat3pnjc4YrSWZe7EQqCllOJkldauiHDdOYoUw4JgD6G58_Fe0xjYcLiDFUECalmfM0jyeXxmLjOiz-vcROpNouYspB0dS3O3EszlxINuwk_VBBXR6vbMWqnxnqMmsnHL1CCCKYxi5eac1rpCyB3tAW8O7cl1ZEodQtaadoVpHv0k5vOI9Voru7XyhTkc0SFJDeXJk1I&jf=3c3b3424796b6c57786e6e377c6c725f4e475d406460625059346a454d4859512e736966576e61766f3f393f3a343b3f3a3d35302c716166557e737a6d3d77676a3a6d6b6c7361247b63645d6167713539303f333b3831333a343835386b323c3c3863673b64383a383130343832326332343c306965396e383b30313a3538313e383a3a383432306b626c38693461616d6e353b3b353c3b69643f6c303039356e353060336f693b3e6232316e31393d693432343f3366613a663c3c6f66333b6931316638666a323b6b326c3b35393b39613c3d6b383563303b373239373c6e6c64683b6b3b356638373b32696e393e3c39616469623f30303264353e3b623a38363a6a39312c79616c5f73636535313a3e3e3a3a3230353a343a38306564633f3839373d603e6e6c32683d6b6b303638606e353f6b39333e37666139623b3b6b623831306f383769306e316e323e6e6e6a61343f3a6c3238383a396a3239306e306d3b38376133396f353238343c3d6e66396e3e6a356568363131393a3e383d3930633f643c30393933643969356139643f3c6b37683a3d3c3826796b6e70373a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=96
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
o5HNdfmD5VS1Ei9y
h.online-metrix.net/ Frame 8A21 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://h.online-metrix.net/o5HNdfmD5VS1Ei9y?ec39f67db026c53d=6-mIa18SmNXuSpSQ3_zw6wlkuGpIjMv-bpKtpDNv16pPu41Esm3eR6ZKjbOEY-yZjpiD7qU5uzVsEvRg8hyX4N8nsS8RfLX1RMQwhUJAGq4Opy_T3EHr0h1_JAxlH_E2In5cWw5DAuaxtaPtLafyZQwJ6MF5UUgVq18oPTKN-jyHIJk7OmaOimkBPbRX22WSCLhT524bDAOu2MBBUDY&jf=3c3b3424796b6c57786e6e377c6c725f626f4b36647b5b695d6449586b4e51492e736966576e61766f3f393f3a343b3f3a3d35302c716166557e737a6d3d77676a3a6d6b6c7361247b63645d6167713539303f333b3831333a343835386b323c3c3863673b64383a383130343832326332343c306965396e383b30313a3538313e383a3a38343460303831393c37653a3f6861343e35316a3e636b383c6e3639393031313368693e3d3964316c393f6a6c393861386b343639646a6e3b353e3d6c3e33363b303d3669693e386b3034663d633c38386138603f3235666f303f6d68393e38306d393269643c673d333e3d3c6132603037313a3e3934366d3b32343a3a386e3f662c79616c5f73636535313a3e3e3a3a3230303a613d383f3931636d3931643c306d6a6834693b3069323838643a3768323b3e3036633a6c39393e3c326466303f34673e63693f3c643c6c3b6b33336f633b3238383a3c6a31363b3b32313b396264613a6f31373c306a3e3e653f3c303f366268333e30383e3c696e6138333a373f3d30633060383833366c306e3d3f393c686a383426796b6e70373b
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.132.130 , United States, ASN30286 (THM, US),
Reverse DNS
h.online-metrix.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://h.online-metrix.net/uqh9frqcwuCoIU4o?44e9e068c6c7d6f9=qMPuZjaFJYrNGbSrrssEFy5h54E19nsgeC5-CJsl50KOhS6gDR7Qe27LeJ63Y0D8R0U3vdq3DPDeN7u3074XSRMztHq_xltC55FlMAkzl3dwaJ4RT0joTsuhpaYRhdNaSvul6Cn-31RPV_te0r3criSDmRp1PSyXiO5EQ_kXlxVVudbKua6f0zObU-0QrWW-kY4iX5thg6uz3LNJwAzw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
c
ids.cdnwidget.com/ 		61 B
235 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=228053202&GCS2=NzgyNDM0Y2ItNTRmNi00YzhmLTk1MmQtYzU3YjU2Y2EyMTE1LmxvY2Fs&pe=false&wsid=4142&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A4142%2C%22loadID%22%3A%22v3pHoQD4lFGmAVF%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A1%2C%22IDStageStart%22%3A1%2C%22netComplete%22%3A177%2C%22obsReqview%22%3A754%2C%22obsReqdata%22%3A886%2C%22obsReqpage%22%3A1174%2C%22IDStagePrefire%22%3A1174%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A1%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%22861164825997472400%22%2C%22visitid%22%3A%221704152548962996%22%7D
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
