urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
204.2.49.171  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.cosmeticcriminal.ca/
Effective URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Submission: On January 04 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 75 IPs in 2 countries across 59 domains to perform 270 HTTP transactions. The main IP is 204.2.49.171, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 139937.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.141.89.195 393259 (YOTTAA-AS-1)
1 16 204.2.49.171 393259 (YOTTAA-AS-1)
19 2607:f8b0:400... 15169 (GOOGLE)
5 15 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 2a04:4e42::649 54113 (FASTLY)
5 2600:141b:1c0... 20940 (AKAMAI-ASN1)
9 151.101.66.133 54113 (FASTLY)
5 35.190.10.96 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
12 2606:4700::68... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
3 2600:9000:21d... 16509 (AMAZON-02)
2 173.231.16.77 18450 (WEBNX)
3 8 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
8 2607:f8b0:400... 15169 (GOOGLE)
7 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2600:9000:24f... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
1 2600:9000:210... 16509 (AMAZON-02)
3 3 3.33.220.150 16509 (AMAZON-02)
2 3 68.67.181.211 29990 (ASN-APPNEX)
1 1 8.43.72.98 26667 (RUBICONPR...)
3 3 3.225.218.10 14618 (AMAZON-AES)
1 104.117.182.179 20940 (AKAMAI-ASN1)
1 1 34.199.4.193 14618 (AMAZON-AES)
1 2 54.157.127.36 14618 (AMAZON-AES)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
7 18.173.132.20 16509 (AMAZON-02)
1 34.230.254.96 14618 (AMAZON-AES)
3 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 2 142.251.174.148 15169 (GOOGLE)
1 2 142.251.174.149 15169 (GOOGLE)
1 1 18.238.55.47 16509 (AMAZON-02)
1 35.173.162.10 14618 (AMAZON-AES)
2 2607:f8b0:400... 15169 (GOOGLE)
1 204.2.133.82 393259 (YOTTAA-AS-1)
2 104.102.136.211 16625 (AKAMAI-AS)
1 34.102.147.248 396982 (GOOGLE-CL...)
9 151.101.129.21 54113 (FASTLY)
1 2600:1400:900... 20940 (AKAMAI-ASN1)
3 2600:9000:23c... 16509 (AMAZON-02)
1 142.251.174.156 15169 (GOOGLE)
2 18.238.74.246 16509 (AMAZON-02)
2 2600:141b:1c0... 20940 (AKAMAI-ASN1)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2a04:4e42:200... 54113 (FASTLY)
9 23.48.224.103 20940 (AKAMAI-ASN1)
2 2600:9000:24f... 16509 (AMAZON-02)
1 34.120.253.250 396982 (GOOGLE-CL...)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 18.164.116.94 16509 (AMAZON-02)
1 151.101.65.140 54113 (FASTLY)
14 3.220.245.192 14618 (AMAZON-AES)
2 192.229.210.155 15133 (EDGECAST)
1 7 35.190.43.134 15169 (GOOGLE)
2 34.98.67.3 396982 (GOOGLE-CL...)
1 2001:4860:480... 15169 (GOOGLE)
1 34.236.46.241 14618 (AMAZON-AES)
2 54.205.10.10 14618 (AMAZON-AES)
3 23.56.163.9 16625 (AKAMAI-AS)
2 108.138.106.22 16509 (AMAZON-02)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 23.44.201.169 20940 (AKAMAI-ASN1)
3 151.101.194.133 54113 (FASTLY)
10 34.98.72.95 396982 (GOOGLE-CL...)
12 192.225.157.157 30286 (THM)
2 2 34.111.113.62 396982 (GOOGLE-CL...)
1 54.154.97.89 16509 (AMAZON-02)
1 34.107.244.18 396982 (GOOGLE-CL...)
1 34.149.44.52 15169 (GOOGLE)
1 34.120.206.65 396982 (GOOGLE-CL...)
6 18.238.49.105 16509 (AMAZON-02)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
1 2600:1901:0:5... 15169 (GOOGLE)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
2 34.149.130.207 15169 (GOOGLE)
6 34.111.8.32 396982 (GOOGLE-CL...)
270 75
1    204.141.89.195 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.cosmeticcriminal.ca
16    204.2.49.171 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
19    2607:f8b0:400d:c07::5b (Morganton, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
15    2600:141b:1c00:d::172c:6f1f (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
cdn.media.amplience.net
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
5    2600:141b:1c00:d::172c:6f08 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
cdn.static.amplience.net
9    151.101.66.133 (United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
sdk.iad-05.braze.com
5    35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com
collector-pxxt4gy2ig.px-cloud.net
4    2607:f8b0:400d:c0b::5e (Morganton, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
12    2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    2607:f8b0:4006:81f::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2600:9000:21dd:b800:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
2    173.231.16.77 (United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org
api.ipify.org
8    2607:f8b0:400d:c03::9a (Morganton, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2607:f8b0:400d:c0c::95 (Morganton, United States)

ASN15169 (GOOGLE, US)
static.doubleclick.net
8    2607:f8b0:400d:c09::5f (Morganton, United States)

ASN15169 (GOOGLE, US)
jnn-pa.googleapis.com
7    2607:f8b0:400d:c03::93 (Morganton, United States)

ASN15169 (GOOGLE, US)
www.google.com
2    2607:f8b0:4006:80e::2016 (United States)

ASN15169 (GOOGLE, US)
i.ytimg.com
1    2600:9000:24f1:aa00:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
2    2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2600:9000:210b:8a00:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
3    3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
3    68.67.181.211 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
secure.adnxs.com
1    8.43.72.98 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
3    3.225.218.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com
ups.analytics.yahoo.com
1    104.117.182.179 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-117-182-179.deploy.static.akamaitechnologies.com
hb.yahoo.net
1    34.199.4.193 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-4-193.compute-1.amazonaws.com
pixel.pointmediatracker.com
2    54.157.127.36 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-157-127-36.compute-1.amazonaws.com
cnv.event.prod.bidr.io
4    2607:f8b0:400d:c1d::5e (Morganton, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2607:f8b0:4004:c09::9b (Ashburn, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
7    18.173.132.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-132-20.jfk52.r.cloudfront.net
async-px.dynamicyield.com
1    34.230.254.96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-254-96.compute-1.amazonaws.com
px.dynamicyield.com
3    2600:141b:1c00:23::1730:e04d (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
elfcosmetics.a.bigcontent.io
2    142.251.174.148 (United States)

ASN15169 (GOOGLE, US)
PTR: qc-in-f148.1e100.net
9231397.fls.doubleclick.net
2    142.251.174.149 (United States)

ASN15169 (GOOGLE, US)
PTR: qc-in-f149.1e100.net
10742279.fls.doubleclick.net
1    18.238.55.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-47.jfk52.r.cloudfront.net
ads.undertone.com
1    35.173.162.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-162-10.compute-1.amazonaws.com
evt.undertone.com
2    2607:f8b0:400d:c0b::9a (Morganton, United States)

ASN15169 (GOOGLE, US)
adservice.google.com
1    204.2.133.82 (United States)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
2    104.102.136.211 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-136-211.deploy.static.akamaitechnologies.com
static.ordergroove.com
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
9    151.101.129.21 (United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    2600:1400:9000::687e:775a (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com
3    2600:9000:23cb:e800:13:d6f4:3240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.usehero.com
1    142.251.174.156 (United States)

ASN15169 (GOOGLE, US)
PTR: qc-in-f156.1e100.net
www.googleadservices.com
2    18.238.74.246 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-74-246.jfk52.r.cloudfront.net
sc-static.net
2    2600:141b:1c00:d85::1931 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
s.pinimg.com
2    2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
9    23.48.224.103 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-224-103.deploy.static.akamaitechnologies.com
analytics.tiktok.com
2    2600:9000:24f1:3400:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
1    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    18.164.116.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-94.jfk50.r.cloudfront.net
t.contentsquare.net
1    151.101.65.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
14    3.220.245.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-245-192.compute-1.amazonaws.com
api.usehero.com
2    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
t.paypal.com
7    35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com
tr.snapchat.com
tr6.snapchat.com
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
1    2001:4860:4802:32::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    34.236.46.241 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-46-241.compute-1.amazonaws.com
external-api.jebbit.com
2    54.205.10.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-10-10.compute-1.amazonaws.com
c.contentsquare.net
3    23.56.163.9 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-163-9.deploy.static.akamaitechnologies.com
ct.pinterest.com
2    108.138.106.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-22.jfk50.r.cloudfront.net
cdn-scripts.signifyd.com
1    2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    23.44.201.169 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-201-169.deploy.static.akamaitechnologies.com
analytics.pangle-ads.com
3    151.101.194.133 (United States)

ASN54113 (FASTLY, US)
www.paypalobjects.com
10    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
12    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
2    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
1    54.154.97.89 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-97-89.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
1    34.107.244.18 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 18.244.107.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.149.44.52 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 52.44.149.34.bc.googleusercontent.com
page.cdnbasket.net
1    34.120.206.65 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.206.120.34.bc.googleusercontent.com
view.cdnbasket.net
6    18.238.49.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-105.jfk52.r.cloudfront.net
upload.usehero.com
2    192.225.158.1 (United States)

ASN30286 (THM, US)
PTR: a-sac.h.online-metrix.net
h.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
PTR: d.aa.online-metrix.net
w2txo5aax2tfi3ouyrvyd6sfuvuoxns3helzscpka00efa3b15da992esac.d.aa.online-metrix.net
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
ids.cdnwidget.com
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
2    34.149.130.207 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
6    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
Apex Domain
Subdomains		 Transfer
23 usehero.com
cdn.usehero.com — Cisco Umbrella Rank: 53942
api.usehero.com — Cisco Umbrella Rank: 46106
upload.usehero.com — Cisco Umbrella Rank: 88319
311 KB
20 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 13847
cdn.static.amplience.net — Cisco Umbrella Rank: 47248
7 MB
19 youtube.com
www.youtube.com — Cisco Umbrella Rank: 79
2 MB
16 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 68
static.doubleclick.net — Cisco Umbrella Rank: 371
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 320638 Failed
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 512502 Failed
stats.g.doubleclick.net — Cisco Umbrella Rank: 184
8 KB
16 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 139937
323 KB
14 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 10774
imgs.signifyd.com — Cisco Umbrella Rank: 8345
95 KB
12 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 9310
st.dynamicyield.com — Cisco Umbrella Rank: 8286
async-px.dynamicyield.com — Cisco Umbrella Rank: 8253
px.dynamicyield.com — Cisco Umbrella Rank: 39125
232 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 625
322 KB
11 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 3848
api.bounceexchange.com — Cisco Umbrella Rank: 3755
296 KB
11 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3050
t.paypal.com — Cisco Umbrella Rank: 3583
239 KB
10 google.com
www.google.com — Cisco Umbrella Rank: 6
adservice.google.com — Cisco Umbrella Rank: 189
analytics.google.com — Cisco Umbrella Rank: 266
40 KB
9 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 818
252 KB
8 googleapis.com
jnn-pa.googleapis.com — Cisco Umbrella Rank: 306
80 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
95 KB
7 snapchat.com
tr.snapchat.com — Cisco Umbrella Rank: 1096
tr6.snapchat.com — Cisco Umbrella Rank: 1403
1 KB
6 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3700
1 KB
5 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 3526
514 B
5 px-cloud.net
collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 271980
2 KB
4 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 4291
c.contentsquare.net — Cisco Umbrella Rank: 4768
srm.ba.contentsquare.net — Cisco Umbrella Rank: 22103
69 KB
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 25002 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 9663
1 MB
3 cdnwidget.com
ids.cdnwidget.com — Cisco Umbrella Rank: 5618
pd.cdnwidget.com — Cisco Umbrella Rank: 5233
idr.cdnwidget.com — Cisco Umbrella Rank: 9935
1 KB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 3974
w2txo5aax2tfi3ouyrvyd6sfuvuoxns3helzscpka00efa3b15da992esac.d.aa.online-metrix.net
16 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 6828
page.cdnbasket.net — Cisco Umbrella Rank: 6830
view.cdnbasket.net — Cisco Umbrella Rank: 6834
1014 B
3 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2512
32 KB
3 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 1083
2 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 692
14 KB
3 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 68342
external-api.jebbit.com — Cisco Umbrella Rank: 83668
60 KB
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 158403
8 KB
3 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 505
876 B
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 356
secure.adnxs.com — Cisco Umbrella Rank: 793
3 KB
3 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 1095
match.adsrvr.org — Cisco Umbrella Rank: 594
1 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 764
837 B
2 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 845
1 KB
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 10004
tags.rd.linksynergy.com — Cisco Umbrella Rank: 7397
696 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 240
91 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 1174
21 KB
2 sc-static.net
sc-static.net — Cisco Umbrella Rank: 1399
36 KB
2 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 32223
63 KB
2 undertone.com
ads.undertone.com — Cisco Umbrella Rank: 11184
evt.undertone.com — Cisco Umbrella Rank: 9771
848 B
2 bidr.io
cnv.event.prod.bidr.io — Cisco Umbrella Rank: 12125
1 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
21 KB
2 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 104
6 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2685
440 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
213 KB
1 pangle-ads.com
analytics.pangle-ads.com — Cisco Umbrella Rank: 2641
966 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 98
185 B
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1988
637 B
1 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 5411
6 KB
1 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1770
9 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 173
2 KB
1 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 6735
12 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 8466
15 KB
1 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 6176
498 B
1 yahoo.net
hb.yahoo.net — Cisco Umbrella Rank: 1385
663 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 620
913 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 10791
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 950
314 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1219
24 KB
1 cosmeticcriminal.ca
www.cosmeticcriminal.ca
328 B
270 59
Domain Requested by
19 www.youtube.com www.elfcosmetics.com
www.youtube.com
16 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
15 cdn.media.amplience.net 5 redirects www.elfcosmetics.com
14 api.usehero.com cdn.usehero.com
12 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
10 assets.bounceexchange.com www.elfcosmetics.com
9 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
9 www.paypal.com www.elfcosmetics.com
www.paypal.com
www.paypalobjects.com
8 jnn-pa.googleapis.com www.youtube.com
8 googleads.g.doubleclick.net 3 redirects www.youtube.com
www.elfcosmetics.com
7 async-px.dynamicyield.com cdn.dynamicyield.com
7 www.google.com www.youtube.com
www.elfcosmetics.com
6 upload.usehero.com cdn.usehero.com
6 tr.snapchat.com 1 redirects www.elfcosmetics.com
sc-static.net
6 sdk.iad-05.braze.com cdn-fsly.yottaa.net
5 events.bouncex.net
5 collector-pxxt4gy2ig.px-cloud.net www.elfcosmetics.com
5 cdn.static.amplience.net www.elfcosmetics.com
4 www.gstatic.com www.youtube.com
www.gstatic.com
4 fonts.gstatic.com www.youtube.com
3 www.paypalobjects.com www.elfcosmetics.com
www.paypalobjects.com
3 ct.pinterest.com s.pinimg.com
www.elfcosmetics.com
3 bat.bing.com www.elfcosmetics.com
3 cdn.usehero.com www.elfcosmetics.com
cdn.usehero.com
3 elfcosmetics.a.bigcontent.io www.elfcosmetics.com
3 ups.analytics.yahoo.com 3 redirects
3 cdn.dynamicyield.com www.elfcosmetics.com
3 cdn-fsly.yottaa.net www.elfcosmetics.com
2 idsync.rlcdn.com 2 redirects
2 h.online-metrix.net imgs.signifyd.com
2 pixel.tapad.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 c.contentsquare.net
2 t.paypal.com
2 js.jebbit.com www.elfcosmetics.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 sc-static.net www.elfcosmetics.com
tr.snapchat.com
2 static.ordergroove.com www.elfcosmetics.com
2 adservice.google.com 9231397.fls.doubleclick.net
10742279.fls.doubleclick.net
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 cnv.event.prod.bidr.io 1 redirects www.elfcosmetics.com
2 match.adsrvr.org 2 redirects
2 ib.adnxs.com 2 redirects
2 10742279.fls.doubleclick.net www.googletagmanager.com
cdn.cookielaw.org
2 9231397.fls.doubleclick.net www.googletagmanager.com
cdn.cookielaw.org
2 www.google-analytics.com www.elfcosmetics.com
www.google-analytics.com
2 i.ytimg.com www.youtube.com
2 static.doubleclick.net www.youtube.com
2 api.ipify.org cdn-fsly.yottaa.net
2 www.googletagmanager.com www.elfcosmetics.com
1 idr.cdnwidget.com
1 api.bounceexchange.com www.elfcosmetics.com
1 pd.cdnwidget.com assets.bounceexchange.com
1 tags.rd.linksynergy.com
1 ids.cdnwidget.com assets.bounceexchange.com
1 w2txo5aax2tfi3ouyrvyd6sfuvuoxns3helzscpka00efa3b15da992esac.d.aa.online-metrix.net
1 view.cdnbasket.net assets.bounceexchange.com
1 page.cdnbasket.net assets.bounceexchange.com
1 data.cdnbasket.net assets.bounceexchange.com
1 srm.ba.contentsquare.net t.contentsquare.net
1 tr6.snapchat.com sc-static.net
1 analytics.pangle-ads.com analytics.tiktok.com
1 www.facebook.com
1 external-api.jebbit.com js.jebbit.com
1 analytics.google.com www.googletagmanager.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 alb.reddit.com
1 t.contentsquare.net www.elfcosmetics.com
1 tag.wknd.ai www.elfcosmetics.com
1 www.redditstatic.com www.elfcosmetics.com
1 www.googleadservices.com www.elfcosmetics.com
1 websdk.appsflyer.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 evt.undertone.com 9231397.fls.doubleclick.net
1 ads.undertone.com 1 redirects
1 secure.adnxs.com www.elfcosmetics.com
1 px.dynamicyield.com cdn.dynamicyield.com
1 pixel.pointmediatracker.com 1 redirects
1 hb.yahoo.net www.elfcosmetics.com
1 pixel.rubiconproject.com 1 redirects
1 insight.adsrvr.org 1 redirects
1 js.cnnx.link www.googletagmanager.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 st.dynamicyield.com www.elfcosmetics.com
1 code.jquery.com www.elfcosmetics.com
1 www.cosmeticcriminal.ca 1 redirects
270 89
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-20 -
2024-08-14		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA		 2023-08-15 -
2024-09-13		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M02		 2023-09-03 -
2024-10-01		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2023-02-07 -
2024-02-18		 a year crt.sh
*.iad-05.braze.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-07-27 -
2024-08-27		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2023-07-11 -
2024-08-07		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2023-03-14 -
2024-04-13		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2023-08-04 -
2024-08-17		 a year crt.sh
tag.rmp.rakuten.com
GTS CA 1D4		 2023-12-02 -
2024-03-01		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-13 -
2024-08-20		 10 months crt.sh
*.appsflyer.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-27 -
2024-07-27		 a year crt.sh
*.usehero.com
Amazon RSA 2048 M02		 2023-08-28 -
2024-09-24		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
sc-static.net
Amazon RSA 2048 M03		 2023-12-21 -
2025-01-18		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-07 -
2024-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-10-14 -
2024-01-12		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-25 -
2024-02-21		 6 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M01		 2023-05-24 -
2024-06-21		 a year crt.sh
tag.wknd.ai
R3		 2023-11-20 -
2024-02-18		 3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01		 2023-10-24 -
2024-04-21		 6 months crt.sh
t.contentsquare.net
Amazon RSA 2048 M01		 2023-09-13 -
2024-10-11		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-09-01 -
2024-02-28		 6 months crt.sh
api.usehero.com
Amazon RSA 2048 M01		 2023-02-05 -
2024-03-05		 a year crt.sh
*.snap.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-13 -
2024-04-12		 a year crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2023-02-13 -
2024-02-13		 a year crt.sh
dep.bf.contentsquare.net
Amazon RSA 2048 M01		 2023-03-20 -
2024-04-17		 a year crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M01		 2023-07-03 -
2024-07-31		 a year crt.sh
*.pangle-ads.com
RapidSSL TLS ECC CA G1		 2023-08-10 -
2024-09-09		 a year crt.sh
assets.bounceexchange.com
GTS CA 1D4		 2023-11-20 -
2024-02-18		 3 months crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-11-07 -
2024-12-06		 a year crt.sh
data.cdnbasket.net
GTS CA 1D4		 2023-11-12 -
2024-02-10		 3 months crt.sh
page.cdnbasket.net
GTS CA 1D4		 2023-11-15 -
2024-02-13		 3 months crt.sh
view.cdnbasket.net
GTS CA 1D4		 2023-11-20 -
2024-02-18		 3 months crt.sh
h.online-metrix.net
Trustwave Organization Validation SHA256 CA, Level 1		 2023-01-09 -
2024-01-23		 a year crt.sh
*.d.aa.online-metrix.net
Trustwave Organization Validation SHA256 CA, Level 1		 2023-03-03 -
2024-03-04		 a year crt.sh
ids.cdnwidget.com
R3		 2023-11-13 -
2024-02-11		 3 months crt.sh
pd.cdnwidget.com
R3		 2023-11-13 -
2024-02-11		 3 months crt.sh
*.wunderkind.co
R3		 2023-12-06 -
2024-03-05		 3 months crt.sh
idr.cdnwidget.com
R3		 2023-11-13 -
2024-02-11		 3 months crt.sh

This page contains 17 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Frame ID: E47CBCA645A5B46137D84C5449470AB8
Requests: 173 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: E35686D689A63B8B94BCEEBC77B922C6
Requests: 18 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 61E27A40211B8882C5519F759BFEAF14
Requests: 19 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals
Frame ID: 1A985F637DA4578263F4B5B32177A0C0
Requests: 4 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals
Frame ID: 82D1A3683CBDBF4B8A12348494D064FF
Requests: 3 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Frame ID: B4433000113564B0C2981FD7BE4A5852
Requests: 4 HTTP requests in this frame