9f8441024e84c58109845fa52d52c98b3a2a6cde7529d923779fc815053795d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:30 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61
Wobv5ENQzJza_C32
imgs.signifyd.com/ Frame EA27 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Wobv5ENQzJza_C32?0755886101fab15c=kUjq8x8mhBK_jGNXiiUEABw2W14bK8cKsNoB8oJx7rCoSzVJA5NZoV-XkgwavV-6BH7OCLk9WrQYPTm1z7rAxQFsYNkaH65tzAnL0UlGwVQAaT39M5Ik6bw2Bt9b0ALLkT_1uDaCpJhwAqbPqcS2p8E34u4&jac=1&je=3d3837242c756d6137333d243d302e353d2c3b247a673764672662637c737c352d3742273a386c677c67642d38322f3949392e303a273a412f3838797c6174777b253a3a2d3341273a38636a6b706f6164672f383a2d37442c637d666237696b3f6239673e653e30396363636b3c66306b356b39333233393e3b343668376b313b3d333c6a34643a6c643c303e303031306c65366c323b6e6964323e3d312665723135613b39693e6d30353b6d38396c383737643b6c64603a6630303d6133323c3c613868676b316939682c7d61683f2d374a2d3a3261706b6269766f617c7d78652f383a2d33412f303a2738382f384b2532306a697c666d7373273a3825314b273a3a2f32382f3a4b253238607a63646e792f3a32253149253d4a2d3544273a49253038647d6466566f787b616f6e466b7b762f38382f3b4125374a253d4c2d3243273a386d6d686b646d2f32382f3b49666166716d2738492f383a6d6f666d6c2d3a3a2533432d38322738302d3a49253838786461746c6d7a6f2f38382f3b4125303a253a3a2d3243273a38706e6b766e67786d5c6f7a7b696f64273a302f394b2f3a3225303a253a4b2d323275677d36362f303a2d39416c6b647b65253d462e776b66372f3f4225303a627a69666473273a3825314b273d4a2f354e2f3a4b2532386f676063666f2f3a322531496669647b6525304b2f32307a6e697c6c6f78672d3a322539432d30382f38382d3744
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/lNUi0PsDhgLdYY50?c51ec5494b6e4fa2=KkPkOfDbUjVfXuSz0ReP0aIEYq9BbQB_acZJ4Z1G0faLDmYco7Y3ypjoUTJX-aAbXNO0g0ZHmp10-BEj9tUN0Y989R4xqQtrrLCkwDpMdaaU0pn67VMip1K3jbNc0bKyHukm64EFrJDfM7nTbiOGLS5vuaJUFglLKu63szbDg7P74hEwcC-yq3WM-vK02Gom-LNPY4TsDOy6gtsu&jb=3d3326246071677d375763646c6777732c687b6d375d63646c6f77712d32383939266a716a7f3d41627067656f2660796a354368786d65672f383a3b3a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.113 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 01 Jan 2024 23:42:30 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=95
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
init1.js
api.bounceexchange.com/bounce/ 		36 B
342 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=900&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAGAFnwFYAmCi4wigTk2AC8QoBaANmMwHcApgCMcqYIID6qACZRypKpgBOgnCAA2cNBgK9iAD3xVifVTEHLVyqNgCGGjagQBzSXGUaoAC2DAADjgApADMAIJBVABikVH88QB0ghowSCA4ALaCaEg4CWkZsWmZ2ahInEjKqBnODjiYAG6oYsCSaSAA1qiCUEGEAEKRVBr+Q6ERVFS+AcE04ZHUMTTR8fxJKcVZOXkFC9GbpeWV1bUas1SRAMJDymPzk2OEACLYIJ3dvQNDMrJ3E1QADm4+Hw3FIAJojEYhFIhCopFMYyo10mTRkfyIZEoNHBjG4VCh3CuQwafz6g0mGhALhcghk0gQfxgdUExMmggalkkVJpdIZTJZbKoSDsylaAEdgABPP7EIUisWSBoOOCsh7hOXIoY4ODCGp+PkYFpqi7hZlnNUo4bU2n05zSGSCBBoGDddHqsLmnCWoYK1re4ACi3y0WBj1e1nPIUyFxRVDKHDAAAyIDs7tNYWAylVfReyoTAG0ebaGQBdWAsxqinAFjlc4t85zliNVwt+ySSqXlvj5mvt5VaQTd1s1-zKED0sdlIcVi0jgtjieSBB2LLNyu9gv2xMgJAdddzzc6vXiCT0o3iGctzftLpSDIThySMdqJ3AA-e+cNu0IB1v1CunSH6CPO7YBsB87+DI-iSDgHRwBBN6hoh1YLqoDSwfBiGOjABb9iqM49jhRY2o2v6yP+gEyNhgi4WB2QQbe3SSKAIDcqKtKzp+wj+FAfDZLxBYAER+kJAA0Il2BILggMoUriSJ3iCHuIDaAp3ggFkCmLjIcAoAp3qikg3hCaWmD+MAeCvBk-hOHYyBSDAGh2C4tgNN4dhQEAA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date
Mon, 01 Jan 2024 23:42:31 GMT
content-encoding
gzip
x-envoy-upstream-service-time
11
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=UTF-8
cjs-logger
e.cdnwidget.com/ 		0