Frame: https://cdn.usehero.com/plugin.5.46.0.js
Frame ID: E71F2849CE9C2A36949181E6F220439F
Requests: 13 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=44afc8b1-46eb-4edc-beaa-9c6cd32fb6ed&u_sclid=0837a9b0-82d3-49d9-ae8a-03b709a6605d
Frame ID: 43DA17125B15AD815D8B0E960CB36EA7
Requests: 2 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 315FA69E47488E53215C46FF124C5C33
Requests: 3 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/p?rand=1703025606854&pnid=140&pcid=1bf33bc0-5ab8-429d-b81d-8f8e0bbc75d9
Frame ID: 7C2D91C7F45187040E3FA9166A69839F
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 88B0C2317069677FE02F9BE014EA2963
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Frame ID: E7705CB136715853D53CB39EC5692DEA
Requests: 9 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: F9BF675C85C92C9E9FDFF64C85C9D446
Requests: 1 HTTP requests in this frame

Frame: https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Frame ID: 94C44460AF4CA39EC9184F58EBC2A5AA
Requests: 3 HTTP requests in this frame

Frame: https://imgs.signifyd.com/nWRdbeB55Wd_QSp8?e9da80a06c83ff8c=nKhCcfU2TJwj25cwzvZLTRhHpfbkL6smdrQ04esk9ucLmJB8cugydjBf1EbDxcFuvc7BdJ80T4fBakKkVllmqtekr_n1XEqBKTqmKGiR-fFLRCG_ERegCNcjI1sL770ZcY8Ca90lHYSjafmUDoGyH25E8o67eLFJL9ZjKS51zmt2gIW9I4O_cU7wZ5IfXXZxY1yhfANH-vY8bdnu1fJBSEDR4Tlk3Q
Frame ID: C9BC252A42A6F6E3744A93A8DF1A7C8F
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/AYLtiFSW06A-77P_?64a16a1b0fd0b37f=VxNAALgkmYNjUrKonViAhxftOVd0uWR4RUUMzD2eWyB-9q4qF1p2CJ2JUSSomQYxG6PEsnjESITLPe4dCD6_oDyswr7DEQhVUZOAM8R83MQhYGBE5ZBpjWytuUEXR_GI7sGbsLXri5y-4d_3f9vD7VYz3k0xZoMf8qGThy87EqmjRElqcXpYTM4JLfzB9xSZXJgIKJXimwMpsGWRI6PTigmvakaajl4
Frame ID: 72E9CF688579568E798AD6B110E44708
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/jm0Dtiz8HAdOtf2s?70147a83ac676d03=2xQ5QlklfzEbv4yrO6H_RI54iqIkkBLGkoR_IQm_dvRLPjAIiTezmUp9sHt4YVvOiR6cTBA1S0DhppqOlPP5EYZHzDg-sbaopkeJEOKn_f8qo-NE-LWnGUQ7dNt259tN5a_2xf4CANH_uin8w_RYGUOApZzObWXI935P_q0hX0pAvIITJTBWPeGVGnzdwXn-G0Ahuop1He29K0vgr8Ds_ZY3S24ArbE
Frame ID: F693B854383C9ABC7DD6C85B709C6931
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

e.l.f. Cosmetics | e.l.f. CosmeticsBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://www.cosmeticcriminal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

270
Requests

93 %
HTTPS

38 %
IPv6

59
Domains

89
Subdomains

75
IPs

2
Countries

13551 kB
Transfer

29754 kB
Size

93
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.cosmeticcriminal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 14
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/webm_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
Request Chain 15
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/webm_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
Request Chain 16
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/webm_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
Request Chain 17
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/webm_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
Request Chain 48
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=1XvMwmgPKQzOC4YmTKjDaDo6WzOHK0QJeQ5TmUkIRrs HTTP 303
  • https://www.elfcosmetics.com/callback?usid=67ebbc74-692b-4e3e-8ee5-a14d83b9cad5&code=VuZYYsxrRPbBfQfOY754_QrIJo1FhKZOVcdYhS6joQ8
Request Chain 50
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 59
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 70
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3Dbc7bde60-d87c-42d1-a928-3cf9c87e7e81 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=7127193156451201099&ttd_tdid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&gdpr=0&redir=true HTTP 302
  • https://hb.yahoo.net/cksync?cs=63&axid_e=eS1sNGtiU1FoRTJ1SHpuS096RlRMNDdFd013QzhZdmxqNX5B&gdpr=0&ovsid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&dpid=55953
Request Chain 71
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=df8b83d9-19af-4d15-b303-584507f81b0a&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=535307713 HTTP 302
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=62b70ce2-84e2-487e-ba5b-2298f837813d.&ord=2984043798716496303 HTTP 303
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=62b70ce2-84e2-487e-ba5b-2298f837813d.&ord=2984043798716496303&_bee_ppp=1
Request Chain 118
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals
Request Chain 119
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals
Request Chain 126
  • https://ads.undertone.com/t?trackerid=7729&cb=1720029064 HTTP 307
  • https://evt.undertone.com/t?trackerid=7729&cb=1720029064
Request Chain 165
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=841105043&cv=11&fst=1704411140037&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&value=0&auid=370987754.1704411140&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&ocp_id=BkCXZb7bM_PSnboPws2MoAM&sscte=1&crd=&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1th0S4cVwXU1iiq0FKzq1BGLWcj1LTNBdA&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlIQXZfUEp3VUZJcVBWeWN5VGhMSXo1STIyeXZUcHVsMlh5ellYU21iQVp5GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3J3cW0wd3AzUURUeGVJTTAyYXNPOHVET0dUb3R4YUl4ZmpoeTgyWE5CSFJtWGo3Tjg3RWtJSmMiEwi-9uGl8sSDAxVzaUcBHcImAzQ HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=841105043&cv=11&fst=1704411140037&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&value=0&auid=370987754.1704411140&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlIQXZfUEp3VUZJcVBWeWN5VGhMSXo1STIyeXZUcHVsMlh5ellYU21iQVp5GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3J3cW0wd3AzUURUeGVJTTAyYXNPOHVET0dUb3R4YUl4ZmpoeTgyWE5CSFJtWGo3Tjg3RWtJSmMiEwi-9uGl8sSDAxVzaUcBHcImAzQ&is_vtc=1&ocp_id=BkCXZb7bM_PSnboPws2MoAM&cid=CAQSKQAvHhf_GfNwkW7a-MUKLtNHkIeIWYj2SF83as0gEpDtsA220HFMUIL4&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1ns27XXmVCxpDTGdaKJCsFEUV_C9v60EgQ&random=2214928578
Request Chain 212
  • https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1704411144364&u_scsid=8e47df8c-3be7-46a2-bcff-8a3991fff913&u_sclid=8ed8f822-1f63-4383-96bc-0f24e4fbd600 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703025606854%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703025606854%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://tr.snapchat.com/cm/p?rand=1703025606854&pnid=140&pcid=1bf33bc0-5ab8-429d-b81d-8f8e0bbc75d9
Request Chain 256
  • https://idsync.rlcdn.com/458359.gif?partner_uid=f194f6a8-5669-44b1-9e11-faf050eba203 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGYxOTRmNmE4LTU2NjktNDRiMS05ZTExLWZhZjA1MGViYTIwMxAAGg0IiYDdrAYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=31bca0a1fde178be3301f572b955e0b6cf02236b05e01449a3bf3b3e2ed214316ac34734d8e453ee

270 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cosmetic-criminals
www.elfcosmetics.com/en_CA/
Redirect Chain
  • https://www.cosmeticcriminal.ca/
  • https://www.elfcosmetics.com/en_CA/cosmetic-criminals
924 KB
233 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
a847df5a8a38a4fec385f0d81bd27b53a567b3ff168358477b69534d7e7eb8fa

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
0
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
237121
content-type
text/html; charset=utf-8
date
Thu, 04 Jan 2024 23:32:17 GMT
etag
W/"ca417-BBgqPRKEx+ByVQ9qI2DmbB/IZfY"
vary
Accept-Encoding
via
1.1 7f59e30d6672b7ea91c10bca6108d29a.cloudfront.net (CloudFront)
x-amz-apigw-id
RCbv7H-6iYcEeEA=
x-amz-cf-id
g-vnRzh6ClodWLatuAjXs0oPgaxtHSYxfdctW2AZwwbgNb0rZO-9OQ==
x-amz-cf-pop
EWR50-C1
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
828439
x-amzn-remapped-date
Thu, 04 Jan 2024 23:32:16 GMT
x-amzn-requestid
83957746-fa45-43c5-8abb-4cc11fd34f2d
x-amzn-trace-id
Root=1-65973fff-137c811642f2eaff5d29bf56;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
3821cc023175/[1864,1772,-] 38D1cc0231ab/[-,1970.215]
x-yottaa-optimizations
ob/1000000100001000 si/38D1cc0231ab-1704395137-5593139869 tts/1704308418854 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Thu, 04 Jan 2024 23:32:15 GMT
location
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658f1d0bd931403bb4ae3235 rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
23D1cc8d59c3/[-,0.600]
x-yottaa-optimizations
ob/0 si/23D1cc8d59c3-1704395139-603585028 tts/1704411135096 ti/0 ai/658f1d0bd931403bb4ae3235
init.js
www.elfcosmetics.com/XT4Gy2ig/ 		165 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
035eec8a7be3c75b397ddfb153515f91a6c8f65ad995ac5714f8e4cf0522f94f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
content-encoding
gzip
etag
"294fe-mhNC3X5OMYvrFOXIDmQeRwBTYsI"
active-cdn
Akamai
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-yottaa-metrics
38D1cc0231ab/[-,23.323]
x-px-hash
NDhlMGU0MTU4NzdlMGI1MzgxOWNiNTNlY2Q5YzhhN2Y0YjQwOGUwYjAxZTdkMjhjMmFhNzYzZjU3M2JiYzIxYw==
x-yottaa-optimizations
ob/0 si/38D1cc0231ab-1704395137-5593139899 tts/1704411137369 ti/0 ai/5a0c9b7632f01c35d42101b2
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/en_CA/ 		0
0
bxGKZ6lfJ7A
www.youtube.com/embed/ Frame E356 		92 KB
39 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0c1417493386a3350120604b760868585098334714924b23424c9073da5de031
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jan 2024 23:32:17 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
rZPCKoUReO0
www.youtube.com/embed/ Frame 61E2 		93 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9459f3ea2a31ada4bf8d9f54aacabef3bf32b0f10cbb8f21d430432c2e70249d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jan 2024 23:32:17 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
KecjuB3UJ,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id
M5Lpt5cG_4
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
server
Unknown
x-frame-options
DENY
x-amp-source-width
3199
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		210 KB
211 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
c856ca647a5edf9ff56752649cd2bbd3d6d6fb2263d1b473a255534f5bf6f830
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
KE_4p-anu,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id
v6oCa1skal
content-length
215306
x-xss-protection
1; mode=block
x-amp-source-height
340
server
Unknown
x-frame-options
DENY
x-amp-source-width
800
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
349a84fa24c5bda7424681c4ab9a0d265a0966a963f47e975dc5f7f347e3bb1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
-jHS4uPc9,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-req-id
dnzeFDmWeV
content-length
2102142
x-xss-protection
1; mode=block
x-amp-source-height
1484
server
Unknown
x-frame-options
DENY
x-amp-source-width
3080
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
7Sw-cmdXJ,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-req-id
3a49ACuGFd
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
server
Unknown
x-frame-options
DENY
x-amp-source-width
2806
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
ZFdUusQOi,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-req-id
cVLp3cRHhJ
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
server
Unknown
x-frame-options
DENY
x-amp-source-width
1952
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		613 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
8b311b78042906393bf9c3cdc5bc8115b450b8b31905b1641dec7246fbd4cc85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
Oytu0AD1d,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-req-id
HRUX_khFCb
content-length
627998
x-xss-protection
1; mode=block
x-amp-source-height
525
server
Unknown
x-frame-options
DENY
x-amp-source-width
3200
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
4460747
x-cache
HIT, HIT
content-length
24036
x-served-by
cache-lga21942-LGA, cache-nyc-kteb1890057-NYC
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1704411137.474968,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
2800, 13
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Thu, 04 Jan 2024 23:32:17 GMT
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Server
2600:141b:1c00:d::172c:6f08 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
etag
"dd3676819bd88a250c875a11e38c307d"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/mp4
access-control-allow-origin
*
Content-Range
bytes 0-1060947/1060948
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
1060948

Redirect headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
dYhYQwie9,l4p5bDg2e,bgWw7nQ29
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/webm_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Server
2600:141b:1c00:d::172c:6f08 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
692db01eb703744d633776b15675c6b2c761732ca585236d376836bf6f04bc9e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
etag
"fae641824ad9e109b5a20c2cba506e57"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/webm
access-control-allow-origin
*
Content-Range
bytes 0-1210813/1210814
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
1210814

Redirect headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
smKfyYikL,l4p5bDg2e,fH6Lo3_5e
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/webm_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
375 KB
376 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Server
2600:141b:1c00:d::172c:6f08 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4973f562e7d8f8ad478be1fe1090639ca7b50af5f98c5c13efe61d22fb72665e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
last-modified
Fri, 29 Dec 2023 07:23:44 GMT
etag
"dd9940f6d244dca562aef306c8b59fe0"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/webm
access-control-allow-origin
*
Content-Range
bytes 0-384464/384465
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
384465

Redirect headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
Xeus_TYq6,l4p5bDg2e,6oVxns4D8
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
848c5446-ecbd-46ce-a180-637c5c42845d.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/webm_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
237 KB
238 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Server
2600:141b:1c00:d::172c:6f08 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
744f83518728b979fb7e008389501d1acaa5a3086284274c296f26c5d4cfc8e4

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
last-modified
Tue, 02 Jan 2024 17:30:06 GMT
etag
"bc22e0c363ee3e170f7a975b978bad39"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/webm
access-control-allow-origin
*
Content-Range
bytes 0-243067/243068
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
243068

Redirect headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
KQ8l63b16,l4p5bDg2e,tO41Cj3M_
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/webm_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
194 KB
195 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Server
2600:141b:1c00:d::172c:6f08 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2d5ce843cf166fdb4108ebcfe16b22da332149e2bcb4b7d93b3abd0d93e2def8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
last-modified
Tue, 02 Jan 2024 17:20:49 GMT
etag
"a2b2c1d6820d46784bd0e0e1ed3190de"
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
video/webm
access-control-allow-origin
*
Content-Range
bytes 0-198985/198986
x-amp-srv
A
accept-ranges
bytes
x-amp-route
ak-s1
Content-Length
198986

Redirect headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
ZBNA9w0AC,l4p5bDg2e,nvYvyivv1
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd

Request headers

Referer
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		2 MB
619 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
7DhVfT1FfID7USGHRQIdkAPtGlAbpV1z
via
1.1 b9123be426d0e732cf10eff602d871c8.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:17 GMT
x-amz-cf-pop
SFO53-P2
age
150167
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/2511cc028a74-1698735466-1492754345 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
633349
x-amz-meta-bundle
10314
x-served-by
cache-yyz4556-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704411137.491837,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2521cc028a8a/[42,11,-] 2511cc028a74/[hit]
accept-ranges
bytes
x-amz-cf-id
U6up0FCOoFKPqV16QY3-eTE8gf8dRhhdKrzbCQPN_BUVE4ZKwC_OZg==
x-cache-hits
2
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		2 MB
454 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
ee3xb.NTbr4bzXJ3SxfA7qqa0mkCetT8
via
1.1 0c2947bdc7b8340f8e04a5a58d570236.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:17 GMT
x-amz-cf-pop
EWR50-C1
age
132456
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/3811cc023144-1693316486-2223271448 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
464645
x-amz-meta-bundle
10314
x-served-by
cache-yyz4556-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704411137.491831,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3821cc023152/[70,15,-] 3811cc023144/[-,267.470]
accept-ranges
bytes
x-amz-cf-id
fuH84qair8mt7HhQi5UTlBVbR-tgh81WkfouZdIxkt52CleiiBp7Lw==
x-cache-hits
2
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
3Wq5BoaKPulOYkW6Fp3r6wFQLlG6RLjA
via
1.1 235099561ba63a2b7662a2b20d9ac036.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:17 GMT
x-amz-cf-pop
PHL50-C1
age
2608169
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/23114047a17c-1695931016-541996941 tts/1701196602045 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Miss from cloudfront, HIT
x-amz-meta-deploy
621192
content-length
11125
x-amz-meta-bundle
10314
x-served-by
cache-yyz4556-YYZ
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1704411137.491773,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
23214047a183/[70,62,-] 23114047a17c/[-,77.321]
accept-ranges
bytes
x-amz-cf-id
p4dxcsI-tGZ300wVKXQGnxp6Ql9t896iiPVgoouL2AzCxPrUuihNpg==
x-cache-hits
6
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		540 B
787 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
7beab9379a72f909c9a6393c27062c2fac973d2daf08b51136db4262d9c50f60

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
540
PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min
cdn.media.amplience.net/i/elfcosmetics/ 		136 KB
137 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
a849e2087ba3ca3777d4b4691ee8c049998b464d490adb00bcafd82a28fa1095
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
8Nfrjfh6u,l4p5bDg2e,5-jG4GMEO,Cqm_p3RsQ,DtzGFM5oJ
x-req-id
RoTtfmSceW
content-length
139608
x-xss-protection
1; mode=block
x-amp-source-height
1303
server
Unknown
x-frame-options
DENY
x-amp-source-width
855
access-control-allow-origin
*
content-type
image/webp
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min
cdn.media.amplience.net/i/elfcosmetics/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
60dfcadddf11dacb678cf78e8b2fc4af594f6fc5993f9e5141ca0a8fa76e634b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
uxjKxfzJu,l4p5bDg2e,QvpKILV5P,Cqm_p3RsQ,DtzGFM5oJ
x-req-id
130h1xh017
content-length
15078
x-xss-protection
1; mode=block
x-amp-source-height
2000
server
Unknown
x-frame-options
DENY
x-amp-source-width
2000
access-control-allow-origin
*
content-type
image/webp
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min
cdn.media.amplience.net/i/elfcosmetics/ 		135 KB
135 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
0b063bab914cd51698d508946cdadd5faa1e3221a46639ea9c5cb6bae54dd69e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
2sUiQmQCu,l4p5bDg2e,h1qKNVnZ0,Cqm_p3RsQ,DtzGFM5oJ
x-req-id
r7pKH7Gd8x
content-length
137826
x-xss-protection
1; mode=block
x-amp-source-height
1324
server
Unknown
x-frame-options
DENY
x-amp-source-width
862
access-control-allow-origin
*
content-type
image/webp
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min
cdn.media.amplience.net/i/elfcosmetics/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d::172c:6f1f Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
907548f0fe7742909ca8ac678d0f172fdd710362ddd32e76789320ef33e1ccf2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:17 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
c3LSQP9gL,l4p5bDg2e,nb-u70u49,Cqm_p3RsQ,DtzGFM5oJ
x-req-id
9VIjnk3qzf
content-length
18784
x-xss-protection
1; mode=block
x-amp-source-height
2400
server
Unknown
x-frame-options
DENY
x-amp-source-width
2400
access-control-allow-origin
*
content-type
image/webp
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
www-player.css
www.youtube.com/s/player/da154528/ Frame 61E2 		358 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 09:12:39 GMT
content-encoding
br
x-content-type-options
nosniff
age
310778
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47436
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 09:12:39 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 61E2 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 14:28:55 GMT
x-content-type-options
nosniff
age
119002
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Jan 2025 14:28:55 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 61E2 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 17:05:06 GMT
x-content-type-options
nosniff
age
109631
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Jan 2025 17:05:06 GMT
embed.js
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 61E2 		52 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 05:03:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
325736
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16296
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 05:03:21 GMT
www-embed-player.js
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame 61E2 		322 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 13:11:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
555647
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
98735
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 28 Dec 2024 13:11:30 GMT
base.js
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 61E2 		2 MB
767 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 09:12:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
310798
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
785283
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 09:12:19 GMT
www-player.css
www.youtube.com/s/player/da154528/ Frame E356 		358 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 09:12:39 GMT
content-encoding
br
x-content-type-options
nosniff
age
310778
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47436
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 09:12:39 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E356 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 14:28:55 GMT
x-content-type-options
nosniff
age
119002
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Jan 2025 14:28:55 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E356 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 17:05:06 GMT
x-content-type-options
nosniff
age
109631
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Jan 2025 17:05:06 GMT
embed.js
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame E356 		52 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 05:03:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
325736
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16296
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 05:03:21 GMT
www-embed-player.js
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame E356 		322 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 13:11:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
555647
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
98735
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 28 Dec 2024 13:11:30 GMT
base.js
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame E356 		2 MB
767 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 09:12:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
310798
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
785283
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 31 Dec 2024 09:12:19 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		1 MB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/OtAutoBlock.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3996
content-md5
3CHjrTrl4YSKzn90GsMA3A==
content-length
154812
x-ms-lease-status
unlocked
last-modified
Mon, 30 Oct 2023 13:08:00 GMT
server
cloudflare
etag
0x8DBD9493E0E92B7
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
faa9619b-101e-0023-4914-1ea340000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
840747b059304bd5-BUF
expires
Fri, 05 Jan 2024 23:32:18 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
FWT01iLvZ++xUAz3aesSug==
age
54635
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6841
x-ms-lease-status
unlocked
last-modified
Wed, 03 Jan 2024 22:17:18 GMT
server
cloudflare
etag
0x8DC0CA9BF9BFF37
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
1f518f4a-801e-0043-4dbb-3edfdf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
840747b0592f4bd5-BUF
gtm.js
www.googletagmanager.com/ 		432 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d17c14417868dd853e976ab5cf9efeeffb7aff06f95510c7c0a86785b0b2cee8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
124583
x-xss-protection
0
last-modified
Thu, 04 Jan 2024 22:45:21 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 04 Jan 2024 23:32:18 GMT
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		378 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
890e001a83f07334785932a039f2656e7a5f3ebc430ede8d6254e383914e86f5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:01 GMT
content-encoding
gzip
via
1.1 08e4533f506df09f2c978ceaed6e2310.cloudfront.net (CloudFront)
last-modified
Tue, 02 Jan 2024 20:42:32 GMT
server
DYCDN
age
18
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
etag
W/"eeded215f3a718cf1a30a0769fcc6f83"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
am37EVGBObULJDIFstJWMUValCkx_vIWtdp4fJZgJF15vrbqGoqIPQ==
api_static.js
cdn.dynamicyield.com/api/8772046/ 		385 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
844e110d367aacf96432d2a6f36b849d92efd4e09773c4673bc0f60fbd7203a8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 07:58:25 GMT
content-encoding
gzip
via
1.1 08e4533f506df09f2c978ceaed6e2310.cloudfront.net (CloudFront)
last-modified
Tue, 02 Jan 2024 20:42:32 GMT
server
DYCDN
age
56034
x-amz-cf-pop
EWR53-C2
etag
W/"a3d96bfa73c17ea78b620eed0a2e7991"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
MvCsy-RWjn5tkUVGF-5tXlufl05j5ekGe2c6IeoF8I8xXbavOqkcOg==
/
api.ipify.org/ 		20 B
220 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.231.16.77 , United States, ASN18450 (WEBNX, US),
Reverse DNS
api.ipify.org
Software
nginx/1.25.1 /
Resource Hash
1cd44f071142743d8a7cfbc4a4de98c4fe68ae9c5e62e890e145a7d89e7b1678