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.cdnwidget.com/cjs-logger?source=ID%20generation%20error&severity=Warning&error=forbidden%253A%2520disallowed%2520country%252C%2520country%2520code%2520is%2520DE&cookieID=&deviceID=&BXWID=4142&warpspeed=2%5EHIykD&loadID=v3pHoQD4lFGmAVF&version=1.5.9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.193.48 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
48.193.102.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:42:30 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
image/png
collect
analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je3bt0v879088318&_p=1704152546565&gcd=11l1l1l1l1&dma=0&cid=666190451.1704152547&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&dt=&sid=1704152548&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&en=scroll&ep.page_type=content&ep.page_environment=production&ep.page_country=US&ep.page_language=EN&epn.percent_scrolled=90&_et=98&tfd=10132
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 01 Jan 2024 23:42:33 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/
Domain
9231397.fls.doubleclick.net
URL
https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9214776528230;auiddc=2120577767.1704152547;u6=%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
Domain
10742279.fls.doubleclick.net
URL
https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=7672830592695;auiddc=2120577767.1704152547;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals;gtm=45He3bt0v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals?
Domain
pixel.pointmediatracker.com
URL
https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=beba5aac-107f-4d16-86dc-6e4afa577e1c&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1841365464
Domain
www.paypal.com
URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Domain
tr.snapchat.com
URL
https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=501f2895-4df1-4a95-88b4-86aef580a3ff&u_sclid=e97c2a15-c7d7-4815-a236-19e145cd77e3
Domain
idsync.rlcdn.com
URL
https://idsync.rlcdn.com/458359.gif?partner_uid=bf591d20-2c3e-4b77-89dc-5b548ef7b9ec

Verdicts & Comments Add Verdict or Comment

191 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| documentPictureInPicture object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host string| _pxAppId object| content object| PXXT4Gy2ig object| PX undefined| _XT4Gy2ighandler object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive boolean| __HYDRATING__ object| dataLayer boolean| rakutenDataLayer object| DataLayer object| gaViewedIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otSPAPathChange boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom string| AppsFlyerSdkObject function| AF object| OneTrustStub object| DYExps object| DYO object| DYJSON object| _dy_memStore object| history$ object| DYCS object| _uxa object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| onetrustActiveGroups function| create_UUID function| createCookie string| GoogleAnalyticsObject function| ga object| HeroWebPluginSettings string| HeroObject function| hero object| GooglebQhCsO function| snaptr function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| gaplugins object| gaGlobal object| gaData object| Optanon object| OneTrust object| DYWork function| $dy boolean| otLastAcceptAllValue object| ogJsonpFunction object| OG object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs function| ___rmuid object| ___RMCMPW object| AF_cleanupMethods object| AF_SDK function| DataLayerHelper object| paypalDDL string| PaypalOffersObject function| ppq object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels function| UET function| UET_init function| UET_push object| _scPxHelper object| ueto_72abda946a object| uetq object| CS_CONF object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| UXAnalytics object| bouncex function| onYouTubeIframeAPIReady object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| __post_robot_10_0_44__ object| PAYPAL object| webpackChunksmart_tag object| Hero object| bxgraph function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie undefined| $ function| jQuery object| cti110221 function| a0_0x1684 function| a0_0xc90c object| sigScriptLoader object| threatmetrix function| tmx_run_page_fingerprinting boolean| tmx_profiling_started function| tmx_post_session_params_fixed