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jan 2024 23:32:18 GMT
Server
nginx/1.25.1
Connection
keep-alive
Content-Length
20
Vary
Origin
Content-Type
application/json
/
api.ipify.org/ 		20 B
220 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.231.16.77 , United States, ASN18450 (WEBNX, US),
Reverse DNS
api.ipify.org
Software
nginx/1.25.1 /
Resource Hash
1cd44f071142743d8a7cfbc4a4de98c4fe68ae9c5e62e890e145a7d89e7b1678

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jan 2024 23:32:18 GMT
Server
nginx/1.25.1
Connection
keep-alive
Content-Length
20
Vary
Origin
Content-Type
application/json
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-yyz4537-YYZ
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=67ebbc74-692b-4e3e-8ee5-a14d83b9cad5&code=VuZYYsxrRPbBfQfOY754_QrIJo1FhKZOVcdYhS6joQ8
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=67ebbc74-692b-4e3e-8ee5-a14d83b9cad5&code=VuZYYsxrRPbBfQfOY754_QrIJo1FhKZOVcdYhS6joQ8
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
via
1.1 3aa2aa1b7b816f70e94675c9a63f98d0.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
EWR50-C1
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
aff88590-bc39-4083-9cae-1319f58db497
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139921 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
RCbwmFh_CYcERvg=
content-length
0
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-65974003-7b0f29444a11da144cb6a6bb;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
3821cc023152/[191,187,-] 38D1cc0231ab/[-,193.491]
x-amzn-remapped-date
Thu, 04 Jan 2024 23:32:19 GMT
x-amz-cf-id
qqwQN5AWVegxiiYVVqbzOaDCsRKssDC8v1SVNQAa6B9DAxK3ILNLzQ==

Redirect headers

date
Thu, 04 Jan 2024 23:32:19 GMT
x-correlation-id
840747b2deb10843
via
1.1 afb1814e7bfe68bf09d94722db50d432.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/0 si/38D1cc0231ab-1704395137-5593139919 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23480, 1979934
x-ratelimit-1m-reset
40963, 40963
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=67ebbc74-692b-4e3e-8ee5-a14d83b9cad5&code=VuZYYsxrRPbBfQfOY754_QrIJo1FhKZOVcdYhS6joQ8
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=1XvMwmgPKQzOC4YmTKjDaDo6WzOHK0QJeQ5TmUkIRrs
x-yottaa-metrics
3821cc023150/[90,88,-] 38D1cc0231ab/[-,92.733]
cf-ray
840747b2deb10843-IAD
x-amz-cf-id
FUo7SApQDdDMKAV7XYxwZj6gluzbEQ0LVWg0eOuYCe-b4t86M1r9vg==
/
sdk.iad-05.braze.com/api/v3/data/ 		323 B
477 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
cd30ef0f-b8a6-4e4e-befd-e4643148ccd2
x-served-by
cache-yyz4537-YYZ
x-runtime
0.024790
etag
W/"1a09824b6d7bbd0f5e82a23d14da408a"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
id
googleads.g.doubleclick.net/pagead/ Frame 61E2
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Server
2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f4b64e2f51dad13049ae0afa198ff4ed101056864b05df5e147b64a1689311b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 04 Jan 2024 23:32:19 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 61E2 		29 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0c::95 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:28:45 GMT
x-content-type-options
nosniff
age
214
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 04 Jan 2024 23:43:45 GMT
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
85777
content-md5
4swZDWVp4C0QChiGUbrcTg==
content-length
1746
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:04 GMT
server
cloudflare
etag
0x8DBE5260423F079
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b26488eb-901e-0084-770e-174b82000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
840747b46f2f4bcf-BUF
expires
Fri, 05 Jan 2024 23:32:19 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 61E2 		86 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
53b1b3ab5bf12cc8620f33dcffe4cdaf21864254e67762a9a7830ed4a1e55f1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40603
x-xss-protection
0
remote.js
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 61E2 		116 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:07:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
512715
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33549
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 29 Dec 2024 01:07:04 GMT
Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js
www.google.com/js/th/ Frame 61E2 		51 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c03::93 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 18:20:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
105118
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19777
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Jan 2025 18:20:21 GMT
default.jpg
i.ytimg.com/vi/rZPCKoUReO0/ Frame 61E2 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/rZPCKoUReO0/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARhyIFYoPTAP&rs=AOn4CLCM5ONTEJwdjxOrSlWBNC86VGolng
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 22:59:38 GMT
x-content-type-options
nosniff
age
1961
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2380
x-xss-protection
0
server
sffe
etag
"1703117772"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 05 Jan 2024 00:59:38 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 23:32:19 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
st
st.dynamicyield.com/ 		114 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=p5j9afhcel4pqx98zw8ez7qogdrnw90b&ref=&scriptVersion=2.20.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:aa00:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c73e77cc1c2d340c3f79108e7286061f80bd0527d7ff5cd899ad10f5b8edeba8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
content-encoding
gzip
via
1.1 205b9099637a29b949f9be6dceccecec.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
nyDZcYjkrVBjZTogop1UY2pXyYUy1LuiriMkWeTp_CUSE4blp9c_Lg==
expires
Thu, 04 Jan 2024 23:32:18 GMT
id
googleads.g.doubleclick.net/pagead/ Frame E356
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Server
2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e6d5e45e46b34f6825cee91b9aa31fe6fceca196125ca0351885dd5f8935373e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 04 Jan 2024 23:32:19 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame E356 		29 B
89 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0c::95 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:28:45 GMT
x-content-type-options
nosniff
age
214
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 04 Jan 2024 23:43:45 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		69 B
314 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
840747b82d676aed-BUF
access-control-allow-headers
Content-Type
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		756 B
694 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
81ff3c9cfebd0d04055fd55040b2f8833e699ecc9b5562d615dc5b36e1a12caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Thu, 04 Jan 2024 23:32:20 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
c6db56a1-7955-4adf-9aeb-abbfd530afd7
x-served-by
cache-yyz4537-YYZ
x-runtime
0.213572
etag
W/"81ff3c9cfebd0d04055fd55040b2f883"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-yyz4537-YYZ
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		600 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
46104baff52a8dcb74ae56bcee67f732b25f7a5039904b298fcc769fd28b72ac

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 23:32:19 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
76e932aae8a474d98064755fd0bd3d72c4ef2390c9b53972a57b303c8cb25b1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 23:32:20 GMT
content-encoding
gzip
x-correlation-id
840747b95d2e0788
cf-cache-status
DYNAMIC
via
1.1 6e131451bd3f2f00145987b931606ec0.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139928 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
x-ratelimit-1m-remaining
23453, 1978811
x-ratelimit-1m-reset
39919, 39919
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
3821cc023159/[93,90,-] 38D1cc0231ab/[-,95.169]
cf-ray
840747b95d2e0788-IAD
x-amz-cf-id
x4zR0ufMADINMsuNe9YsjP8xfEhOwsUILpP82lSniTomjG0IUuN2ZA==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 04 Jan 2024 21:51:49 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6031
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 04 Jan 2024 23:51:49 GMT
activityi;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l...
9231397.fls.doubleclick.net/ Frame 1A98 		0
0
activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l...
10742279.fls.doubleclick.net/ Frame 82D1 		0
0
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:8a00:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:22:25 GMT
via
1.1 google, 1.1 6f773b38a039c4c643665ffcabe35fd0.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
EWR53-C3
age
595
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
g2XxkpyAzRYfbv2956JIbCYGuiFo9Wo8iK-CGkCGhRnCE65iCIIHug==
cksync
hb.yahoo.net/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3Dbc7bde60-d87c-42d1-a928-3cf9c87e7e81
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=7127193156451201099&ttd_tdid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&gdpr=0&redir=true
  • https://hb.yahoo.net/cksync?cs=63&axid_e=eS1sNGtiU1FoRTJ1SHpuS096RlRMNDdFd013QzhZdmxqNX5B&gdpr=0&ovsid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&dpid=55953
57 B
663 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1sNGtiU1FoRTJ1SHpuS096RlRMNDdFd013QzhZdmxqNX5B&gdpr=0&ovsid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&dpid=55953
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Server
104.117.182.179 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-117-182-179.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=86400 ; includeSubDomains, max-age=604800
date
Thu, 04 Jan 2024 23:32:21 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
57
x-mnet-hl2
E
expires
Thu, 04 Jan 2024 23:32:21 GMT

Redirect headers

location
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1sNGtiU1FoRTJ1SHpuS096RlRMNDdFd013QzhZdmxqNX5B&gdpr=0&ovsid=bc7bde60-d87c-42d1-a928-3cf9c87e7e81&dpid=55953
date
Thu, 04 Jan 2024 23:32:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.94
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
cnv
cnv.event.prod.bidr.io/log/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=df8b83d9-19af-4d15-b303-584507f81b0a&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=62b70ce2-84e2-487e-ba5b-2298f837813d.&ord=2984043798716496303
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=62b70ce2-84e2-487e-ba5b-2298f837813d.&ord=2984043798716496303&_bee_ppp=1
43 B
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=62b70ce2-84e2-487e-ba5b-2298f837813d.&ord=2984043798716496303&_bee_ppp=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
HTTP/1.1
Server
54.157.127.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-157-127-36.compute-1.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cnv.event.prod.bidr.io/log/cnv?tag_id=244&buzz_key=blisspoint&value=elfcosmetics&segment_key=&order=62b70ce2-84e2-487e-ba5b-2298f837813d.&ord=2984043798716496303&_bee_ppp=1
Date
Thu, 04 Jan 2024 23:32:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 23:32:20 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame E356 		86 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
303903f4323d96ae24ad9c0e4b8f6bc910a666522ee7ac2afafc7f20227bcfd7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Thu, 04 Jan 2024 23:32:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40638
x-xss-protection
0
remote.js
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame E356 		116 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:07:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
512716
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33549
x-xss-protection
0
last-modified
Mon, 18 Dec 2023 02:48:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 29 Dec 2024 01:07:04 GMT
Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js
www.google.com/js/th/ Frame E356 		51 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c03::93 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 18:20:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
105119
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19777
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Jan 2025 18:20:21 GMT
default.jpg
i.ytimg.com/vi/bxGKZ6lfJ7A/ Frame E356 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/bxGKZ6lfJ7A/default.jpg
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 22:59:37 GMT
x-content-type-options
nosniff
age
1963
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2965
x-xss-protection
0
server
sffe
etag
"1703142370"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 05 Jan 2024 00:59:37 GMT
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 23:32:20 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 61E2 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e19416089e0c1cb3374382e5652b134e554fcd33b63e0915f52ea6d75ed7ba06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Thu, 04 Jan 2024 23:32:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202306.1.0/ 		404 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XJk1ZZTljtwHFT3qcIJg+w==
age
48984
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99599
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:36 GMT
server
cloudflare
etag
0x8DB82A15D413626
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
80bad15d-801e-006c-2fda-12d214000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
840747bb8f214bd5-BUF
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 23:32:20 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame E356 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c09::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
11c68d6744f0799984bc9ae234ed94fe5276991bdb8690f70e1d8301ceecc4b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Thu, 04 Jan 2024 23:32:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.20.0/ 		195 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:b800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
2460590a71f767273c7821bcb071f6a10f6016feb3497ba4e0a84bd219c97873

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 07:24:23 GMT
content-encoding
gzip
via
1.1 08e4533f506df09f2c978ceaed6e2310.cloudfront.net (CloudFront)
last-modified
Tue, 12 Dec 2023 06:36:07 GMT
server
DYCDN
age
1613278
x-amz-cf-pop
EWR53-C2
etag
W/"1de3a69734e5e15370eb5a27bf75c819"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
RrSkuIsPDplSLKWMk2Sfsmk5JEEQs7z4_Ca4_qAZjZCQBnlRIPD-nw==
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
accept-language
en-US,en;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjY3ZWJiYzc0LTY5MmItNGUzZS04ZWU1LWExNGQ4M2I5Y2FkNSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMTExMCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsSEJKd0toSGxYb1JsSElXd0dZWXhybEo6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjk0MCwiaWF0IjoxNzA0NDExMTQwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDc2MDU2MjUxNjc3MjU2In0.9n-1VoPWvwpILGkIyzMXSz4zYAseLMznFWfE1T38QmmMZRCbGEQ01NuM1TDbwrx6zBnvNSl6QRfXFAbnGjbV4A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:20 GMT
via
1.1 16d05722e4fd66d659ec48b5bb6f2d18.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/0 si/38D1cc0231ab-1704395137-5593139930 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3821cc02315b/[97,94,-] 38D1cc0231ab/[-,99.384]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
840747bd7ef158ba-IAD
x-dw-request-base-id
SZgchwVAl2UBAAB_
x-amz-cf-id
tLDgZLvnkyvI_04gIeY-QB5kYODXxnhQ-lzBwVcPEMk2L6cTTfy7nQ==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/ 		135 B
798 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
accept-language
en-US,en;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjY3ZWJiYzc0LTY5MmItNGUzZS04ZWU1LWExNGQ4M2I5Y2FkNSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMTExMCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsSEJKd0toSGxYb1JsSElXd0dZWXhybEo6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjk0MCwiaWF0IjoxNzA0NDExMTQwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDc2MDU2MjUxNjc3MjU2In0.9n-1VoPWvwpILGkIyzMXSz4zYAseLMznFWfE1T38QmmMZRCbGEQ01NuM1TDbwrx6zBnvNSl6QRfXFAbnGjbV4A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 79f9fb603ee37517dbf3cd108c449392.cloudfront.net (CloudFront)
content-encoding
gzip
x-amzn-remapped-content-length
135
x-amz-cf-pop
EWR50-C1
age
0
x-amzn-remapped-connection
close
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139931 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-amzn-requestid
10befa76-4286-4240-88a9-03f83aaa8445
x-cache
Miss from cloudfront
x-amz-apigw-id
RCbwyHAyCYcEtbg=
content-length
119
etag
W/"87-WFt3zDSdrvttkMP6rAK367Qj/Rw"
x-amzn-trace-id
Root=1-65974004-268f7a035406d6f3619d1101;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
3821cc02315c/[530,528,-] 38D1cc0231ab/[-,532.590]
x-amzn-remapped-date
Thu, 04 Jan 2024 23:32:21 GMT
x-amz-cf-id
QBa6GJMfYbII5R6E3c7CSf99qfOCe6YyzqZ1b9W3B07vHQKTFcgiTw==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		199 B
870 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.42
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 04d5f6961d9b76b97c908d8ed9816378.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139933 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.42
x-yottaa-metrics
3821cc02315f/[207,205,-] 38D1cc0231ab/[-,209.043]
cf-ray
840747beb92c3b2c-IAD
x-dw-request-base-id
SZglhwVAl2UBAAB_
x-amz-cf-id
o6D4jSwmFySHn7-Hqde74kb5tkVKU_iIdLNkbwlDePoVUG2todIQig==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		199 B
867 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.42
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 7a1287aac11cb484d13c7a9cbd2585b0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139934 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.42
x-yottaa-metrics
3821cc02315e/[174,171,-] 38D1cc0231ab/[-,175.700]
cf-ray
840747bebd8e2f1e-IAD
x-dw-request-base-id
SZgkhwVAl2UBAAB_
x-amz-cf-id
3ll9jKwfdhsM6rROrcsCX0RhnGA-Sgsn-msLZEysjI9ees4Fl-M_MA==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablHBJwKhHlXoRlHIWwGYYxrlJ/ 		11 B
816 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablHBJwKhHlXoRlHIWwGYYxrlJ/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjY3ZWJiYzc0LTY5MmItNGUzZS04ZWU1LWExNGQ4M2I5Y2FkNSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMTExMCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsSEJKd0toSGxYb1JsSElXd0dZWXhybEo6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjk0MCwiaWF0IjoxNzA0NDExMTQwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDc2MDU2MjUxNjc3MjU2In0.9n-1VoPWvwpILGkIyzMXSz4zYAseLMznFWfE1T38QmmMZRCbGEQ01NuM1TDbwrx6zBnvNSl6QRfXFAbnGjbV4A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
x-correlation-id
840747beb8363894
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 00fd85d5c5d5bd788f272591be9ecbca.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139935 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/ablHBJwKhHlXoRlHIWwGYYxrlJ/baskets?siteId=elf-us
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
840747beb8363894-IAD
x-amz-cf-id
i-hV_2FpfrDshbsCfGZW8JoypuQx2FPNQzF2TwoHS6FyYENctn3vxA==
x-yottaa-metrics
3821cc023160/[106,105,-] 38D1cc0231ab/[-,109.775]
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=547423163&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&dp=%2Fen_CA%2Fcosmetic-criminals&ul=en-us&de=UTF-8&dt=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAI~&jid=1050090322&gjid=684286574&cid=1154552486.1704411141&tid=UA-432816-1&_gid=971881214.1704411141&_r=1&_slc=1&gtm=45He4130n81WL3STMXv896608294&gcd=11l1l1l1l1&dma=0&z=1287315172
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:20 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 61E2 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c1d::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 04 Jan 2024 23:32:21 GMT
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		77 B
213 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
262570df7aed12653ee916d25da6cc33f2f3fb6864466119a1fdb7a8723c62e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
d123e201-93f6-4bf6-9c6e-a1da7b899b62
x-served-by
cache-yyz4537-YYZ
x-runtime
0.118101
etag
W/"262570df7aed12653ee916d25da6cc33"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-yyz4537-YYZ
generate_204
www.youtube.com/ Frame 61E2 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?RH9DnQ
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/ 		202 KB
36 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/fce1bc7f-b7cb-4383-a7e9-8430e48a01d7/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
85720
content-md5
A+auRPWlNU8wck+viG1D2g==
content-length
36970
x-ms-lease-status
unlocked
last-modified
Tue, 14 Nov 2023 15:26:15 GMT
server
cloudflare
etag
0x8DBE5260AC67F7E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
45a814af-d01e-005e-170e-17d263000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
840747bf4cfe4bcf-BUF
expires
Fri, 05 Jan 2024 23:32:21 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame E356 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c1d::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 04 Jan 2024 23:32:21 GMT
generate_204
www.youtube.com/ Frame E356 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?fd9mfw
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
collect
stats.g.doubleclick.net/j/ 		2 B
350 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-432816-1&cid=1154552486.1704411141&jid=1050090322&gjid=684286574&_gid=971881214.1704411141&_u=YEBAAEAAAAAAACgAI~&z=1558991253
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 04 Jan 2024 23:32:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
246789ca0cabcb167b492e58c4209609d592f7b5e86c3c5dc93ab2b1fc470539
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjY3ZWJiYzc0LTY5MmItNGUzZS04ZWU1LWExNGQ4M2I5Y2FkNSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMTExMCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsSEJKd0toSGxYb1JsSElXd0dZWXhybEo6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjk0MCwiaWF0IjoxNzA0NDExMTQwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDc2MDU2MjUxNjc3MjU2In0.9n-1VoPWvwpILGkIyzMXSz4zYAseLMznFWfE1T38QmmMZRCbGEQ01NuM1TDbwrx6zBnvNSl6QRfXFAbnGjbV4A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 90a990c5327e86ade86681120dc4a236.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139937 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
content-length
1050
pragma
no-cache
etag
9674643f235252df3b4ee1401fddfc4e5c0e64f1b0df256a99430e47aa602956
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
x-dw-resource-state
9674643f235252df3b4ee1401fddfc4e5c0e64f1b0df256a99430e47aa602956
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
3821cc023162/[248,245,-] 38D1cc0231ab/[-,250.830]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
840747c12a089c3c-IAD
x-dw-request-base-id
22QuSgVAl2UBAAB_
x-amz-cf-id
w1Uz32GNYtKLXxvW_20nnXghA3QrbTzHuycO51d1cZTojn45OJ3ozA==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-432816-1&cid=1154552486.1704411141&jid=1050090322&_u=YEBAAEAAAAAAACgAI~&z=951331481
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c03::93 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1704411141362_811311
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-20.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 1fbe7db1bc981550874105fc5a6d6d86.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
nXm1eIt4ITXRslbV5vV5V79tYCl2GbCLqurJ68CF4l5EfK0rdWa-hQ==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=475676&uid=-3877599028353482749&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=55f8a8994a8e53228c6f02e939efcd7d&expSes=26034&aud=884367.884385.884387.1167402.1324059.1846919.884372.998337.1004392.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=7075126754329709192&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704411139365&rri=8599135
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-20.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 0bec03027031f991ae9cc48b95f1b35c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
IsCyp0VbPKEliVMbLR-mT5xI1tRC8tRJxvdj0XaIo8AhhtK0HUOq3Q==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=354876&uid=-3877599028353482749&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=55f8a8994a8e53228c6f02e939efcd7d&expSes=26034&aud=884367.884385.884387.1167402.1324059.1846919.884372.998337.1004392.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=7075126754573923681&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704411139368&rri=8804527
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-20.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 0bec03027031f991ae9cc48b95f1b35c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
owQKg7EElUdlyXTaWgBm-LV-2xnpigJlJHuhd7oaRLYAHnj6bDXhPw==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=31020&uid=-3877599028353482749&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=55f8a8994a8e53228c6f02e939efcd7d&expSes=26034&aud=884367.884385.884387.1167402.1324059.1846919.884372.998337.1004392.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=7075126757963145196&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704411139370&rri=5439547
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-20.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 0bec03027031f991ae9cc48b95f1b35c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
SKniFXYUeEqx1HxYWlvgQK9UxUch3SD_QI9mY75U5acypkfQdmWQ9w==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=988478&uid=-3877599028353482749&sec=8772046&t=ri&e=1575901&p=1&ve=12692962&va=%5B28207095%5D&ses=55f8a8994a8e53228c6f02e939efcd7d&expSes=26034&aud=884367.884385.884387.1167402.1324059.1846919.884372.998337.1004392.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=7075126756333678759&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1704411139372&rri=3753261
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-20.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 0bec03027031f991ae9cc48b95f1b35c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
-Rnl9mX8HzNzXZNH2h6r7DRe8ZDJh-W131-LRvWDI5JwfNbrT3jFeg==
expires
0
uia
async-px.dynamicyield.com/ 		0
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1704411141377
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-20.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 0bec03027031f991ae9cc48b95f1b35c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
j62ahlIUUTo8baS6NS1c0gHpQ3R4aMucEu3B91_46UAFih82udvxYA==
expires
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
cast_sender.js
www.gstatic.com/eureka/clank/120/ Frame 61E2 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/120/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c1d::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 02:31:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
75673
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14705
x-xss-protection
0
last-modified
Mon, 23 Oct 2023 15:04:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Fri, 05 Jan 2024 02:31:08 GMT
cast_sender.js
www.gstatic.com/eureka/clank/120/ Frame E356 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/120/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c1d::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 02:31:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
75673
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14705
x-xss-protection
0
last-modified
Mon, 23 Oct 2023 15:04:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Fri, 05 Jan 2024 02:31:08 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
5mNZducabMgxSDzBo+ZI8w==
age
85689
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:30 GMT
server
cloudflare
etag
0x8DB82A159AF8EA6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
0c718e4e-201e-0081-6f27-129959000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
840747c21e404bcf-BUF
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/ 		61 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sXFDxCJwbPEMIT/8f5Prwg==
age
85689
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12544
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:33 GMT
server
cloudflare
etag
0x8DB82A15AFF8646
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
cdeea96a-a01e-006b-6ae6-1dbe77000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
840747c22e454bcf-BUF
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
85688
x-ms-lease-status
unlocked
last-modified
Wed, 12 Jul 2023 06:29:41 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
d09127de-b01e-0048-64cd-1224b4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
840747c22e464bcf-BUF
ca.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ca.svg
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
x-amz-version-id
dvAy7GXrqwLuSBAGPJKkffg4vESWUWRi
via
1.1 5dccc983b54773fbbd262d2029a805d6.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
EWR50-C1
age
2099667
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1101 si/38D1cc0231ab-1702308518-6870828836 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
621192
content-length
679
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
3821cc02314c/[4,-,1702311441784] 38D1cc0231ab/[hit]
x-amz-cf-id
8jXhYjjql-wQ2P6WeXrDfYd9xIjpefscFMFBKi-NM2K4men31hccaA==
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1704411141715_817503
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-20.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
via
1.1 1fbe7db1bc981550874105fc5a6d6d86.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P2
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
UnRp9Hj_hXpS8G4gYPnTUGsnDNS0xIn7mkD2CEfYaZeOhm9myXqS8g==
expires
0
log_event
www.youtube.com/youtubei/v1/ Frame 61E2 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time
1704411141732
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
X-YouTube-Client-Version
1.20231217.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
CgtZbnhORlJSYmNZSSiBgN2sBjIKCgJVUxIEGgAgVg%3D%3D
X-YouTube-Ad-Signals
dt=1704411138985&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Thu, 04 Jan 2024 23:32:21 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
clog
px.dynamicyield.com/ 		0
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.dynamicyield.com/clog
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.20.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.230.254.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-230-254-96.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:21 GMT
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
expires
0
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:23::1730:e04d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
null
date
Thu, 04 Jan 2024 23:32:22 GMT
server
Unknown
x-amz-server-side-encryption
AES256
x-amp-srv
A
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
5378
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:23::1730:e04d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:22 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
996
icon-noun-snowflake-1044022
elfcosmetics.a.bigcontent.io/v1/static/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-snowflake-1044022?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:23::1730:e04d Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Unknown /
Resource Hash
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:22 GMT
server
Unknown
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=1800, s-maxage=86400
x-amp-srv
A
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
1418
activityi;dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefi...
9231397.fls.doubleclick.net/ Frame 1A98
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=unde...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u...
706 B
587 B 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.174.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qc-in-f148.1e100.net
Software
cafe /
Resource Hash
e0351200b5bfd9edbf5a0c6cde2895c0483b840d7a0eeb5dff4fbf47528b51fb
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
375
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jan 2024 23:32:22 GMT
expires
Thu, 04 Jan 2024 23:32:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jan 2024 23:32:22 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gt...
10742279.fls.doubleclick.net/ Frame 82D1
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetic...
579 B
518 B 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.174.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qc-in-f149.1e100.net
Software
cafe /
Resource Hash
2f006dc34205093033e3e42df81333e2f15bb87dde71ac4f997a149d25cd5a18
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
306
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jan 2024 23:32:22 GMT
expires
Thu, 04 Jan 2024 23:32:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jan 2024 23:32:22 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
49027
x-ms-lease-status
unlocked
last-modified
Thu, 04 Jan 2024 03:32:43 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
338c4599-401e-0011-3eca-3ea337000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
840747c60ccd4bd5-BUF
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
517 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
85676
x-ms-lease-status
unlocked
last-modified
Wed, 03 Jan 2024 06:11:24 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
9ece59b9-b01e-002a-7211-3ee693000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
840747c61ff84bcf-BUF
px
secure.adnxs.com/ 		43 B
955 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
an-x-request-uuid
505762d9-18b7-4dcf-92de-f6f90078de00
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
96.9.249.42; 96.9.249.42; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
54499
content-length
4036
x-ms-lease-status
unlocked
last-modified
Thu, 04 Jan 2024 03:32:43 GMT
server
cloudflare
etag
0x8DC0CD5CFC75AFB
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
29490746-c01e-007d-10e5-3e48a0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
840747c65d054bd5-BUF
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jan 2024 23:32:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
54637
x-ms-lease-status
unlocked
last-modified
Thu, 04 Jan 2024 03:32:43 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
f81f2af0-701e-0035-13c1-3e5597000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
840747c65d064bd5-BUF
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
gzip
via
1.1 94ac78512342d473815908b66b16cd7c.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139943 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-yottaa-metrics
3821cc023167/[312,309,-] 38D1cc0231ab/[-,314.799]
cf-ray
840747c6be4d0660-IAD
x-dw-request-base-id
SZhfhwZAl2UBAAB_
x-amz-cf-id
pSZA0gQgeroOgV5Woevh2a6PbGPMS28rE3_U6p0DJRQ8Dxtb_8VGDg==
expires
Thu, 01 Dec 1994 16:00:00 GMT
t
evt.undertone.com/ Frame 1A98
Redirect Chain
  • https://ads.undertone.com/t?trackerid=7729&cb=1720029064
  • https://evt.undertone.com/t?trackerid=7729&cb=1720029064
0
498 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://evt.undertone.com/t?trackerid=7729&cb=1720029064
Requested by
Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
Protocol
H2
Server
35.173.162.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-162-10.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://9231397.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin
https://9231397.fls.doubleclick.net/
pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"

Redirect headers

date
Thu, 04 Jan 2024 23:32:22 GMT
via
1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
JFK52-P4
x-cache
Miss from cloudfront
location
https://evt.undertone.com/t?trackerid=7729&cb=1720029064
content-length
0
x-amz-cf-id
4aLKJvkgWWeZVmk_BzGJ_yQyWt43tifYMZIscLlqEbr1huC1GRJmKA==
dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=*;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gc...
adservice.google.com/ddm/fls/z/ Frame 1A98 		42 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=*;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals
Requested by
Host: 9231397.fls.doubleclick.net
URL: https://9231397.fls.doubleclick.net/activityi;dc_pre=CN33saXyxIMDFYoGTwgdX7UJ9A;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://9231397.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1...
adservice.google.com/ddm/fls/z/ Frame 82D1 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=*;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals
Requested by
Host: 10742279.fls.doubleclick.net
URL: https://10742279.fls.doubleclick.net/activityi;dc_pre=CMvTs6XyxIMDFcYHTwgdeyAAbA;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://10742279.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
log_event
www.youtube.com/youtubei/v1/ Frame 61E2 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time
1704411142200
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
X-YouTube-Client-Version
1.20231217.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
CgtZbnhORlJSYmNZSSiBgN2sBjIKCgJVUxIEGgAgVg%3D%3D
X-YouTube-Ad-Signals
dt=1704411138985&flash=0&frm=2&u_tz=-600&u_his=4&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
log_event
www.youtube.com/youtubei/v1/ Frame E356 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time
1704411142236
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
X-YouTube-Client-Version
1.20231217.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
CgtXQTlwYmk2MlV5NCiBgN2sBjIKCgJVUxIEGgAgLw%3D%3D
X-YouTube-Ad-Signals
dt=1704411139036&flash=0&frm=2&u_tz=-600&u_his=4&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 23:32:22 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
63e69a5c76391b80217ca3a1e7
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/63e69a5c76391b80217ca3a1e7
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
3d1c9cc2c42b0d0b0432064c8a612fda3db132c898213536b374fc6295ab7993
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjY3ZWJiYzc0LTY5MmItNGUzZS04ZWU1LWExNGQ4M2I5Y2FkNSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMTExMCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsSEJKd0toSGxYb1JsSElXd0dZWXhybEo6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjk0MCwiaWF0IjoxNzA0NDExMTQwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDc2MDU2MjUxNjc3MjU2In0.9n-1VoPWvwpILGkIyzMXSz4zYAseLMznFWfE1T38QmmMZRCbGEQ01NuM1TDbwrx6zBnvNSl6QRfXFAbnGjbV4A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

x-yottaa-profileid
5a0c9b7632f01c35d4210220
date
Thu, 04 Jan 2024 23:32:22 GMT
via
1.1 724c8c129f28bfce25c0430050f1ae72.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
EWR50-C1
age
0
x-yottaa-optimizations
ob/1000 si/38D1cc0231ab-1704395137-5593139947 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
deprecated
x-cache
Miss from cloudfront
content-length
1011
etag
39de1d5787f920f1d6b591113a3ee923573b8a0d8a56229d1ea090dc84872408
allow
DELETE,GET,HEAD,OPTIONS,PATCH
content-type
application/json;charset=UTF-8
x-dw-resource-state
39de1d5787f920f1d6b591113a3ee923573b8a0d8a56229d1ea090dc84872408
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-os
200
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/63e69a5c76391b80217ca3a1e7
accept-ranges
bytes
cf-ray
840747c90e1d7fdc-IAD
x-dw-request-base-id
SZh0hwZAl2UBAAB_
x-amz-cf-id
G2I5RVVPDHN5wbLHvQ4xC9LtBilD8wVC3OaYGSA34PaVAj3YjS_sRQ==
x-yottaa-metrics
3821cc02316a/[224,222,-] 38D1cc0231ab/[-,229.527]
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.2.133.82 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 04 Jan 2024 23:32:22 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/ 		216 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c07::5b Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 10:43:12 GMT
content-encoding
br
x-content-type-options
nosniff
age
132550
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68492
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 02:44:34 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 02 Jan 2025 10:43:12 GMT
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		272 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.136.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-136-211.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8dea6b2240fed7b9dccb7a71b05a27a2b41908306b12c498c2c718856568a3cd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Thu, 04 Jan 2024 23:32:22 GMT
Last-Modified
Mon, 22 May 2023 13:58:04 GMT
Server
Apache
ETag
"22004f-4412b-5fc48a8e49847"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
57612
Expires
Thu, 04 Jan 2024 23:47:22 GMT
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Thu, 04 Jan 2024 23:32:22 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
js
www.paypal.com/sdk/ 		406 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6e848d0b492539df00f84e58a63d237c58fbab26b7c07243795bb0d10f2428f2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-JPVtfSmgU6/V+gA1Ua5Y859HZso7SgMP1EjyFHIkryYoEugo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-JPVtfSmgU6/V+gA1Ua5Y859HZso7SgMP1EjyFHIkryYoEugo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-JPVtfSmgU6/V+gA1Ua5Y859HZso7SgMP1EjyFHIkryYoEugo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-JPVtfSmgU6/V+gA1Ua5Y859HZso7SgMP1EjyFHIkryYoEugo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 04 Jan 2024 23:32:22 GMT
age
8851
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f692852a623d8
server-timing
"traceparent;desc="00-0000000000000000000f692852a623d8-60f29541523b7f82-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
113567
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200163-BUR, cache-yyz4575-YYZ, cache-yyz4575-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f692852a623d8-4b0a50b7524cc4aa-01
x-timer
S1704411143.761351,VS0,VE6
etag
W/"1bb9f-ZMg8mgqn9dqIPJn7MnQi0sUzvhY"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
7, 1, 0
/
websdk.appsflyer.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=banners&
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:775a New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 23:32:22 GMT
Content-Encoding
gzip
x-amz-request-id
2YB2S79F7M1AYA0H
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
11792
x-amz-id-2
zv8gjwupVIE8rjvpBDLtKTftzWpNC38nKXy5SoA9M4CleAIvm2p/AV+zJcIejoEzSUvSi4VBbsk=
Last-Modified
Wed, 14 Jun 2023 06:58:45 GMT
Server
AmazonS3
ETag
"5a676288bcea03bd05e483bc4ce066ae"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=956
Accept-Ranges
bytes
X-DataStream-Cache-Status
2
Expires
Thu, 04 Jan 2024 23:48:18 GMT
loader.js
cdn.usehero.com/ 		98 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/loader.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:e800:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:06:37 GMT
content-encoding
br
via
1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P1
age
1546
x-amz-server-side-encryption
AES256
etag
W/"fbf714a58cbac38c0deea519667d9044"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
coYo90d8vTMhU-wIrLsWmmn_m4NwezAQrpGqiUSY96EPPvPMe4HGpg==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10812184462/?random=1704411140031&cv=11&fst=1704411140031&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&auid=370987754.1704411140&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3d3c8ead180f5d15ab5e5f4cb72be1fc3f391a2000dc62fd6bf2ed1f7cec06c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1270
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/698270988/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/698270988/?random=1704411140037&cv=11&fst=1704411140037&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&value=0&bttype=purchase&auid=370987754.1704411140&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.174.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qc-in-f156.1e100.net
Software
cafe /
Resource Hash
c6f4ce85f38e9bafa58f3ccb3ab958b553973bad14172040760af7f06ac68a7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1626
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/865242110/?random=1704411140093&cv=11&fst=1704411140093&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&auid=370987754.1704411140&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0c17844102c55760dfdcd4d496c3323d63563def9a2b8e85d5102c599ed53624
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1298
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1704411140094&cv=11&fst=1704411140094&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&hn=www.googleadservices.com&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&auid=370987754.1704411140&uamb=0&uaw=0&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&rfmt=3&fmt=4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c03::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6d2a323bf08b0afcbc0c198658b7adb2462d07a433ead5da4c2385b095ee6cd3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1296
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
scevent.min.js
sc-static.net/ 		41 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.74.246 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-74-246.jfk52.r.cloudfront.net
Software
CloudFront /
Resource Hash
e5fdb3ea4cc4cf6b0f77fce3b54d03d78a697bec33bb1a023b964e8be16aea5f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
gzip
via
1.1 44bf771f8484aeae8f408da7ade14f32.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
JFK52-P5
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
17883
x-amz-cf-id
PR1ytfWEQ26AI9eESoKqJhDB2Nl5zVw1gM8uvquprEhnXZFKYujenQ==
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d85::1931 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c6bba8ad5ad5ec6a4fef018600b107f518172053fdf5cb10200cac55ee23f2d1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

akamai-x-true-ttl
7200
content-encoding
br
x-cdn
akamai
etag
"261eea34e740f104987183dec4bb78b6"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=7200
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
content-length
1836
fbevents.js
connect.facebook.net/en_US/ 		202 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fefd09307baf0332b143c3c14fb6851c10e354362510d85a0c43d7e3c479093c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 04 Jan 2024 23:32:22 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54345
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
cA/NMfAhXJO/FZIze/zWLP5Y1uFekBdMsxvUZG3l72mbMucPzj0Ba7VqiF9IzXbdwWVtHTrlu5x1BEpaNzQlFA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Tue, 12 Dec 2023 19:56:38 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8123
/
www.google.com/pagead/1p-user-list/10812184462/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10812184462/?random=1704411140031&cv=11&fst=1704409200000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_ksoIdX7BCLaEMOZMzFGEkbVduhMDyigwKVflH2MMLtcqWV6M&random=343797093&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c03::93 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
6a4a0717c74846dd12dde0d18ef7b082f2a1405d72a420e5d34b6979451e7131

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
40c9a4e2.5cdf57cd
date
Thu, 04 Jan 2024 23:32:22 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2401042332223B725E57429BE33FAEB4-1561DEA32BF18263-00
x-cache
TCP_MISS from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
34,23.195.36.71
server-timing
cdn-cache; desc=MISS, edge; dur=12, origin; dur=22, inner; dur=4
content-length
1950
pragma
no-cache
server
nginx
x-tt-logid
202401042332223B725E57429BE33FAEB4
x-cache-remote
TCP_MISS from a23-218-223-9.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
22,23.218.223.9
x-tt-trace-host
01cff7bee3c7a845e9ddfdd7395c8b93755b828e8ddadc674dbd22d27eedecc142cdea7d09910ccf820514d339b2bed3ec5059df96ad9732cf7ae4cc7fb61058ac2a5020f43b8a674ef460a79718e19aa8114a734bbdfa4378c221776a79a63cbca73c19f5c4d9f49c8a3a7ce684ad74c9
expires
Thu, 04 Jan 2024 23:32:22 GMT
local
www.paypal.com/credit-presentment/experiments/ Frame B443 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3fc6b6bcffd05473bac21ae5accce811325fefd1eed62722fef4ee1713802a3e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
36934
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1525
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Thu, 04 Jan 2024 23:32:22 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-/Aa6EOLj6s29fqXofNmQvLlyL+g"
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f7733657a90a2
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f7733657a90a2-7cde213f1f371e66-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f7733657a90a2-35b19da423644d04-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
5750, 686, 0
x-served-by
cache-bur-kbur8200094-BUR, cache-yyz4575-YYZ, cache-yyz4575-YYZ
x-timer
S1704411143.956434,VS0,VE8
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.418&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8d054194148fbdb3260500d31ab31353ff39b9e5679c92a1d44f5487b3cecf35
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-JAhGPj/uDe1j6yajXWY7MKpLWK3UV/E4PddFf1ysM/64Iczu' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-JAhGPj/uDe1j6yajXWY7MKpLWK3UV/E4PddFf1ysM/64Iczu' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 04 Jan 2024 23:32:22 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
9183
x-cache
HIT, HIT, MISS
paypal-debug-id
f53350889d962
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4796
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200020-BUR, cache-yyz4575-YYZ, cache-yyz4575-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f53350889d962-961008be7c72b59c-01
x-timer
S1704411143.958938,VS0,VE6
etag
W/"3691-yOdm5rEQzKcyf3/v7lP0ceenfo8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
10, 3, 0
/
www.google.com/pagead/1p-user-list/865242110/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/865242110/?random=1704411140093&cv=11&fst=1704409200000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_gLHiLlzTwkP2ER_TVaAATlHqYfN6V-jJ97fBc3KBram3E8mY&random=3634512005&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c03::93 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:22 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
en-us.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/vendors~offers/locale/ 		61 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/vendors~offers/locale/en-us.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.136.211 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-136-211.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dfc983293c9baf693a719da3c69be679cbe8aea18c8f35a7abfef41f14800e9c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Thu, 04 Jan 2024 23:32:23 GMT
Last-Modified
Mon, 22 May 2023 13:58:04 GMT
Server
Apache
ETag
"200109-f346-5fc48a8d9f7d1"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6295
Expires
Thu, 04 Jan 2024 23:47:23 GMT
/
www.google.com/pagead/1p-user-list/698270988/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/698270988/?random=1704411140094&cv=11&fst=1704409200000&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&data=ecomm_prodid%3D%3Becomm_totalvalue%3D&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_rKrAIaXOHuSF6MvyvZOdMOWocs7Ql_ZsSPwS6c7oGOKQOdHO&random=2565021064&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c03::93 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget.js
js.jebbit.com/companion/v1/ 		44 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:3400:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 01:44:33 GMT
x-amz-version-id
Uw77y8f3Lm7O6.ZhO9qLmkRQyA3BbYtB
via
1.1 f7c13eeb01f01c4623bb4e70dbaa731a.cloudfront.net (CloudFront)
last-modified
Thu, 21 Dec 2023 18:01:49 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
78471
etag
"c3a781ab856fe1e791e7bbb3d0023f28"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45036
x-amz-cf-id
c8meniGlZFpKz8W9W1HVATfA4Tcoxdl-iX6fUq25cDb5GRui6tRdsg==
i.js
tag.wknd.ai/6664/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
abdc8732cde1ec013d6c32d0a6d490ab03a2ee6f4c107eb170ffee9a2fdf702a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:31:05 GMT
content-encoding
gzip
via
1.1 google
age
78
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5535
server
istio-envoy
etag
9bad06d4517de0
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Thu, 04 Jan 2024 23:32:23 GMT
last-modified
Fri, 10 Nov 2023 20:09:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5113E1E028EF47569A1B0A64FE636F91 Ref B: EWR311000107017 Ref C: 2024-01-04T23:32:23Z
etag
"80abcdf1114da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13175
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		284 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-94.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b24c214fcfb8abe0f59cb6964248056f89eaf8e9b8719eb0c14e529cb164dad1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 15:55:49 GMT
content-encoding
br
via
1.1 4229f114865802c4acd3e785fddcbf9c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P6
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
69463
last-modified
Thu, 04 Jan 2024 15:53:58 GMT
server
AmazonS3
etag
"7df042b6511e2178e96a883621506865"
vary
Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
9gLrPCz9uJL0LOVThzmTHLhNfoVErewGcvAWTcyO8xRBN6Vv7l368A==
sdk.js
analytics.tiktok.com/i18n/pixel/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRR4GA0I9JJBU29G8GF0
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
6fae6ee38322bd431746cef6a06331484afab6af5c2ab83da404b51e4e2ad4bd