62 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: b0abdf9f9dff4cfeb2717a9960d575ec
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%224c108043-8b88-e76c-300a-a1efe42e82bf%22%2C%22e%22%3A1704154346574%2C%22c%22%3A1704152546574%2C%22l%22%3A1704152546574%7D
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%2247b33b27-0961-3555-0346-269bf42af7fc%22%2C%22c%22%3A1704152546575%2C%22l%22%3A1704152546575%7D
.elfcosmetics.com/ Name: _pxvid
Value: 6b0a4740-a8ff-11ee-ac06-516fdd6ce34b
.elfcosmetics.com/ Name: pxcts
Value: 6b0a5736-a8ff-11ee-ac06-c3947bfbf1dd
.elfcosmetics.com/ Name: _dyjsession
Value: nas741rjh0meir8beovfcq8ndnc1fxbn
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fcosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: nas741rjh0meir8beovfcq8ndnc1fxbn
.elfcosmetics.com/ Name: _dy_c_exps
Value:
.elfcosmetics.com/ Name: _dy_soct
Value: 647796.1248068.1704152546.nas741rjh0meir8beovfcq8ndnc1fxbn*836603.1652212.1704152546*837245.1654610.1704152546*861617.1750272.1704152546
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.2120577767.1704152547
www.elfcosmetics.com/ Name: FPC
Value: beba5aac-107f-4d16-86dc-6e4afa577e1c
.elfcosmetics.com/ Name: _gid
Value: GA1.2.1960249925.1704152547
.elfcosmetics.com/ Name: _gat_UA-432816-1
Value: 1
.dynamicyield.com/ Name: DYID
Value: -6291528424329359901
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Tue+Jan+02+2024+00%3A42%3A27+GMT%2B0100+(Central+European+Standard+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=7619f514-8315-47da-8ba5-170bce79de90&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fcosmetic-criminals&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0
.elfcosmetics.com/ Name: _dyid
Value: -6291528424329359901
.elfcosmetics.com/ Name: _dyfs
Value: 1704152547147
.elfcosmetics.com/ Name: _dycst
Value: dk.w.c.ws.
.elfcosmetics.com/ Name: _dy_geo
Value: DE.EU.DE_RP.DE_RP_Bann
.elfcosmetics.com/ Name: _dy_df_geo
Value: Germany..Bann
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _px3
Value: 820126334672333e6af792eaa7ebcb3f26a48193c16cfdf9a1eaf7893423f69a:tjSNPcu/ghVcF9Zi8IJoeJZic28xA5nr/8y/3zPfOG7Ker0MEbFMfmrloyw8qrAqo3qL8TWB4pp0Jp6sWJV04w==:1000:oECWrjfH7rb0+kfouVa0glM4x7RXA3pQbUONKnMRGzcYx4O5sM+iB4UCAT9UDk9CH6CtrSByelXejFxYeL6ElSbNeT/zPrjwJUpLNQnzXpCdjKA7271kJUg7RzbRSkQhp4WVCV/Cif8kcfxtcdNi2/bE2A9xs68i+a9MlE7JoQ+1EeREm3rFPIDD8Y7aB36SEuyqNQC22eJEvH+ZcIo8O1p7t2USHWeFDbYZowZZRVo=
.elfcosmetics.com/ Name: og_session_id
Value: 1e72a9589c4f11e9a62ebc764e10b970.290433.1704152547
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
www.elfcosmetics.com/ Name: scapi
Value: prd:2b369fc0-6b09-4eda-83d2-b82a058a72b0:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmODQ1NDdkOS03YjE0LTRkMDItYjkxMC1iODM1OTAxNWE1MzEiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjJiMzY5ZmMwLTZiMDktNGVkYS04M2QyLWI4MmEwNThhNzJiMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDE1MjUxNywic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrS2dYbEhKS3dYYVJsS2dVbXFZWXh1cEY6OmNoaWQ6ICIsImV4cCI6MTcwNDE1NDM0NywiaWF0IjoxNzA0MTUyNTQ3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM1Mjk2NTU4NDI5NTEzMDY0In0.MmYCuXBwKUXRpuH-WKtD6nRGH8dKlpBxdvWUw1BjHIxnNT_hHjbvMo9KxvzN2TacE4iQZhbtx6u0oPLk89-_ew