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
5cdf596a
date
Thu, 04 Jan 2024 23:32:23 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24010423322376D06AC065B06135BEA9-72F9F8D032ED532F-00
x-cache
TCP_MISS from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=2, cdn-cache; desc=MISS, edge; dur=1, origin; dur=11
content-length
2378
pragma
no-cache
server
nginx
x-tt-logid
2024010423322376D06AC065B06135BEA9
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
11,23.195.36.71
x-tt-trace-host
01cff7bee3c7a845e9ddfdd7395c8b937585ced4d1c01276d962c743a2efd2164debec0131cf31c31a89308227746bb6a5b519e561a6f18ee1846ab9126501bb30ff2bc01f7e04918ea852834e5c473abf5ec18e8847bbca520f4592af3f3e43c4
expires
Thu, 04 Jan 2024 23:32:23 GMT
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-length
0
date
Thu, 04 Jan 2024 23:32:23 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f87466908d388
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f87466908d388-746e6b107a37a504-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-served-by
cache-bur-kbur8200045-BUR, cache-yyz4521-YYZ, cache-yyz4521-YYZ
x-timer
S1704411143.069609,VS0,VE114
logger
www.paypal.com/xoplatform/logger/api/ 		1016 B
916 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0efb39eb3587e0574eb8f6ce1f32a96ece39e25d17e6397cf07c7b39264be512
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS, MISS
paypal-debug-id
f874669e364eb
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200163-BUR, cache-yyz4521-YYZ, cache-yyz4521-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f874669e364eb-3bde613f7b91acc6-01
x-timer
S1704411143.212181,VS0,VE120
etag
W/"3f8-VTgRymjr5bfhoZOjeYCXalJrPY0"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
x-cache-hits
0, 0, 0
js
www.googletagmanager.com/gtag/ 		274 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d9eb4a2283949b30cf8b3edcd05d93231f571c4423866f8e4fea952ee3409297
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92916
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 04 Jan 2024 23:32:23 GMT
ca.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ca.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
x-amz-version-id
dvAy7GXrqwLuSBAGPJKkffg4vESWUWRi
via
1.1 5dccc983b54773fbbd262d2029a805d6.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
EWR50-C1
age
2099668
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1101 si/38D1cc0231ab-1702308518-6870828836 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
621192
content-length
679
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
3821cc02314c/[4,-,1702311441784] 38D1cc0231ab/[hit]
x-amz-cf-id
8jXhYjjql-wQ2P6WeXrDfYd9xIjpefscFMFBKi-NM2K4men31hccaA==
js
www.paypal.com/sdk/ Frame B443 		406 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6e848d0b492539df00f84e58a63d237c58fbab26b7c07243795bb0d10f2428f2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-JPVtfSmgU6/V+gA1Ua5Y859HZso7SgMP1EjyFHIkryYoEugo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-JPVtfSmgU6/V+gA1Ua5Y859HZso7SgMP1EjyFHIkryYoEugo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-JPVtfSmgU6/V+gA1Ua5Y859HZso7SgMP1EjyFHIkryYoEugo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-JPVtfSmgU6/V+gA1Ua5Y859HZso7SgMP1EjyFHIkryYoEugo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 04 Jan 2024 23:32:23 GMT
age
8851
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f692852a623d8
server-timing
"traceparent;desc="00-0000000000000000000f692852a623d8-60f29541523b7f82-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
113567
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200163-BUR, cache-yyz4575-YYZ, cache-yyz4575-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f692852a623d8-4b0a50b7524cc4aa-01
x-timer
S1704411143.167906,VS0,VE4
etag
W/"1bb9f-ZMg8mgqn9dqIPJn7MnQi0sUzvhY"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
7, 2, 0
/
www.google.com/pagead/1p-conversion/698270988/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=841105043&cv=11&fst=1704411140037&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=841105043&cv=11&fst=1704411140037&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-conversion/698270988/?random=841105043&cv=11&fst=1704411140037&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&value=0&auid=370987754.1704411140&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlIQXZfUEp3VUZJcVBWeWN5VGhMSXo1STIyeXZUcHVsMlh5ellYU21iQVp5GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3J3cW0wd3AzUURUeGVJTTAyYXNPOHVET0dUb3R4YUl4ZmpoeTgyWE5CSFJtWGo3Tjg3RWtJSmMiEwi-9uGl8sSDAxVzaUcBHcImAzQ&is_vtc=1&ocp_id=BkCXZb7bM_PSnboPws2MoAM&cid=CAQSKQAvHhf_GfNwkW7a-MUKLtNHkIeIWYj2SF83as0gEpDtsA220HFMUIL4&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1ns27XXmVCxpDTGdaKJCsFEUV_C9v60EgQ&random=2214928578
Protocol
H3
Server
2607:f8b0:400d:c03::93 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://www.google.com/pagead/1p-conversion/698270988/?random=841105043&cv=11&fst=1704411140037&bg=ffffff&guid=ON&async=1&gtm=45He4130v896608294&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&label=87uyCIuRktcBEIyK-8wC&hn=www.googleadservices.com&frm=0&tiba=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&value=0&auid=370987754.1704411140&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ012WnJBWVFxOGF3cHJyOTVzaElFaVVBZ0k4ZFlIQXZfUEp3VUZJcVBWeWN5VGhMSXo1STIyeXZUcHVsMlh5ellYU21iQVp5GldDaEFJZ012WnJBWVF1dlM3NW9qOTlPOVpFaTBBcHFPQ3J3cW0wd3AzUURUeGVJTTAyYXNPOHVET0dUb3R4YUl4ZmpoeTgyWE5CSFJtWGo3Tjg3RWtJSmMiEwi-9uGl8sSDAxVzaUcBHcImAzQ&is_vtc=1&ocp_id=BkCXZb7bM_PSnboPws2MoAM&cid=CAQSKQAvHhf_GfNwkW7a-MUKLtNHkIeIWYj2SF83as0gEpDtsA220HFMUIL4&eitems=ChAIgMvZrAYQw9j20OTu84c0Eh0APKHi1ns27XXmVCxpDTGdaKJCsFEUV_C9v60EgQ&random=2214928578
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
main.43c0095c.js
s.pinimg.com/ct/lib/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.43c0095c.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:d85::1931 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2eed3688f56478253ff9082b0c34cc0e7fc12371988309e5c80edf3789bde5ae

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

akamai-x-true-ttl
1209600
content-encoding
br
x-cdn
akamai
etag
"1f52f76b492e69ca67bc930049f713de"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=1209600
accept-ranges
bytes
content-length
19076
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1704411143174&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=b799319a-da72-4efc-a595-25cf5a5b6334&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
display
api.usehero.com/webplugin/ 		162 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/display?appId=efcf9631-4c6b-4874-9f76-51f71464249a&location=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&state=untouched&outboundFeature=
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
e1837b4c48824efbdeb88fa921eeea9770c4dd3be8d573289d96a6f1d90a6752
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
ba3dcf63-f213-42f4-b968-c4ea6bc8d50c
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
pragma
no-cache
referrer-policy
same-origin
etag
W/"a2-cnNQcewKlAvDt+1BOSpdgMCm5zA"
x-frame-options
SAMEORIGIN
x-geo-zip
14202
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
42.88670
x-accuracy
20
expires
0
date
Thu, 04 Jan 2024 23:32:23 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/New_York
x-envoy-upstream-service-time
12
content-length
162
x-xss-protection
0
x-request-id
ba3dcf63-f213-42f4-b968-c4ea6bc8d50c
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
US
x-geo-city
Buffalo
1638306756445368
connect.facebook.net/signals/config/ 		144 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.139&r=stable&domain=www.elfcosmetics.com
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f68073f49c7ef260ff7449f77367ebe5863bc313d44391857eb952d2ebd1885d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 04 Jan 2024 23:32:23 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
37636
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
XhEqwSUQ+iPt0tw3pjZfiR/A6qfvsvAwRVBadfG38kGifQXbFVc4D13ubgM4Wx8fdQib5u5vdajEzA6LS0AdMw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
main.MWZkNjY4MmI1MQ.js
analytics.tiktok.com/i18n/pixel/static/ 		396 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7bb9a0e065f86710347b5cbdc6d013eb6e41733771f933a3217292258d6d2d13

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
5cdf5d03
date
Thu, 04 Jan 2024 23:32:23 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202401041515104440E62580300D77A006
x-tt-trace-id
00-2401041515104440E62580300D77A006-707065055C19A34C-00
vary
Accept-Encoding
x-cache
TCP_HIT from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
010ec2b7740bb65ffc98cf1480d8b9fd6a4a4fa940e43a08e9814ecb71b3d608ab003dcfb63a81585c73ee4d01734d5fcac6694ff0e1133fed3eb2c731f3ce7a8e33e2cb4cb59b020704cebeadb72b10d56aabe57e08ef249c58e2ef2d5e2e9dce
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
106793
ts
t.paypal.com/ 		42 B
432 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704411143273&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (dcd/7D4B) /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
correlation-id
8c9e8f198926f
server
ECAcc (dcd/7D4B)
traceparent
00-00000000000000000008c9e8f198926f-22c6f96a680f12ba-01
vary
Accept-Encoding
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
8c9e8f198926f
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin
*
expires
Thu, 04 Jan 2024 23:32:23 GMT
p
tr.snapchat.com/ 		68 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&ev=PAGE_VIEW&intg=gtm&pids=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_c1=a4d083ed-8442-433f-a4f6-fcb9df3ba189&u_sclid=0837a9b0-82d3-49d9-ae8a-03b709a6605d&u_scsid=44afc8b1-46eb-4edc-beaa-9c6cd32fb6ed&bt=1d53c387&d_bvs=%5B%5D&df=true&huah=true&m_dcl=2650&m_fcps=2509&m_pi=2649&m_pl=7526&m_pv=2&m_rd=8349&m_sh=1200&m_sl=0&m_sw=1600&pl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&trackId=99376885-ec17-44f3-98b4-72f0ab70235c&ts=1704411143295&v=3.8.0-2401042024
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
jsp
ut.rd.linksynergy.com/ 		148 B
404 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
9f8d57ef027fc405d535bbb83dc45d863db5dd6314c29c44ad78b1b59c4519ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type
text/plain; charset=utf-8
date
Thu, 04 Jan 2024 23:32:23 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
x-samesite
secure
main.MWZkNjY4MmI1MA.js
analytics.tiktok.com/i18n/pixel/static/ 		376 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
bc1c05bdd3b01d9aa9d49cd9381d674cb1e061a55698f2fabf7813ea46036956

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
5cdf5ddc
date
Thu, 04 Jan 2024 23:32:23 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202401041514511271AE8633B68E2FE0ED
x-tt-trace-id
00-2401041514511271AE8633B68E2FE0ED-42B6D3CE522FE42A-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01e02dc4431cff0f39f8dbd13845277e5f3cbc20fca92aac715ef6568e8bce9aed595856856484e081aceb7040a285a8e6ad743fbbc78b119b0b29663f13e71188771f76601f0434dc6b0f6027c36885e29dc79769367b046398437ea2ac00dfbd
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length
103011
collect
analytics.google.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4130v879088318z8896608294&_p=1704411138577&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1154552486.1704411141&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=&sid=1704411143&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&en=page_view&_fv=1&_ss=1&ep.page_type=content&ep.page_environment=production&ep.page_country=CA&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=8439
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=1154552486.1704411141&gtm=45je4130v879088318z8896608294&aip=1&dma=0&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:3400:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id
RTEvjx9S_f.J6xhm_CGfuKjdaFCgE8S4
date
Thu, 04 Jan 2024 19:44:57 GMT
via
1.1 f7c13eeb01f01c4623bb4e70dbaa731a.cloudfront.net (CloudFront)
last-modified
Thu, 21 Dec 2023 18:01:49 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
13647
x-amz-server-side-encryption
AES256
etag
"8e754beaa7f32e405c184f00c12cece1"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15502
x-amz-cf-id
pHdYoS5BQA-54pGOUlXn677WKEpYMdgjDmmUvE2qxnggyLYyTc339A==
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGY29zbWV0aWMtY3JpbWluYWxz&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.236.46.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-46-241.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
x-dns-prefetch-control
off
content-length
2
x-xss-protection
1; mode=block
pragma
no-cache
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-download-options
noopen
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
expires
0
5013978.js
bat.bing.com/p/action/ 		0
117 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Thu, 04 Jan 2024 23:32:23 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: CC981330825A4D25A91F9AA51C018108 Ref B: EWR311000107017 Ref C: 2024-01-04T23:32:23Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=4161cde7-b88c-4895-853b-c79c696dee6f&sid=83142b70ab5911ee9f7567b959f12ff6&vid=83147680ab5911ee8cf973baacef3033&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&r=&lt=7527&evt=pageLoad&sv=1&rn=204853
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jan 2024 23:32:23 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 18E9384F794141239CB9CE7569360D8E Ref B: EWR311000107017 Ref C: 2024-01-04T23:32:23Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
plugin.5.46.0.js
cdn.usehero.com/ Frame E71F 		244 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/plugin.5.46.0.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:e800:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:00:51 GMT
content-encoding
br
via
1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P1
age
1895
x-amz-server-side-encryption
AES256
etag
W/"e840bbd769b547fed1c31518dde8fa55"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
3dN6skmf6s6yLYGJweB3__txl1cq6vqgh3-kZrHLoSpHHGChuUnHBg==
pageview
c.contentsquare.net/ 		0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?pid=1926&uu=968d62b4-0b47-a4e5-f266-319e48330c34&sn=1&hd=1704411143&pn=1&dw=1600&dh=7475&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&uc=0&la=en-US&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&v=13.76.3&pvt=n&ex=&r=264697
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.10.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-10-10.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
/
ct.pinterest.com/user/ 		298 B
714 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1704411143526&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.43c0095c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.7024c317.1704411143.ec7e7138
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=600
content-length
173
x-pinterest-rid
1153651805164966
pin-unauth
dWlkPU1EQTBOV1ZpWVRZdE56ZzVPUzAwTkdKakxUZ3haakl0WW1ZNU16UmxOR1JqTkdWaA
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
02c339f3f7ae02d50ba1becd35099d6dbebe0149
expires
Sat, 01 Jan 2000 00:00:00 GMT
hash
www.paypal.com/credit-presentment/experiments/ Frame B443 		40 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_1008d27b27_mjm6mzi6mjm&disableSetCookie=true&features=disable-set-cookie
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Thu, 04 Jan 2024 23:32:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
0
edge-cache-tag
up-treatments-hash
x-cache
MISS, MISS, MISS
paypal-debug-id
f5836771fb439
server-timing
"traceparent;desc="00-0000000000000000000f5836771fb439-19eafb6ce81da44a-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
56
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200087-BUR, cache-yyz4575-YYZ, cache-yyz4575-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f5836771fb439-9bf6a12e2dac4d35-01
x-timer
S1704411144.573741,VS0,VE147
etag
W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-expose-headers
Server-Timing
cache-control
s-maxage=86400, max-age=0
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
5bb980fa-0c57-4be6-bcdc-144a88d24732
https://www.elfcosmetics.com/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.elfcosmetics.com/5bb980fa-0c57-4be6-bcdc-144a88d24732
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cd6f19ed889f24b9bcbde6c982c5b4ec540eb533baea58bf8e6bb1c14155c7d3

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Length
7329
Content-Type
application/javascript
/
ct.pinterest.com/v3/ 		35 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2243c0095c%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1704411143583
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
referrer-policy
origin
x-cdn
akamai
akamai-grn
0.7024c317.1704411143.ec7e7139
content-type
image/gif
access-control-allow-origin
*
pinterest-version
02c339f3f7ae02d50ba1becd35099d6dbebe0149
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
4
content-length
35
x-pinterest-rid
1425801814913603
expires
Sat, 01 Jan 2000 00:00:00 GMT
script-tag.js
cdn-scripts.signifyd.com/api/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-22.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ca67abd72277ede1c07eeb903847d902d19ec6e30fb5780a24ddff9d788bb300

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:20:05 GMT
content-encoding
gzip
via
1.1 c790ffcab27717f283a6e87f31c6d65a.cloudfront.net (CloudFront)
last-modified
Thu, 04 Jan 2024 17:50:03 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
740
x-amz-server-side-encryption
AES256
etag
W/"103f216174ff59c350586365462053e4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
ADUl3I8NW6P1UL4d135lh_LfYxEgmZmF3O_twJLV-3oRaCZRCdmHOQ==
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&rl=&if=false&ts=1704411143618&sw=1600&sh=1200&v=2.9.139&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1704411143607.440130904&ic=fbpixel&ler=empty&it=1704411143256&coo=false&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 04 Jan 2024 23:32:23 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
identify_55404.js
analytics.tiktok.com/i18n/pixel/static/ 		137 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_55404.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-akamai-request-id
5cdf62a7
date
Thu, 04 Jan 2024 23:32:23 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240104151451DB061653E0421D4370EB
x-tt-trace-id
00-240104151451DB061653E0421D4370EB-4651735D7D7D4739-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01e02dc4431cff0f39f8dbd13845277e5f3cbc20fca92aac715ef6568e8bce9aedafa88abc40a40c304d822eaef1d092d432950ba7fadf1c6a22aa1f4bcaf4102858ee8def5b03d80531352872d26b6056154a74e8d1105b955f86733d72212efb
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
37086
pangle_pixel
analytics.pangle-ads.com/api/v2/ 		0
966 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.201.169 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-201-169.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
47c1b7e4.14c07fca
date
Thu, 04 Jan 2024 23:32:23 GMT
x-bytefaas-request-id
202401042332237B034E886569AA8D8721
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2401042332237B034E886569AA8D8721-4A3170E351C4DFB1-00
x-cache
TCP_MISS from a23-44-200-105.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
x-parent-response-time
33,23.44.200.105
server-timing
cdn-cache; desc=MISS, edge; dur=20, origin; dur=13, inner; dur=5
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202401042332237B034E886569AA8D8721
x-cache-remote
TCP_MISS from a23-218-220-23.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
access-control-max-age
86400
access-control-allow-methods
*
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-bytefaas-execution-duration
2.97
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-gw-dst-psm
ad.union.pangle_web_traffic
x-tt-trace-host
01cff7bee3c7a845e9ddfdd7395c8b9375ac7ec197d63872fd2f27f8a151608f147e77180b3e29ad6be510c6c6e965b5bfb9033438a666e078e8b8fa418052ff3fa8011515bc9f5b7db5d5326b3ba9e39e31a2e6126ce4e7c81f956a9ca9ff8bce3837772c6cbd54ad566897ef784611da
x-origin-response-time
13,23.218.220.23
access-control-allow-headers
*
expires
Thu, 04 Jan 2024 23:32:23 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
841 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
40c9b982.5cdf639e
date
Thu, 04 Jan 2024 23:32:23 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240104233223FCE5AEB15E1A6615BC51-5CC619FF82A49565-00
x-cache
TCP_MISS from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
54,23.195.36.71
server-timing
cdn-cache; desc=MISS, edge; dur=11, origin; dur=47, inner; dur=43
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240104233223FCE5AEB15E1A6615BC51
x-cache-remote
TCP_MISS from a23-218-223-9.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
47,23.218.223.9
x-tt-trace-host
01cff7bee3c7a845e9ddfdd7395c8b93755b828e8ddadc674dbd22d27eedecc142cdea7d09910ccf820514d339b2bed3ecbe94161418574fca595027512045c535dae7a2ea534058c12a1cfd3c7ed7b1947f3d28bd382c6d0abdca06eb378bab7ca45165fce7438f9ccaa94343a96b002d
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jan 2024 23:32:23 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
703 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
5cdf639f
date
Thu, 04 Jan 2024 23:32:23 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240104233223CFC263FF8A0D9F7B4ACA-762DD45466CDDBB0-00
x-cache
TCP_MISS from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=58, cdn-cache; desc=MISS, edge; dur=3, origin; dur=66
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240104233223CFC263FF8A0D9F7B4ACA
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
66,23.195.36.71
x-tt-trace-host
01cff7bee3c7a845e9ddfdd7395c8b937585ced4d1c01276d962c743a2efd2164d530b092e84bfa744bf1951e154d16240a133ffb8d5f99493ca030732912eab4aff638365396ff111fa48d642c4c7f4b381bd08fb7a3c7ad37a616060db9ddbd0
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jan 2024 23:32:23 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
842 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
40c9bc04.5cdf63a0
date
Thu, 04 Jan 2024 23:32:23 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240104233223FEDC675495BC05244D62-76C607B31C805CA3-00
x-cache
TCP_MISS from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
225,23.195.36.71
server-timing
cdn-cache; desc=MISS, edge; dur=15, origin; dur=214, inner; dur=208
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240104233223FEDC675495BC05244D62
x-cache-remote
TCP_MISS from a23-218-223-9.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
214,23.218.223.9
x-tt-trace-host
01cff7bee3c7a845e9ddfdd7395c8b93755b828e8ddadc674dbd22d27eedecc142cdea7d09910ccf820514d339b2bed3ec6169094a9196532df4667e6f5d1706d2e84d30babb04d1cda43cce0970ef157bf723f49d5a8ae78dcc6256ddbb2522c551767dc101878b16ee64a46f25a40e09
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jan 2024 23:32:23 GMT
logger
www.paypal.com/xoplatform/logger/api/ Frame B443 		0
0
dvar
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=13.76.3&pid=1926&pn=1&sn=1&uu=968d62b4-0b47-a4e5-f266-319e48330c34&dv=H4sIAAAAAAAAA6tWcnSKd4mMd8%2FJT0rMUXDOzyspys9RCEktLlGyUnKpzEvMzUxWiMxMzUlRcK0oSC3KTM1LTi1W0oHqQ4gpGAI1hCUWZSaWZObnAXkwJT755QqeeSWpeSATA%2FILSnOAikoqlWoB8S1cunwAAAA%3D&ct=2&r=916787
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.10.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-10-10.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:23 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
log-origin
shield=SJC,src_ip=157.52.96.131,alternate_path=0,ip=157.52.96.81,port=443,name=shield_ssl_cache_sjc10081_SJC,status=200,reason=OK,method=GET,url="/muse/muse.js",host=www.paypalobjects.com
strict-transport-security
max-age=31557600
log-timing
fetch=62318,misspass=106,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
3fd9c4a83a728
dc
ccg11-origin-www-1.paypal.com
content-length
15742
x-served-by
cache-sjc10081-SJC, cache-yyz4524-YYZ
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
traceparent
00-00000000000000000003fd9c4a83a728-6a5561e0f3f2e3ff-01
x-timer
S1704411144.874235,VS0,VE0
etag
W/"64f25363-daa8"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
21, 6500
chunk.716.df63d46a2a86670d4b68.js
cdn.usehero.com/ Frame E71F 		841 KB
185 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:e800:13:d6f4:3240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:00:00 GMT
content-encoding
br
via
1.1 56d4c538e370aeaeaa8463ce6c4a1044.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 07:56:38 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P1
age
1952
x-amz-server-side-encryption
AES256
etag
W/"01e9e2a8624bcf27fee5e0a11db65672"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
2DEgM8S11FNQMW_C1bZDiizY15unXT1OaTxlXKmWxF0TyJiukfd61A==
c69c204f-fba0-4685-aea8-ad32f799fa5d.js
tr.snapchat.com/config/com/ 		185 B
206 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/config/com/c69c204f-fba0-4685-aea8-ad32f799fa5d.js?v=3.8.0-2401042024
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e96d1ae2515a7adf6e1fa754960645298839e87cd2a139fb6dc94c3e45ab9066
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
Origin
https://www.elfcosmetics.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
content-type
application/javascript
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
0
access-control-allow-credentials
true
alt-svc
clear, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
185
i
tr.snapchat.com/cm/ Frame 43DA 		672 B
740 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=44afc8b1-46eb-4edc-beaa-9c6cd32fb6ed&u_sclid=0837a9b0-82d3-49d9-ae8a-03b709a6605d
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
672
content-type
text/html
date
Thu, 04 Jan 2024 23:32:23 GMT
server
API Gateway
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
x-envoy-upstream-service-time
9
runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 16:56:44 GMT
content-encoding
br
age
542139
x-guploader-uploadid
ABPtcPpuUx_ZhXtJSHNE1KzC4p2qujyNHdHfzycprLd0eVB50XPeQaI908tXfOTF301cW-RN6uPcfgf_SFwbHtcO2yh7
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1317
last-modified
Wed, 29 Nov 2023 16:43:53 GMT
server
UploadServer
etag
"dbc90523c425a5d782995c1a39051881"
x-goog-generation
1701276233202747
x-goog-hash
crc32c=Xs/EYg==, md5=28kFI8QlpdeCmVwaOQUYgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1317
accept-ranges
bytes
content-type
text/javascript
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-22.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:14:57 GMT
content-encoding
gzip
via
1.1 c790ffcab27717f283a6e87f31c6d65a.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
1047
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
JKRp9jdcoD5-UjivzHh7IHK7x3WJZwM_9ecuTXckE9DHlql1jhM2jg==
ca.svg
www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/mobify/bundle/10314/static/img/flag-icons/ca.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/mobify/bundle/10314/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.49.171 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/en_CA/cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:24 GMT
x-amz-version-id
dvAy7GXrqwLuSBAGPJKkffg4vESWUWRi
via
1.1 5dccc983b54773fbbd262d2029a805d6.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
EWR50-C1
age
2099669
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1101 si/38D1cc0231ab-1702308518-6870828836 tts/1701194968684 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
621192
content-length
679
x-amz-meta-bundle
10314
x-yottaa-forcecache
true
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-metrics
3821cc02314c/[4,-,1702311441784] 38D1cc0231ab/[hit]
x-amz-cf-id
8jXhYjjql-wQ2P6WeXrDfYd9xIjpefscFMFBKi-NM2K4men31hccaA==
act
analytics.tiktok.com/api/v2/pixel/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZkNjY4MmI1MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.103 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-103.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
5cdf68f3
date
Thu, 04 Jan 2024 23:32:24 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240104233224CFC263FF8A0D9F7B4AD8-08D1D9CD30D6F8A3-00
x-cache
TCP_MISS from a23-195-36-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=40, cdn-cache; desc=MISS, edge; dur=4, origin; dur=53
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240104233224CFC263FF8A0D9F7B4AD8
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
53,23.195.36.71
x-tt-trace-host
01cff7bee3c7a845e9ddfdd7395c8b937585ced4d1c01276d962c743a2efd2164d530b092e84bfa744bf1951e154d16240f5a171b86b63cdbf6aca65782b5b1a6109d462e8b532462b99c9b4ad0c6499646824f2dc859dee0213fa1851eabbdf12
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jan 2024 23:32:24 GMT
scevent.min.js
sc-static.net/ Frame 43DA 		41 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: tr.snapchat.com
URL: https://tr.snapchat.com/cm/i?pid=c69c204f-fba0-4685-aea8-ad32f799fa5d&u_scsid=44afc8b1-46eb-4edc-beaa-9c6cd32fb6ed&u_sclid=0837a9b0-82d3-49d9-ae8a-03b709a6605d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.74.246 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-74-246.jfk52.r.cloudfront.net
Software
CloudFront /
Resource Hash
e5fdb3ea4cc4cf6b0f77fce3b54d03d78a697bec33bb1a023b964e8be16aea5f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tr.snapchat.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 20:48:42 GMT
content-encoding
gzip
via
1.1 44bf771f8484aeae8f408da7ade14f32.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
JFK52-P5
age
9822
etag
dc4e3509882e40c68a170453af779220
x-cache
Hit from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, s-maxage=86400, max-age=600
access-control-allow-headers
Content-Type
content-length
17883
x-amz-cf-id
LW2P-7ZSTbeZPwZNe-TYFVxb04h3X4t8OQVF8dhViDlWTdRsNU_bQQ==
shopper
api.usehero.com/localisation/ Frame E71F 		35 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/localisation/shopper?appId=efcf9631-4c6b-4874-9f76-51f71464249a&version=5.46.0
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:24 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-time-zone
America/New_York
klarna-correlation-id
052599d1-acb6-46cb-b44a-b8d30ea58a09
x-envoy-upstream-service-time
23
x-geo-longitude
-78.89270
x-request-id
052599d1-acb6-46cb-b44a-b8d30ea58a09
access-control-max-age
21600
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-country
US
cache-control
max-age=86400, public
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-zip
14202
access-control-allow-headers
DNT,Accept-Language,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-region-id,x-api-version
x-accuracy
20
index.html
www.paypalobjects.com/muse/analytics/ Frame 315F 		55 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
br
content-length
16039
content-type
text/html
date
Thu, 04 Jan 2024 23:32:24 GMT
dc
ccg11-origin-www-1.paypal.com
etag
W/"64f25363-dacc"
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
log-origin
shield=SJC,src_ip=157.52.96.92,alternate_path=0,ip=157.52.96.107,port=443,name=shield_ssl_cache_sjc1000107_SJC,status=200,reason=OK,method=GET,url="/muse/analytics/index.html",host=www.paypalobjects.com
log-timing
fetch=75614,misspass=95,do_stream=0
paypal-debug-id
7d8e18e65f05e
strict-transport-security
max-age=31557600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-00000000000000000007d8e18e65f05e-bff6b7eca9fa3c2d-01
vary
Accept-Encoding, Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
4, 6603
x-content-type-options
nosniff
x-served-by
cache-sjc1000107-SJC, cache-yyz4524-YYZ
x-timer
S1704411144.124659,VS0,VE0
main-v2_0c6b3370702e8a8cf028bd1c21cbeca6.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		479 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_0c6b3370702e8a8cf028bd1c21cbeca6.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2feb72cdd98edb61f89f3a74c5091320eb9ed1b7ddd047df087cdea601830bd

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 21:33:03 GMT
content-encoding
br
age
7161
x-guploader-uploadid
ABPtcPqEv1pH-FTGJl3k6QJAC6obAn3c9V5Y93AmlUmSqZ33hUPzfzSuEFM3tuaXMRwVp_DkqMeEAjiwauwe4-1rljFXdg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106734
last-modified
Thu, 04 Jan 2024 21:32:54 GMT
server
UploadServer
etag
"9495c0d49a042db99dbb87ad4e470f7b"
x-goog-generation
1704403974684066
x-goog-hash
crc32c=SFAejQ==, md5=lJXA1JoELbmdu4etTkcPew==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
106734
accept-ranges
bytes
content-type
text/javascript
cjs_min_1e55b565811f11b08485230cf1d150d6.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 13 Dec 2023 16:23:16 GMT
content-encoding
gzip
age
1926548
x-guploader-uploadid
ABPtcPoBYmommtKlBQLKIhoIH5TAoSfalsOm-ePG7e-TihViy0IH_ILba8ONrsyCoDl-d5mNeuE_ka7OBB-4KbO7J55bwtkS0dqS
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15751
last-modified
Wed, 13 Dec 2023 16:23:11 GMT
server
UploadServer
etag
"d7dc7d7ebcc4f5af5fc2d4804e7ec737"
x-goog-generation
1702484591435387
x-goog-hash
crc32c=3TW0yQ==, md5=19x9frzE9a9fwtSATn7HNw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15751
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
ozrp9sgnfub4rvy1.js
imgs.signifyd.com/ 		95 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ozrp9sgnfub4rvy1.js?r4yiapy0g12tqr26=w2txo5aa&16d66s4ndunzc37s=L2VuX0NBLzYzZTY5YTVjNzYzOTFiODAyMTdjYTNhMWU3
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
7a0ff98dfdd84660a2dda89144d11fca2a0c07f0b0bb76c14c777d6f75f8f00d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 23:32:24 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
noop.js
www.paypalobjects.com/muse/ Frame 315F 		18 B
409 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/noop.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypalobjects.com/muse/analytics/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits
348, 7238
date
Thu, 04 Jan 2024 23:32:24 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
log-origin
shield=SJC,src_ip=157.52.96.145,alternate_path=0,ip=157.52.96.145,port=443,name=shield_ssl_cache_sjc1000145_SJC,status=200,reason=OK,method=GET,url="/muse/noop.js",host=www.paypalobjects.com
log-timing
fetch=61899,misspass=103,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
7f4693eaf4cf1
dc
ccg11-origin-www-1.paypal.com
content-length
18
x-served-by
cache-sjc1000145-SJC, cache-yyz4524-YYZ
last-modified
Sat, 13 Feb 2021 00:26:56 GMT
traceparent
00-00000000000000000007f4693eaf4cf1-0dbd27aaa054f89f-01
x-timer
S1704411144.201189,VS0,VE0
etag
"60271cd0-12"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-client-location
US
settings
api.usehero.com/webplugin/ Frame E71F 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/webplugin/settings?appId=efcf9631-4c6b-4874-9f76-51f71464249a
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
532bcb8909320181167f847a492db322b746fe9d010daf0f8a10121b4e22cc97
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding
gzip
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
f142d112-f657-4113-a15e-4f230545a999
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
pragma
no-cache
referrer-policy
same-origin
etag
W/"64f-5vtIf06F9AHeeSALavoGvmhOwKU"
x-frame-options
SAMEORIGIN
x-geo-zip
14202
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-latitude
42.88670
x-accuracy
20
expires
0
date
Thu, 04 Jan 2024 23:32:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/New_York
x-envoy-upstream-service-time
14
x-xss-protection
0
x-request-id
f142d112-f657-4113-a15e-4f230545a999
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
US
x-geo-city
Buffalo
p
tr.snapchat.com/cm/ Frame 7C2D
Redirect Chain
  • https://tr.snapchat.com/cm/s?bt=1d53c387&pnid=140&cb=1704411144364&u_scsid=8e47df8c-3be7-46a2-bcff-8a3991fff913&u_sclid=8ed8f822-1f63-4383-96bc-0f24e4fbd600
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703025606854%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1703025606854%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
  • https://tr.snapchat.com/cm/p?rand=1703025606854&pnid=140&pcid=1bf33bc0-5ab8-429d-b81d-8f8e0bbc75d9
0
18 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/p?rand=1703025606854&pnid=140&pcid=1bf33bc0-5ab8-429d-b81d-8f8e0bbc75d9
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer
https://tr.snapchat.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-transform
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 23:32:24 GMT
server
API Gateway
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
x-envoy-upstream-service-time
11

Redirect headers

accept-ch
Sec-CH-UA Sec-CH-UA-Arch Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-Mobile Sec-CH-UA-Model Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-WoW64
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Thu, 04 Jan 2024 23:32:24 GMT
location
https://tr.snapchat.com/cm/p?rand=1703025606854&pnid=140&pcid=1bf33bc0-5ab8-429d-b81d-8f8e0bbc75d9
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
server
Jetty(11.0.13)
strict-transport-security
max-age=31536000
via
1.1 google
ts
t.paypal.com/ 		42 B
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704411144369&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (dcd/7D70) /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
correlation-id
bf79dc3206679
server
ECAcc (dcd/7D70)
traceparent
00-0000000000000000000bf79dc3206679-56bf421cc2573175-01
vary
Accept-Encoding
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
bf79dc3206679
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin
*
expires
Thu, 04 Jan 2024 23:32:24 GMT
ct.html
ct.pinterest.com/ Frame 88B0 		565 B
624 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

akamai-grn
0.7024c317.1704411144.ec7e7e82
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Thu, 04 Jan 2024 23:32:24 GMT
pinterest-version
02c339f3f7ae02d50ba1becd35099d6dbebe0149
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-cdn
akamai
x-envoy-upstream-service-time
0
x-pinterest-rid
5047908019108532
p
tr6.snapchat.com/ 		0
48 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr6.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 23:32:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
via
1.1 google, 1.1 google
server
API Gateway
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 22:34:55 GMT
content-encoding
br
age
262649
x-guploader-uploadid
ABPtcPq7y2PDgUb9D-XQCxqq7xXvs9az4A07PwU1zLtILIE2jBxm6HuL7gMfA8u23uCnA-ogYMJaiVHg3SuSlo_sebzpz7uxTHMQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4862
last-modified
Thu, 30 Nov 2023 22:44:49 GMT
server
UploadServer
etag
"e08d76c0eee63d930afa55862092fe13"
x-goog-generation
1701384289355604
x-goog-hash
crc32c=om6Z6Q==, md5=4I12wO7mPZMK+lWGIJL+Ew==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4862
accept-ranges
bytes
content-type
text/javascript
onsite-v2_5631bf90701659009118a89f964ae570.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_5631bf90701659009118a89f964ae570.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 07 Dec 2023 19:15:52 GMT
content-encoding
br
age
2434592
x-guploader-uploadid
ABPtcPpbcPoFXphw3Hqi1mBEGQLTACV5Dy-EM_HhHmEb8s8bs-taH8Joh-wOILd2fiK0VGvKlUpdPXnyytfj1_XMjUiPy4qRKnNI
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4962
last-modified
Thu, 07 Dec 2023 16:30:53 GMT
server
UploadServer
etag
"801d41813e7b11c4986b4ca00307283b"
x-goog-generation
1701966653034991
x-goog-hash
crc32c=+KL22A==, md5=gB1BgT57EcSYa0ygAwcoOw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
4962
accept-ranges
bytes
content-type
text/javascript
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 23:32:24 GMT
expires
0
klarna-correlation-id
e4628885-56f7-4047-9f85-c15d38b2ca82
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
5
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
e4628885-56f7-4047-9f85-c15d38b2ca82
x-time-zone
America/New_York
x-xss-protection
0
metrics
api.usehero.com/ Frame E71F 		0
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 23:32:24 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
68e78fdc-8c2e-4caa-99b7-0dc00daf30c6
x-envoy-upstream-service-time
9
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
68e78fdc-8c2e-4caa-99b7-0dc00daf30c6
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 23:32:24 GMT
expires
0
klarna-correlation-id
99dcb596-474d-4f36-b743-ce6c616235a8
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
4
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
99dcb596-474d-4f36-b743-ce6c616235a8
x-time-zone
America/New_York
x-xss-protection
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 23:32:24 GMT
expires
0
klarna-correlation-id
b845fee2-c0f8-41ae-b267-6ee81d031a1f
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
6
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
b845fee2-c0f8-41ae-b267-6ee81d031a1f
x-time-zone
America/New_York
x-xss-protection
0
metrics
api.usehero.com/ Frame E71F 		0
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 23:32:24 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
21007fcc-c0f8-4d57-9f1c-9f4ea24c7478
x-envoy-upstream-service-time
12
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
21007fcc-c0f8-4d57-9f1c-9f4ea24c7478
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame E71F 		0
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 23:32:24 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
35b516f1-a0fa-44c9-ae73-36822db1575c
x-envoy-upstream-service-time
10
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
35b516f1-a0fa-44c9-ae73-36822db1575c
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
lineup
api.usehero.com/info/ Frame E71F 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/info/lineup?appId=efcf9631-4c6b-4874-9f76-51f71464249a&id=3VNlAm9GwR
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
67acfe8674f4e40ac89008665f0bc1dd9b2e02976fa90c22366a848a2df7ed18
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-permitted-cross-domain-policies
none
surrogate-control
no-store
x-dns-prefetch-control
off
klarna-correlation-id
71ac8d48-c0dc-4fe5-b51d-b21d3ded73ea
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
pragma
no-cache
referrer-policy
same-origin
etag
W/"11c-3Q2EMhBUhnJBdPflPj8+4x+UT8I"
x-frame-options
SAMEORIGIN
x-geo-zip
14202
content-type
application/json; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
public, max-age=120
x-geo-latitude
42.88670
x-accuracy
20
expires
0
date
Thu, 04 Jan 2024 23:32:24 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
cross-origin-embedder-policy
require-corp
x-time-zone
America/New_York
x-envoy-upstream-service-time
6
content-length
284
x-xss-protection
0
x-request-id
71ac8d48-c0dc-4fe5-b51d-b21d3ded73ea
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-country
US
x-geo-city
Buffalo
graphql
www.paypal.com/targeting/ Frame 315F 		435 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f6ec6449ec80e5ce2f54eee8424f8a0e048d91dabbe490971393a0760eb24401
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-DIFtm0/cyCyRvo61hzR2JUud4i6TCJmolFWa2JgV2G11yJBm' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypalobjects.com/
disable-set-cookie
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-DIFtm0/cyCyRvo61hzR2JUud4i6TCJmolFWa2JgV2G11yJBm' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
disable-set-cookie
true
date
Thu, 04 Jan 2024 23:32:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f6103543c6181
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200153-BUR, cache-yyz4575-YYZ, cache-yyz4575-YYZ
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f6103543c6181-009ae8d24d61a802-01
x-timer
S1704411145.743303,VS0,VE206
etag
W/"1b3-WfkScvPIZzPkfs4ePfR1h+BCPcA"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
graphql
www.paypal.com/targeting/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,disable-set-cookie
Access-Control-Request-Method
POST
Origin
https://www.paypalobjects.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type,disable-set-cookie
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Thu, 04 Jan 2024 23:32:24 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f610354ac8f7d
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f610354ac8f7d-f0e4aa128492715a-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-bur-kbur8200056-BUR, cache-yyz4521-YYZ, cache-yyz4521-YYZ
x-timer
S1704411145.597367,VS0,VE125
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=13.76.3&pid=1926&pn=1&sn=1&uu=968d62b4-0b47-a4e5-f266-319e48330c34
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.97.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-97-89.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 04 Jan 2024 23:32:24 GMT
content-length
2
content-type
application/json
metrics
api.usehero.com/ Frame E71F 		0
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 23:32:24 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
2ea6f9f5-f3ad-44b1-bf54-26ba949ce9a4
x-envoy-upstream-service-time
9
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
2ea6f9f5-f3ad-44b1-bf54-26ba949ce9a4
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 23:32:24 GMT
expires
0
klarna-correlation-id
d4c366ed-9a16-4dad-9b74-fa708a8400bb
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
24
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
d4c366ed-9a16-4dad-9b74-fa708a8400bb
x-time-zone
America/New_York
x-xss-protection
0
p
tr.snapchat.com/ 		0
16 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 23:32:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google, 1.1 google
server
API Gateway
access-control-allow-origin
https://www.elfcosmetics.com
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.107.244.18 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
18.244.107.34.bc.googleusercontent.com
Software
/
Resource Hash
781917476862613efa795e439adf37ccd1a4ad5f854b2bab69f3e0efa5f9fb37