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1704152547706.4557db1c-fa76-4853-92f0-136ae5da7130
.elfcosmetics.com/ Name: _scid
Value: cff08c2a-9501-4194-a09b-e41ba4062008
.elfcosmetics.com/ Name: _scid_r
Value: cff08c2a-9501-4194-a09b-e41ba4062008
.tiktok.com/ Name: _ttp
Value: 2aNIKj6L6s309oyHYHpEX2K5CdY
.elfcosmetics.com/ Name: _uetsid
Value: 6c0ace80a8ff11eea316bfc6f9c8b3b3
.elfcosmetics.com/ Name: _uetvid
Value: 6c0ad9b0a8ff11ee9405b36ba04fffd2
www.elfcosmetics.com/ Name: dwsid
Value: _NH0-SGdVKHccp04RTcTRTNZGzocFZNef1rSYxU-qZkc8EK-BnUXfuXXYsUkiuKT8yIMGC4KTr5U2usxVspW3g==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: bckKgXlHJKwXaRlKgUmqYYxupF
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.snapchat.com/ Name: sc_at
Value: v2|H4sIAAAAAAAAAA3GwQ0AIAgEsIlIQA/FcVBgCofXvlo19mEYqcciIJO8naLlM6T3sILdK5Mh2vSfH8rHHT8yAAAA
.elfcosmetics.com/ Name: _ga
Value: GA1.1.666190451.1704152547
.pinterest.com/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a
Value: author=client&expires=1735688548094&visitor=14c3b442-a279-4916-ac8d-f4735a27d6d2
.elfcosmetics.com/ Name: _cs_c
Value: 0
.elfcosmetics.com/ Name: _cs_id
Value: 4b3a53a5-0b47-a080-adb3-d12b9347504c.1704152548.1.1704152548.1704152548.1558384338.1738316548175
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1704152548.1.0.1704152548.60.0.0
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPVpHSTNPRGsyWkRJdFl6WmpZeTAwT0dWbUxXSXpabVF0TlRVeFpHRTFNV1JqT1RGaA
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1704152548200.509293144
.linksynergy.com/ Name: rmuid
Value: bf591d20-2c3e-4b77-89dc-5b548ef7b9ec
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: RuzeQCa3ERXRMSnSdbbnKLZw4I8
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.1704154348855
www.elfcosmetics.com/ Name: hero-user-id
Value: null
www.elfcosmetics.com/ Name: esw.currency
Value: USD
www.elfcosmetics.com/ Name: sid
Value: YQXSP0tRYPnAQBiQnP7cVK6NPfx22acGY2g
www.elfcosmetics.com/ Name: _dyid_server
Value: -6291528424329359901
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: ""
www.elfcosmetics.com/ Name: esw.location
Value: US
www.elfcosmetics.com/ Name: currentLocale
Value: en_US
www.elfcosmetics.com/ Name: esw.sessionid
Value: bckKgXlHJKwXaRlKgUmqYYxupF
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_US
imgs.signifyd.com/ Name: thx_guid
Value: 6fcbd1013c6df29ee5fcad67d34fa467

5 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/cosmetic-criminals
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=beba5aac-107f-4d16-86dc-6e4afa577e1c&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1841365464
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other warning URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.138&r=stable&domain=www.elfcosmetics.com(Line 146)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.usehero.com/plugin.5.46.0.js
Message:
<link rel=preload> has an invalid `href` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.pangle-ads.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.usehero.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
cosmeticscriminal.com
ct.pinterest.com
data.cdnbasket.net
e.cdnwidget.com
elfcosmetics.a.bigcontent.io
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
page.cdnbasket.net
pixel.pointmediatracker.com
px.dynamicyield.com
qoe-1.yottaa.net
s.pinimg.com
sc-static.net
sdk.iad-05.braze.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tr.snapchat.com
tr6.snapchat.com