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:24 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.44.52 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
52.44.149.34.bc.googleusercontent.com
Software
/
Resource Hash
56a91178be19c73d3cd57f522c0c8dc23246780057acf2a768f0fd7b12bf492a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:24 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.120.206.65 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
65.206.120.34.bc.googleusercontent.com
Software
/
Resource Hash
8e3855213b9f60776e7039c2b789c570847cca790cd4ae78327e7b09da3d2eb3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:24 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
upload.usehero.com/avatars/ Frame E71F 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 16:30:07 GMT
via
1.1 2e60669cf4a63082b5e4935391509354.cloudfront.net (CloudFront)
last-modified
Tue, 22 Feb 2022 11:23:23 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
25338
etag
"3436467bdbf884d229cc844f2d56d81a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1279
x-amz-cf-id
WM80KkOvx-dPNng36OoIBWXUA7qUX2VkyyOWDmMB9PaQyAVQiFoQEw==
lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
upload.usehero.com/avatars/ Frame E71F 		928 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 18:18:39 GMT
via
1.1 2e60669cf4a63082b5e4935391509354.cloudfront.net (CloudFront)
last-modified
Sun, 12 Feb 2023 00:23:18 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
18827
x-amz-server-side-encryption
AES256
etag
"278d510e97539c507718c7343b8f3dc7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
928
x-amz-cf-id
6qw0DUu5Dg4xzrMEdnJy2txL8rmrEO3Ajo7vtBslBuTbYxsLitfYyg==
U5YtXBWRyw-lXZknMeYZw50zvH2qmOtC-56x56.jpg
upload.usehero.com/avatars/ Frame E71F 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/U5YtXBWRyw-lXZknMeYZw50zvH2qmOtC-56x56.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6c31aab66c7d12f65fb2d3d9feb66b5eaa697471a6259c19f65d55337eee0d5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 14:17:28 GMT
via
1.1 2e60669cf4a63082b5e4935391509354.cloudfront.net (CloudFront)
last-modified
Thu, 06 Apr 2023 20:17:49 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
33297
x-amz-server-side-encryption
AES256
etag
"42ac0c7f92c94a27b5bf3f04ae16a051"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1174
x-amz-cf-id
nGs9zcLdcwHOnh501nKfLU_4C9aTuhfby5V2J1jNpyJ2Gw7lLsdSKQ==
EEXzZ6hDsOMDM8VD
imgs.signifyd.com/ Frame E770 		272 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/ozrp9sgnfub4rvy1.js?r4yiapy0g12tqr26=w2txo5aa&16d66s4ndunzc37s=L2VuX0NBLzYzZTY5YTVjNzYzOTFiODAyMTdjYTNhMWU3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
34ce3b8edfedc8ea291e55851d7d17d09aa946cf75c47bac0bf06054c49d7e39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 23:32:24 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
a00efa3b15da992e
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xE4lj0NkTm5xz3Cg
imgs.signifyd.com/ Frame E770 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/xE4lj0NkTm5xz3Cg?af0951329de17b18=hk0GC_F-_ldJCafQP_6M8wXki7YD1mDiDzn3fuOgSxaERF5AQuXnzuooGeCB8_mb2wZX6q78Y4oYCGmcw11V4vX0vbR8hS9UP9zX-bcnnAT50teEBI8wNxXFQdBSczIks2RppesGqluOyGNqSmh6CzGJaeQxONXyx77rUV_8As-HXUyuSw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:24 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
pyccOzpYN3D9Lnq7
imgs.signifyd.com/ Frame E770 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/pyccOzpYN3D9Lnq7?653477b813396e1a=nM7QqW5htdjGwKeiK0Pg8wQWraRwqSvPFJTFtkp7LnCc0d8bXIkzGYmUzChcp6UYExqJDeuYDh8JUVD3ewNoBtMxowlFqPfp51GESgwMmJT2dX5LMcWlFBtWjEhFXYrmpkSl30-4CCbs7e1tMdxkxFgZzo2HU_E9Er7vx0gSupGtwAp3gw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:24 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
jquery-3.5.1.min.js
assets.bounceexchange.com/assets/bounce/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sat, 09 Dec 2023 20:44:52 GMT
content-encoding
br
age
2256452
x-guploader-uploadid
ABPtcPpOUy99OQw2Nl4BQjvcdu8jaxMUvK1ztDsNjNL4gIWuwEuDfv96k1diavl0cXfPYdcZxjegPTymX9PQcWjTEpCFrQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31568
last-modified
Thu, 07 Dec 2023 16:30:11 GMT
server
UploadServer
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary
Accept-Encoding
x-goog-generation
1701966611024070
x-goog-hash
crc32c=W9o9Ng==, md5=3F5/GMjTasHT1HU6h8mNCg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
89476
accept-ranges
none
content-type
text/javascript; charset=UTF-8
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame F9BF 		2 KB
969 B 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
89228
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Wed, 03 Jan 2024 22:45:16 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Wed, 13 Dec 2023 20:28:30 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1702499310379960
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
ABPtcPrt5cb6CU3AjuHXzz9UAMhXU7UzC4EmJClSH3GRrduUH_Tz7bQ6DTILAtMN5i8ixj-IrgryalQu5tQTmMgA9BYn
BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
upload.usehero.com/avatars/ Frame 94C4 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/BUUYQz9sKY-10CD5q-b8ktpSU8JDZYrl-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 16:30:07 GMT
via
1.1 2e60669cf4a63082b5e4935391509354.cloudfront.net (CloudFront)
last-modified
Tue, 22 Feb 2022 11:23:23 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
25338
etag
"3436467bdbf884d229cc844f2d56d81a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1279
x-amz-cf-id
XAxY8FJn2h1ul_PF6RcxTV8hUtXcaxd49dF-Hixk2g4btrdoJ6ezYA==
lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
upload.usehero.com/avatars/ Frame 94C4 		928 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/lqRiQXDD6L-uKFjelXCdNsJJUB86TAX--56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 18:18:39 GMT
via
1.1 2e60669cf4a63082b5e4935391509354.cloudfront.net (CloudFront)
last-modified
Sun, 12 Feb 2023 00:23:18 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
18827
x-amz-server-side-encryption
AES256
etag
"278d510e97539c507718c7343b8f3dc7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
928
x-amz-cf-id
ayMvevCZ3tfkRFzu83-J0NA4kVx6DS7MLvUHSS-8GEqVGsLzQRnPFw==
U5YtXBWRyw-lXZknMeYZw50zvH2qmOtC-56x56.jpg
upload.usehero.com/avatars/ Frame 94C4 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.usehero.com/avatars/U5YtXBWRyw-lXZknMeYZw50zvH2qmOtC-56x56.jpg
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/plugin.5.46.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-105.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6c31aab66c7d12f65fb2d3d9feb66b5eaa697471a6259c19f65d55337eee0d5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 14:17:28 GMT
via
1.1 2e60669cf4a63082b5e4935391509354.cloudfront.net (CloudFront)
last-modified
Thu, 06 Apr 2023 20:17:49 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
age
33297
x-amz-server-side-encryption
AES256
etag
"42ac0c7f92c94a27b5bf3f04ae16a051"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
1174
x-amz-cf-id
XQHhigFMO16mE0liKjPqFYEzSs5_NW_Rq2SMDf5-Xu4gAJft87mTtQ==
clear.png
imgs.signifyd.com/fp/ Frame E770 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*, w2txo5aa/a00efa3b15da992el2vux0nblzyzzty5ytvjnzyzotfiodaymtdjytnhmwu3
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 23:32:25 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Thu, 04 Jan 2024 23:32:25 GMT
Server
Apache
Etag
36de75a3da5747f39d6ad03bdbe7d706
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Tue, 02 Jan 2029 23:32:25 GMT
nWRdbeB55Wd_QSp8
imgs.signifyd.com/ Frame C9BC 		90 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/nWRdbeB55Wd_QSp8?e9da80a06c83ff8c=nKhCcfU2TJwj25cwzvZLTRhHpfbkL6smdrQ04esk9ucLmJB8cugydjBf1EbDxcFuvc7BdJ80T4fBakKkVllmqtekr_n1XEqBKTqmKGiR-fFLRCG_ERegCNcjI1sL770ZcY8Ca90lHYSjafmUDoGyH25E8o67eLFJL9ZjKS51zmt2gIW9I4O_cU7wZ5IfXXZxY1yhfANH-vY8bdnu1fJBSEDR4Tlk3Q
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
8d6627b09191d1f375acecb28b487b1344d9d780efe5e115d536b6705d351d6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Thu, 04 Jan 2024 23:32:25 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
CiS30ERvf9WZR4ad
imgs.signifyd.com/ Frame E770 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/CiS30ERvf9WZR4ad?ffcbef2196bde8d5=S23p7LlIS9e4yXDLNQtvQMlcWUKfk_cNqh3sD02tIPHmxWxXCPDxjUhfuLGIrjfLFkXCik9jovq-x5bxbte9lZQ3g5lzul6OZo3m60jFJYbRBJN2AJf6WZdhy-aDfd_d1YItv_tNimMemitD7y4BZ81QAIuPKJaHKnTvNg&jb=3b34246c7b6137323c3d3f683e383b306d32673e393930683a31616e3866613f3e34363b3c3333
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:24 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
AYLtiFSW06A-77P_
h.online-metrix.net/ Frame 72E9 		103 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/AYLtiFSW06A-77P_?64a16a1b0fd0b37f=VxNAALgkmYNjUrKonViAhxftOVd0uWR4RUUMzD2eWyB-9q4qF1p2CJ2JUSSomQYxG6PEsnjESITLPe4dCD6_oDyswr7DEQhVUZOAM8R83MQhYGBE5ZBpjWytuUEXR_GI7sGbsLXri5y-4d_3f9vD7VYz3k0xZoMf8qGThy87EqmjRElqcXpYTM4JLfzB9xSZXJgIKJXimwMpsGWRI6PTigmvakaajl4
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
a-sac.h.online-metrix.net
Software
Apache /
Resource Hash
db559214a97118b56429033fe7d8298cfb695c7539071e90ea098d9e3e31735a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Thu, 04 Jan 2024 23:32:25 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
jm0Dtiz8HAdOtf2s
imgs.signifyd.com/ Frame F693 		90 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/jm0Dtiz8HAdOtf2s?70147a83ac676d03=2xQ5QlklfzEbv4yrO6H_RI54iqIkkBLGkoR_IQm_dvRLPjAIiTezmUp9sHt4YVvOiR6cTBA1S0DhppqOlPP5EYZHzDg-sbaopkeJEOKn_f8qo-NE-LWnGUQ7dNt259tN5a_2xf4CANH_uin8w_RYGUOApZzObWXI935P_q0hX0pAvIITJTBWPeGVGnzdwXn-G0Ahuop1He29K0vgr8Ds_ZY3S24ArbE
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e9e3601db5c7718202ce72bbce50ea10bbccc9bf4ee53b85589d8029b7033905
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Thu, 04 Jan 2024 23:32:25 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
CiS30ERvf9WZR4ad
imgs.signifyd.com/ Frame E770 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/CiS30ERvf9WZR4ad?ffcbef2196bde8d5=S23p7LlIS9e4yXDLNQtvQMlcWUKfk_cNqh3sD02tIPHmxWxXCPDxjUhfuLGIrjfLFkXCik9jovq-x5bxbte9lZQ3g5lzul6OZo3m60jFJYbRBJN2AJf6WZdhy-aDfd_d1YItv_tNimMemitD7y4BZ81QAIuPKJaHKnTvNg&ja=393a34342e26693f253c383a2c7a35302e663f3b3c3a38723b3232382c6166353936303a703138383824737a713f327838266e727a3739263b3638302431303a3a26393c3a302e39383030243936303a24313838382e313438322e313a303a2e3826382c677435613038306b68696c693d37666c6c6466316d61383e39313e3f3834623b69356326656e37362e796b6e37323c2664683f627e7e78792f33432d3846253a4e77777d2665666e6b6d736f6d766b637b2e696d652f3a4c6f6e57434925304c69657b676f746b6b2763726165696e6b64732c78643f3324786a3f373066383a696b3e6869666a65393131683d39303d6b65326c3962646a3a64342c6068373830353632696033636d323b643c6e693368373f356c64313e69696e3d6932632e60736f355f696e6e6777792d3a3231332e6871623543627067676d2f3830393238266879657f355d636e66677d7326627b6275374b6878676567266c60613f342e6e6e6f35322e646774783d382676706e37586b696964616925324e406f6e656475667d2e6f617660703f343830396639693a686f6338326d3661693f3c383a3232636c3b35353c3831666e3c353230393631663e6763613a346e61313e696c68643f323b31313b333c692c6e723f607e74707b2d33412f3a462f3a4e75777526676e666b6f796f6d7e6169792e6b6f6525304c6f6457494b25304e696f73656d74696925637861656b6e6364712470357066776f6366556c6c69736025374f6c6b64796f2172647f676966577769646c6f7d7b576f656661635d70646173677a2f3d4f6c6164736d2172667f6d61645561666768655f696b726f6869742f3d4d64616e7b67237064756d6b6655797f63636374616d672f3f4f6e6b667367297a6c756f616e5f79606f69637f6376672d374766696c7967297a647f6d69665f7a6563667a6669736f72273d4f6661647b65217a64756d61665d766e6b5d726c69796f702d3f4d6c6b6c7b6529706e7f6d6366556e6574696676722d3d45666b64736f29786e7565616c5d737e675574616f7f6f78253d456e616e796f2b78667f676b66556a617e6925354f6e61667b6d24676e57613f776d626d6e5f6f6a4d46253a30392e322f383a20457a656c4f462532384d532538383224382d30304160706d6d6175672b5f6f6a4d46253a304f4c51462f38384f592530383b2e302d3a3028457865644f442732324d51273238474651442f3a3a4f532d3238312c3a2f38384962726d6563756d215f65624161745d6d6a4969762d3032576d624d4e49444f464f5f616e7b746364696f6c556b7270697373253b4a25323a4d585e576a6e656c6c5d6f69666d6b7a2d394a2f38304d585c5f616566657a556875646e6f725f60696c66556e6c65697c2733402d303245505455646465697e5562646566642739482f3a3a4f5856576c72616f5764657a7c682f3b4a2732324d5a565f7b686b666d78577e6f787c757a655d66656e2d39482530384f5854577c65787e7d726f576b6d6d727a677173616f645d6a7a7c692f334a253a3047525e557c6f7274777a6f5f63676570726f7b736367665d72657c6127334a2538324d525c557e6570747d7267556c63647e6f725d69646973677c726f7a61632f3b4a2732324d5a565f7b524d402d394a2f383047455b5f67666f676d647e5f6b666e6578577d696e7e2d33482d3a324f475b5d6462675f7867666e6d78556d61706561722f39482d383a4f475b55737469666461786c5f6e6d7a6b76637c6b74657b2539402d3838454f5357746d78767f786f576c666f637c2f33422d3a304f4f5b5f7e6d707675706d5d646c67617e5d6463666f6b722d334a25303a454f5b557e657a7c7f72655760616c6c57666667697625314a2730304745595d7c6f707e7f726d5f60616e6c556c64656b745d64636e65697a2533482d323a474d515f746d707665705f6b707a6b7155656262656b742739482f3a3a5d45404f465f6367646f72556a756c6e6d705f64646d63742d3348273a3a5f4f4847445f6b6f6f7a786f7b796f645d7c6f78747d7a655f6b7b74692d3b402530385547424f4c5561676778786f737b656c5f766f727e7d786f5f677c6925334a2d32305d4d424d4457616f6f787067737b656e5d7c6f707e7f726d5f6d74613b2f394a2f3830554d48474c576b6f6d7a7a65797b6d665f766d7a76757a6555713b7e6b2f39422d32385747484d465769656d727a6f73736d6c5f746f70747f7a6d5d73317c615d737a6768273b482d383a574d424f4c5d6e6f687d6d557267666e65726d7a5f69646e6f2f3b4a2732325f474047445f6e67787e60557e6570747d72672f39482d383a57474a4d4c5f6c7a6177556a756c6e6d7073273b40273238574f404f46576665736d5f6b6f6c7e6f727c2f3942273a3a57454a4f4c5f677d6c7e61576672637f3334266f6c556a35396e6c3f646e663c37363a6e6e6b3e3a37673e386265386d37346e3a353f3c3e3330366c36303531267d65647c354364746d6c2d3232436469262c7d676e7a37496e7c6d6c2538384978617b2732324772676e4f4c2f30384f666d636e6d266b63663738&jb=393737266471374f6770616666612d324e352c3a2f3838225d696c6c6577732d3a304e5e2d323a39382c30273b4027323857636c3e3e2d3948253a30703636232f38384b7a706e6d5d656243617425384e35393f263136273a322a4b4054474e2d384b2f38306469636527383a4d6d69616f2b2d383043607a6f6d6f2d324c393a322e3226343239312e3b30312f3a3a59616e617a6927384c3f3b3d243334
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date
Thu, 04 Jan 2024 23:32:25 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
Content-Type
text/javascript;charset=UTF-8
8UjAxXqkXvzqNNl0
w2txo5aax2tfi3ouyrvyd6sfuvuoxns3helzscpka00efa3b15da992esac.d.aa.online-metrix.net/ Frame E770 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aax2tfi3ouyrvyd6sfuvuoxns3helzscpka00efa3b15da992esac.d.aa.online-metrix.net/8UjAxXqkXvzqNNl0?3f3b2c41ef765fda=4w1YSO1cLkAh9sGJ8pU8QIPq2BYZdrueLCPq07fcgG04HV5S8w8J-jyYLm8I_M8KIN6_5jh_zA5O0T-vXq2vtLMlaTci-avPZaaeanF4IV6AS2pW-8NWLDtaRMVXxvaCoIpXvKEl6Do7ZylAA3Fy7O2bWXLKLAvphaETYIc1yiCY8-o
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
d.aa.online-metrix.net
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:25 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
wgFYUhLilHZIQxDu
imgs.signifyd.com/ Frame E770 		0
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/wgFYUhLilHZIQxDu?43fd560a25ddbc98=9KZ16_S0pYMjSfkm-I-lgYKoD02oDUMkBxrc9T_nzhMh_KU9oacDsUcDHs6UjkZgh1Hc_CDBn0u6mjDGok5ImA91g-iqWL8avOA0rszq0-C7kHumceuPBYXwLWxTxYRqBVIYpRow5fHVs5B4JYO8Uox_2IR5ZojRavQ64N3Jph_m6jiVlelZjooaKP--_aQFEIG2YVqLYgpK0XNSZ2E_VHKnoJ7yOw&jf=3c333a267b696e5d7a646c377e647a5f4a5a64463d667c624b76474d6b5547462e73696e57646b7c6d3f31353836363139313e372e79616e557471706d3d756f68306d696e73632e79696457636579373b303f313b323131383432373a6132343c326b6f396438323831323c3a323a6b323636306965336c3833303b38373a3b3c30303238363a3739646b353f326c3f3d3669623f38333e3c6b303f3d63346d6e3533386c3737323e613f3c6b6031346b3732306d6433323d693a6e33643f35693263323c6c6d3f6e6430316965356a3e3466396d65326a393733616d643b376a323c313a323b3c6f306c323f6131323d683c333838303f3361363c3066366f3d3968306e60267161665d7361673731383e3e3a383239303862663c6b69386b383034693330663b696463686d65393c693161606e37366238613e333f3b3d386f353d333f6635323d6c6a6b6c65326a3e62633a3066373b6930383a393230603e3a66633b346b3a3e6c3c3f38623c336a31366b3a3b6d333c37673c3931383f3a36653d6d35396b6d313134313030613d643c34386c396c6c663c613964332c79636e783730
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:25 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=100
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
7Fb64jLE--gRwzpE
imgs.signifyd.com/ Frame C9BC 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/7Fb64jLE--gRwzpE?29ea278dc89868cf=8W8aazuo0WIHJxsdtmHhyhOpV-mYlXEsBsp8_MokD-Ry-xZhtRX3jjIOwr57GgfsgaSBRqKvmEmeMMADgL9mIi18CoDvKl3BJqJcT1qrFNYN6dY0R2icmHlhYSbn_XEULwo42ZqF5VrF7ZCgopZbhmRIZgWoLIpM-CSPiA&jf=3b34246c7b6237333b3b396b3862306330663a3e383c6b326e38366938623130396234683f323c
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/nWRdbeB55Wd_QSp8?e9da80a06c83ff8c=nKhCcfU2TJwj25cwzvZLTRhHpfbkL6smdrQ04esk9ucLmJB8cugydjBf1EbDxcFuvc7BdJ80T4fBakKkVllmqtekr_n1XEqBKTqmKGiR-fFLRCG_ERegCNcjI1sL770ZcY8Ca90lHYSjafmUDoGyH25E8o67eLFJL9ZjKS51zmt2gIW9I4O_cU7wZ5IfXXZxY1yhfANH-vY8bdnu1fJBSEDR4Tlk3Q
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://imgs.signifyd.com/nWRdbeB55Wd_QSp8?e9da80a06c83ff8c=nKhCcfU2TJwj25cwzvZLTRhHpfbkL6smdrQ04esk9ucLmJB8cugydjBf1EbDxcFuvc7BdJ80T4fBakKkVllmqtekr_n1XEqBKTqmKGiR-fFLRCG_ERegCNcjI1sL770ZcY8Ca90lHYSjafmUDoGyH25E8o67eLFJL9ZjKS51zmt2gIW9I4O_cU7wZ5IfXXZxY1yhfANH-vY8bdnu1fJBSEDR4Tlk3Q
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:25 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
nWYD2HPTTlMmL8qk
h.online-metrix.net/ Frame 72E9 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://h.online-metrix.net/nWYD2HPTTlMmL8qk?36673d2e2972bc3a=80F-3U6vzJNNsK6Olzs2G9H2LCtbRyEjm_1Kyo_BBOj1x3hveXbmQvHzK_d3q76LnNQB12GEXAGdmK8SeIIGaPfwFFNQXpOxcbpAclrtVqSOQH-wA3X8HRX944g5TFqDRE-d5BydtbmqxcFB5p_yeSIgdKzOlaqCmFXwr4a9iVv3558QbZi5g5R5TewDcaEdzKn9Wn4AWLCBCZ3dqm1yXzceYIADpA&jf=3c333a267b696e5d7a646c377e647a5f507160697a6e417a7e7674793933747b2e73696e57646b7c6d3f31353836363139313e372e79616e557471706d3d756f68306d696e73632e79696457636579373b303f313b323131383432373a6132343c326b6f396438323831323c3a323a6b323636306965336c3833303b38373a3b3c3030323836663930346f313038396c6f626b626e36643a6f3b38323e6535693a34643f6c63323c3b383c6d3e6038363b3b3b3938333b643e6f303e3a396c373162673b393339686933633e6c6231393f63636f39303269316730326b3a35646b3968636d3c3f3938383f313a39676b68333c3e6e61316d6961383e3a3966386a393f383067267161665d7361673731383e3e3a383239303861606f323a6c6c3e3730693266376c6d32393c38613a6b3e6664336b363a3269323c356b3c6b3269363a30693730396e383f323937616a3b34366c3e33396c3f30383a393230613c3533613f643d356d3e6b6e69373d376933633e3b6f3c383264613c3c3563303f3039383133323c316432666b36613430373230393a3f6e32313c656c34312c79636e783731
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
a-sac.h.online-metrix.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://h.online-metrix.net/AYLtiFSW06A-77P_?64a16a1b0fd0b37f=VxNAALgkmYNjUrKonViAhxftOVd0uWR4RUUMzD2eWyB-9q4qF1p2CJ2JUSSomQYxG6PEsnjESITLPe4dCD6_oDyswr7DEQhVUZOAM8R83MQhYGBE5ZBpjWytuUEXR_GI7sGbsLXri5y-4d_3f9vD7VYz3k0xZoMf8qGThy87EqmjRElqcXpYTM4JLfzB9xSZXJgIKJXimwMpsGWRI6PTigmvakaajl4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:25 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
c
ids.cdnwidget.com/ 		448 B
786 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=006036023&GCS2=ODA5ZjdkMjktYjQyYi00NDZiLTk1MGItYTEwNzg1YzA4OWQ3LmxvY2Fs&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22hBwKj5hP5ovIJrp%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A61%2C%22IDStageStart%22%3A61%2C%22obsReqpage%22%3A250%2C%22obsReqview%22%3A253%2C%22obsReqdata%22%3A254%2C%22netComplete%22%3A254%2C%22IDStagePrefire%22%3A254%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-10%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%226361988846489152407%22%2C%22visitid%22%3A%221704411144814466%22%7D
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_1e55b565811f11b08485230cf1d150d6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ea9e1d390c9942d0b5b739148064cdc25c1b5e74ed9f2d30535c516dfc52fe51