upload.usehero.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aaquwpgc2q3wmzi742kwnwib3fyvb3vr4641f800e5619eeab4am1.e.aa.online-metrix.net
websdk.appsflyer.com
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.google.ru
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
cdn-fsly.yottaa.net
idsync.rlcdn.com
pixel.pointmediatracker.com
tr.snapchat.com
www.paypal.com
108.129.60.35
13.32.110.90
140.174.14.166
140.174.14.99
142.250.186.34
143.204.9.20
151.101.1.35
151.101.128.84
151.101.129.140
151.101.130.133
151.101.193.21
151.101.2.133
173.231.16.77
18.165.183.67
18.65.39.123
184.31.94.141
184.86.251.219
192.229.221.25
2.20.180.2
204.141.88.95
2600:1901:0:56e0::
2600:9000:2156:5c00:11:85b0:d600:93a1
2600:9000:2315:e800:a:b89d:a6c0:93a1
2600:9000:236e:e00:13:d6f4:3240:93a1
2600:9000:2440:8000:15:ad21:c740:93a1
2600:9000:2440:8e00:a:7914:b00:93a1
2606:4700:4400::6812:2089
2606:4700::6812:83ec
2620:1ec:c11::200
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:811::200e
2a00:1450:4001:828::2004
2a00:1450:4001:82a::200e
2a00:1450:400c:c00::9d
2a02:26f0:3100::210:6e29
2a02:26f0:480:f::213:7ece
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42:600::396
2a04:4e42:8d::84
3.33.220.150
34.102.147.248
34.102.193.48
34.107.155.179
34.111.8.32
34.120.253.250
34.149.26.29
34.249.192.31
34.98.67.3
34.98.72.95
35.186.202.199
35.190.10.96
35.190.43.134
44.215.235.184
52.17.48.134
54.230.112.243
54.93.85.9
91.235.132.130
91.235.133.113
91.235.134.131
04c6083a9781b397d0b570f97154a3fa61aac68dfba173617e5a6351786b7470
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
083e613ed2185815dc9dc91ae569c1ea8cb0187da15b88fb4df656b04ade665f
09752e471359d7a3290ab06143136a67ce11d447160a2aa5ecad593c2f79775d
0b780703749e9d94be4394dd37aab70406a66f4c4ca719c7e6480309cec68d28
10cb648577cd959f9689219debd64d9d4b54d98d5d62ce13cf912e764f0fba55
1719520a2edbdbde4a23a9e88a9c8f5042192f655723ef5d9d9c7d699379bd23
19b9a6628fa003af26766ce1578420be5068227a572c78f0e20b53e2f2fc1886
1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f
1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa
1b9282666fa91e4ab0acdb92fd7b50f9e0058653b1be4869a213398ab49da248
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
23e447597e860285844304f61396b84ed59102e937a830e01630a7223efc1a5d
2862c51094fb61b87ea95e27c1fffb5edd19eec7821d6fcabe7529aaad524f47
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c8574ba42424a1dcf02c58fda5e3482e2262e0b0dddd09e5935bd94e5eba03e
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b
30ca5a7ae3f12eb7d187d400d8c23903395c7e9c3fa7f85cb742785af28f2c81
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063
3a1d21d72024edca7b98d0a539e7bd1251ecf72f27cdf1a9355f2ce3b24a9e82
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b
3a5d7ae7d3238a007a1015f9cd17060deebeacb1bb45f050e2d37456067bf30c
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
43bdd0f2761bb3d6fd105e1d160455b0b1fd80bfe459092250c59bf9d40dc603
44b213f5bd62e27e3fbdfae203db1bcc5d4e18c26c801afcf7dc8a240255bfe7
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
60cc60a6fcbd230def379432395199b585791ed521e2e5f595369a2193e617fb
613a0081b64a7df6a20f9ba46cd384e4061e288f439ba8755cd664fbad3177c8
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6aa055db917c214d6a4fcc8ace5561934847c2f397ddafb71e34ea9a23f82731
6b42a56b231d70ea3691b9f46363b9f8ed6ca35f6b50084718669b8beac1e57d
6cde9a89e584c1b5cf607b942b8c01db090198f25ad108691e5a8e7f5f6c3c45
6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
748685db7fb6cde494ee41167f555c919bab0d1fa3fd24032ee446a42f653eea
751e95dfdb17c61920e29decb3f17a1d2b9e38e71b7f1f86261459239427a2e7
7bab85eaa8d74cec964409d9e0a5c6d7ed0000b23b6400c562333c6483761ca2
7d5980bf260a05234a968e378f8da7401700be4f17a98cae2fb8f5300a19cd72
7d6b2e34f8baa2cbb0d0352ba4401894ca78bd0e98a8f0259798be00d3f9f4ec
828011e932c7f65177e00c50ef88564628178b9d3190845404b02e3132a14c90
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
849fc336bb6843be3717f3e0582290145c140fd07d42e0ad9faa77ac8c9da72a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8545ec6d9935a9732ca0df8f12c939e9c57afb354a9fbd2da861e2f995e08ffb
8b6c04281cebc6251aefd33b50cb337bfc0a7b3f84ce18cf6edf538d3d3d3a81
8d534968d74abddab43f032b0d097070c91cb9e908710611557a46f8b88c11a6
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dea6b2240fed7b9dccb7a71b05a27a2b41908306b12c498c2c718856568a3cd
8eeb23a1dcd42802d5d861556c6ae4848a05fd28cd22bb8ed884015b62eefd9e
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
908be1aa5d8df692cb9fc1d678a83f8336cacceb5332b3f5fbc318b46ad63e96
93e78ec6e3e812cb50ba93c3f4df9369d9471cdd091954845faea46a496926b9
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
9a77cbb7b054563b83506932790e70186ba3a92e69a147216e3176337178adbb
9b7d9e67f37fc3ae2bcbc2bbe5f7c249cc1091ac00165cbc35a7b6ca3fdeaee5
9f8441024e84c58109845fa52d52c98b3a2a6cde7529d923779fc815053795d4
a19915f513441bab259dbf5472a9501139e4eda8d1891ca5a0bd4efd6d60dd4d
a1cde78c92b661f741f3d9d71380dda42f412d8ee15c331b57d3911d5f1fd68e
a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a621c00d3d17b69f6464fda64a981a503705c3f310bb6656fd6d944db9d9498c
a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed
a86f3a312a265017611f789e39a8987fe705315395d212c4cca0250c28258377
ab12e815caea6aba8fe2da60e7d298cccb649166f81926ff64e5dc56ea526522
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af4ccb5a9b635dc31f2feedb5402c95df0348613e8f44aeb3b6db5392a03ce91
b1fdabf0bbfde031d2de37b191e0b07576b06d3a4f4bd226d1b674e40d047f22
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be3c40ad90921613ee92d2a482fd8b3b88ce5298b300a4f947f803edee483d9d
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c
bfcdaa379bdd1818a27139be4f4b3aa1526143fa657afbbcb8be769dc69c42dc
c0a4c27638ad58a050f6627ad6a25ccf5f92ed58dc768b32f4db7630c7e15946
c25e27d26fc59d8db546ca87f451b425b4f2ae246403e3d46fd503d8fa7576b3
c363b09ddcb37d2bb5655e872f15bcb72a98f76d2a58adb85a1daa57bee2a46e
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d0cfe16d7ab185cca32ad2218bf2be38986e91398cf5a5fe15e2dad1aff44b36
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d80439477bb2a33a0ffa5ab943d9015bedcb7ba4dbc2c62ae69e0df6255067fd
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
df6b271831f064000985634d90dc89eaac5e72310c1819adc13488ad9267a9e9
dfc983293c9baf693a719da3c69be679cbe8aea18c8f35a7abfef41f14800e9c
e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17
e0df0b2dc290fe0685caa7bbe576c22168fd28997b9a73bba4065ae426087c7b
e164d3eb3e9b278fea4e13e0d68d3f1bb3fc421c3a2b709710ddfe8762dc4fad
e1df881dfa3c790fb46a3ab0d0edd13cfaf25c0c369cca89ec8115cfdf338236
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8f118daabadc747ba3e2236a27edce749bb73dde4f16c6c6acc5cce36009a36
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef45c21f7e054481c81992c1a46293a28c9bb8b3722bc566479326187f473c8c
ef8f4b683ebee11444235f7d6c4a5022757f2f83b82cbad144928120bec02ef8
f114a64c26edb67def4dd84a00694f76e0573aedddb68428c52c6ea8b00de4c3
f34c6a3c394365248df5229025f8b77cd254160fe7c97d66a4ed70cb2121ee95
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f66f5edd05293c4351edcec020a867935f7495ef0d0ff7ceb3e6402748585ca6
f7c9da597a7577e800a7f709ba64a761c39300db3c0d05ce959915681c7bdb4c
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616