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 23:32:25 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
448
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=f194f6a8-5669-44b1-9e11-faf050eba203
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJGYxOTRmNmE4LTU2NjktNDRiMS05ZTExLWZhZjA1MGViYTIwMxAAGg0IiYDdrAYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=31bca0a1fde178be3301f572b955e0b6cf02236b05e01449a3bf3b3e2ed214316ac34734d8e453ee
37 B
292 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=31bca0a1fde178be3301f572b955e0b6cf02236b05e01449a3bf3b3e2ed214316ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type
image/gif
date
Thu, 04 Jan 2024 23:32:25 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
x-samesite
secure

Redirect headers

date
Thu, 04 Jan 2024 23:32:25 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=31bca0a1fde178be3301f572b955e0b6cf02236b05e01449a3bf3b3e2ed214316ac34734d8e453ee
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
CiS30ERvf9WZR4ad
imgs.signifyd.com/ Frame E770 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/CiS30ERvf9WZR4ad?ffcbef2196bde8d5=S23p7LlIS9e4yXDLNQtvQMlcWUKfk_cNqh3sD02tIPHmxWxXCPDxjUhfuLGIrjfLFkXCik9jovq-x5bxbte9lZQ3g5lzul6OZo3m60jFJYbRBJN2AJf6WZdhy-aDfd_d1YItv_tNimMemitD7y4BZ81QAIuPKJaHKnTvNg&jac=1&je=3d303a262e776f6b35333e24332e3a34312e36382c7a6537646f246a6b74737c352537482d3238646d74656e2d3030253b413b2c383a2d3849253a327b74637e7f792d38382531492f32326b6061726d616e6d2d3a3025354c2463756c683761693d6a336f366d36303161696b693e6c3861356b3b3932313b36333e3e623f6b3b33373b3e60366430646e36303c383a39386e653c6632396c696c323e353b2e6f7833356b3133693c653a3d316738336c3235376e336c666a3a6c32323769393034366b32686d693963316a2c756160352537482d3238697a61686b7c6761747d726f273a382d394b253a322d32302f38492d3838626b7c6465737b2d32322f3b412f3a3a2732302d3041253a32687069646c792f323a253b41273f482f3d4e2f32412d3832667d646c566f7a736367664e69717c2730322d334b273d482d3f4e253a432d323067656861666f25303a2f33416e696c736f2d32492d3a306d6d6c676e253a322f31492f3a382f323a253a432738387a646b7e666d7a6725323a2d33412f3a322f3a3a2732412d30307064617e646778655c6f727b69676e2738382f3b4b2f32302d3832253a4b2532387f6f7d3e3c2732302d314366696c79672d3d4c2c7f61643d2d37402f38386a786b6e667b2f32322d3b41253f4a253f4c2d3043273a306f6f6a6966672d383a2f39416e616473672f38492d3838706e697e666f7a652532382d334b2d3a3025303a273544
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/EEXzZ6hDsOMDM8VD?7180971979ea9cf1=zVUSshbGl1LklzSs43p1nKgwGef6QIoQMfTEHmu20sBTpRQ4opAZn3zZRCmYPbdyI1vzMKbDwXy6qYqpO2fBtsRjTWFwi-4PZgNNXC4Ea4f6Lg87GXoq81VAbKt69iNfa1LREoe8ACNp3-7utY65c7XDkKmF8eCqax4q52PkOakEGYKhuSUYDBLMxGCvgj3B19EMDpPVmzVGXBhor5MKh3Crj04&jb=3d3b242662736577355d61646e6f7f732e6a7165375d61646e6f757b2f32303939266a796a75374b60706f6f6d2468736a3d496a7a65656f2f3238313a30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jan 2024 23:32:25 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
lookup
pd.cdnwidget.com/ 		49 B
169 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=2aVkU1kI9pYaMtdbCYzzWoG7vrz&bxwid=6664&bxdid=6361988846489152407&visitID=1704411144814466&enableUID2=false
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_0c6b3370702e8a8cf028bd1c21cbeca6.br.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
/
Resource Hash
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 04 Jan 2024 23:32:25 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
content-type
application/json
init1.js
api.bounceexchange.com/bounce/ 		52 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=1074&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAGAFlP0tIFYA2UgTk2AC8QpbjjMB3AUwBGOVMD4B9VABMOtepgBOfHCAA2cNBgKdiAD3wAmLgr4w+8xfKjYAhipWoEAczFx5KqAAtgwAA44ApADMAIL++gBiYeE8MQB0fCowSCA4ALZ8aEg4scmpUXwIYgDCoRHJaRmoSAC0SPKoqQ62OJgAbqjCwGLJIADWqHxQ-oQAQmH6Kj7jQaX6Xr4B+tQhYdQRqxExPPGJ5emZ2bkb4QXFpWvhe5U1dQ1NKov6YUXj8tMr+k+fwwAi2CB9AZDUbjSRSd6zWiBWj4BgADgRpHocIY+DWpGIhGm+hen3akghRDIFCopDh+HIsme41aEOGY0+KhAjkcfEkEgQEJgzT41M+fFaZjETJZbI5XJ5fP0SGs8i6AEdgABPCHEKU4OACRreMUYTq874hbkPA24ibM1nshwSSQFNAwAYEw3BY04U3jGVyiUmqWerqtWxwA1PI2Swg-KWSRzhVDyHDAAAyIGsTpDwWA8iDUo8sskAEkI87xvprAA1XoAVWISskEAAWgA5PhFADqddoAHk4NZgkHSAIEwJad8ceNlDBgAW6Z8S+WK-henmGD4AJrWACywEkAiKK5YLBbIAA4oRWvIWNizVG6SDPh0AAqKdogOA4Iqv0DpN7O13uu84ABlTUcFuAQzG9N1fWsJAPHEYBHhmIlyEoCk6DJX5fjaWUcAAbRFS0OQAXVgHksLjHCBSFfCxQcYjfzI3C-TERUlWI7gA3IjUtREUR2T1EQ+Do0iONw6irUKKQ7VQB02SEk0GJwv05LdBSmIDNRBJI+SRJwnxrFZMRlR8TT6NaW0YDwi0aIk20EHtR1lL4NpzMU2V-UDEzSJ6fo4IBYVZVZLSVIEHwoG4DJQpwgAiP0ooAGhi6xREcEB5CVeKYtgpBehfYAMo8EB0gynx5BASQ4BQDK3VlGCosIzAfHgqxch8exrGQcQYBUfSrFaHMrBzeQrWkWdK2rWtG2bNtO27Xs+H7QdWkwccuikKBRvnRdlzXTdt13fdDxPM8WCAA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
8c8dd86b3e886997c85602232db0d01f6fc29e6e903bfd3a6fce4e5e57f022be

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:25 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 04 Jan 2024 23:32:25 GMT
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
13
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 21:58:20 GMT
content-encoding
gzip
age
92045
x-guploader-uploadid
ABPtcPpIaiB6pTuZL4QvuIE6FDJuD02H1putwSfK5ME3_GuLjM_mieW_JF45FudssJhx53GUE0PeIEu6DmidbsG16H2_Ug
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6053
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
server
UploadServer
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
vary
Accept-Encoding
x-goog-generation
1670951542233151
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
6053
accept-ranges
bytes
content-type
text/css
visit
events.bouncex.net/track.gif/ 		42 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJHRZGVWYAThLGfJK2AGUUADMUJBAneld3VQAyUAgYJAQ65D6kHC7wKGgKPh40U3QEWCRSHDTISFNhalbjGno6HboBQ8YEUjr4gjAcyBB4sEZzrP3aLAB9YO3NunPLhGv4gFp4k0sjwUKQwKMetA+mACKRYNcCJhdDhJMVmJDxjC4QiQEiAJ6onQY7rjeLwSDZYCNEAoGyWMA4SgubTUUgENAYXgvHg0ajyD7UBrg3L86ihajUBDAZAvdmchDc3mSgV84WIPkhPnxRqQF4AR0g+M1ckFrBV4r5YFgNhBq0VLyRPVFqsl6pdlsl8q5PMwPN4WGudRAipNgvdms91B1SEgYbVYI1Fol0d1L2p8JdpoTIsjKdmGBeRtMWfDiZdLgAIpiYOcCBEQ0yWXzeCBePHJaoPJISgAOfvqDS9kqSXbqZguPN80DtlWmyQuZjqdSSVfqei9+guFzqKpR4Dx5tVrWS3hoWggJBgSABAgoWf802QJCwXIptKNXgASUrHclKAANQiABVZh8V4ABFAAtEQEGCTgoNUAB5WAUGMV91BsAIbAPZMrQIOpIB-P9qEAkDJAiL8SlMABNFA8EgXgbGCGiiCITgCBiFxgCQIgp1PNBD1ZcAAAU+lAAh4GCClsmQMMIyjcBqhtMAgRAGw5LnYwFJTHV4jSBAiw2R9jAXJcVzXegh2ZX8ozqYA4y0szl1XSR1xPUiCDDc0U1IUw-xWNYNi2J4nkOARjlOb4rhuO4HieV53ieaLfhuQFgVBcF+NI4yBR86dTFwkzJA8h9XWoMqoyQP9sviByw2ciy3PoDyIDK01-hKqM0CBMNig8x4tPyr16qcxcXMsjydSyWYQDQTBcuzZtJWoVxewnXshOnIq8o80hRuK8amvc49TureBkDmbBoBsTIhGQHB0kyHIOgu1AMGumUrzxTAiRkGRijKCpqBKV7EHewNoAsFBIDqAgkCyHAVH4IQpAxN6rpgANQHiX58RLHAAzACJKVMDpyWvWSkGgD9VKRL7IEVHAMQwAhoHOWBsCQfFzgDHBgOqDpWfZySuZ5ggAzkfnqmMIWEDZjmxcwFAcn5zAoFDHRqkgGGEAhYW+jQH6cBEGi5bZw2fuV1XYIENgaPhiJzfZqBCQUWA6mFAhndMC4ddIXmEFRdQdGoZ3zmwHhA0Dk3ZayCWg4xARbGdNscFUDP1BrNPGtc9dN23XcOmxm4EDTrtVB7fte0HdRh1HahxxcDoC2lEMBBzjpEH1V9MFxtOMXicJA2uHJrxV0xUSOvON17Zuh5DbAUFMEAvogJEcB1tA5GLtvccJrvJKQffk5sDpMZwN7D8I-0cFIoDgIoqjaPoxjmNY9jOO43iOg-JAlV4HfMioFwLQVgvBRCKE0IYSwjhIAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:25 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
7
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/ 		42 B
165 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVa3PgKEBaDqhi8YkkOkIAyUJFgJEHZIVxdeUEJpAAjdBEKZiAdgBC1Kui5gkAAm0jq+ZApUbHqEEOFUsr7QEKjS-oEQIWFUVBG+0fpxOdSJORz2uNIAjrgAnuEUvgAM8aVUhMiO2viZ0lyShDC4RbmNOQWxrb7pwaEyMEFSgmxwQQ2REyMlvuWouOv5MVsJOxXSdujIW2NRR1M5xhDSdcDXG3fFHgAiRuDQcEhuFwANZwQYALwgmAAbABGWG-EwA8wgST9IR6HD4Ih5Wj0RjwFjsJT8QTCUQ2CQyeT0EkqDjqTTaXT6RH-MxA0FPaxcNL2SCYTZs0yArgguDPWqvTCkYCsx4i8xirnSCFQgCssKoHgMYmA5l4wEwTV1Nn1uA4bGNpsNKEIRpNesQYGADoMvC4i2t8AgjkGwwWMOh0IALAZYP7A7CPE0QyH4bCQ+qABzqjweEMATgMi1gHAggehpDhmeTZZDoeTmdh6qoIaaOoVAKjBliVSuknzLY46DgknwWlcuBAhsw0dj8fhSarjt7SxAwBgUBSg36mGHYFIOf++cwQVbXDQu59jgMf37mEsKQPbEqgaoIAAasCAKqw4EASUzwAAmiAALK4EEjiyD+4LggA6lwADiHhQKg4IGNg9hZEEmAPs+L5NLUQQAIoAFoAHIQLIEH4dCADyyAgOQVwho4AAyjhQEAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:25 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Sun, 17 Dec 2023 20:51:17 GMT
age
1564868
x-guploader-uploadid
ABPtcPoPTlOYIoDMxakqREjZ-Hf5x2-2tTrnIsOjgPAN8rZy1hsHuPpIzwFrcLjq_kXpsbYd9Q4f0smY8m5ORAb8NcUU3g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
7f814412be0f9390e2dbc6f041aa18df.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		97 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/7f814412be0f9390e2dbc6f041aa18df.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
24cdc4718a83fc82b6e422e3b1d638af85960adbcc77dc31fa617a692b306b3c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 23:45:44 GMT
age
258401
x-guploader-uploadid
ABPtcPri7qFabyVodV-aRQp4Ce7rMBe9xhVB6Tv377n3pXh4tw3fxkekLsAuREsKP9TgYmgnuvDJKoeTW0vmoWKUvjA7WYdLru3k
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
99159
last-modified
Thu, 09 Feb 2023 22:11:32 GMT
server
UploadServer
etag
"7f814412be0f9390e2dbc6f041aa18df"
x-goog-generation
1675980692900499
x-goog-hash
crc32c=ijkAKA==, md5=f4FEEr4Pk5Di28bwQaoY3w==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
99159
accept-ranges
bytes
content-type
image/jpeg
graph
idr.cdnwidget.com/ 		0
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2aVkU0ydQZNeCWZ6OuaAue4bLbv&deviceID=2aVkU1kI9pYaMtdbCYzzWoG7vrz&bxdid=6361988846489152407&bxvid=1704411145857749&bxwid=6664&gm=true&apikey=2^HIykD&loadID=hBwKj5hP5ovIJrp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 04 Jan 2024 23:32:26 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
eligible
events.bouncex.net/track.gif/ 		42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7AAYALCrkaVAVgBsKgBxk4AR3llSIPgDtOAfQjAoOMqJ4AHAhBBWHOAEwAzAr6SsHmLKjImDgILFZRAB5kBCCYNjgAVlBkPEzA0UpkAO6YSBCcmL461SpkjFDlvoqq6ppa+loKCioAnBQMEFFVATpyPfoTKnr6PXJafiqhZB6pjJhFTeaYxnBpQ8D+LkQQaZycEHxQnATu8spqGnJTSnJ+Ryc2BG4Q9NgNTFYcNcQAF+owojhgOE8HZfH4CAA1ADWAFU5EiAJI9NwATQIAFlOMAEGwcQAvMkAdSYAHEFPRUGSyOICKhgPYDvDkSilABPYAARQAWgA5TBsSlCnQAeTgBAAgrsVAgADIIehAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:26 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pop
events.bouncex.net/track.gif/ 		42 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBVAZRLPH12PjoMAOQCa3cpVrw0uWs1bCAgoSoBHDAEZC0SNmCR4xNPCYYATAGYA7AA4ADHcIBnavmisARtTQeAHoSQpLQYAFbOhNggLBj2hADuuJ7O8LC4phgAbNkALISI8CkIZprW9jk5mlU5AKy2NdbWOQCchCwFHhmZlpmazbYDOZk5ts2aNeY5joQGpAW48RnazrhqVHKdZpY6ADbwcrA4uM6wesBaZRVVmkP2mra7+7SQwEgEKUKnxNvt8B4YTBcIAAZrAAPoZcyQABqAGs2JpYQBJZrAUSQACysCYngAwqIAF4EgDqIAA4tZEPgCYQABaQfBMCFmKFwtj2ehMACKAC1hLhccSeZkAPJUSBKdY5TwAGU8iCAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:26 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		32 B
49 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/XT4Gy2ig/init.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4

Request headers

Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jan 2024 23:32:25 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
id_sync
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2aVkU1kI9pYaMtdbCYzzWoG7vrz&source=web&agent=cjs&deviceid=6361988846489152407&visitid=1704411145857749&websiteid=6664&pageviewid=1&sequenceid=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 23:32:26 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
12
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
metrics
api.usehero.com/ Frame E71F 		0
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Requested by
Host: cdn.usehero.com
URL: https://cdn.usehero.com/chunk.716.df63d46a2a86670d4b68.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.elfcosmetics.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Thu, 04 Jan 2024 23:32:31 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
surrogate-control
no-store
x-dns-prefetch-control
off
x-time-zone
America/New_York
klarna-correlation-id
ccf45d7d-b6da-402a-bf9f-e9efcb279ca5
x-envoy-upstream-service-time
6
cross-origin-resource-policy
same-origin
x-geo-longitude
-78.89270
x-xss-protection
0
x-request-id
ccf45d7d-b6da-402a-bf9f-e9efcb279ca5
pragma
no-cache
referrer-policy
same-origin
cross-origin-opener-policy
same-origin
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-geo-zip
14202
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-country
US
x-accuracy
20
expires
0
metrics
api.usehero.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usehero.com/metrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.245.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-245-192.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 04 Jan 2024 23:32:30 GMT
expires
0
klarna-correlation-id
655770c6-032f-49e2-a46a-9fc612d36e2e
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains max-age=31536000; includeSubdomains; preload
surrogate-control
no-store
vary
Access-Control-Request-Headers
x-accuracy
20
x-content-type-options
nosniff
x-country
US
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
262
x-frame-options
SAMEORIGIN
x-geo-city
Buffalo
x-geo-latitude
42.88670
x-geo-longitude
-78.89270
x-geo-zip
14202
x-permitted-cross-domain-policies
none
x-request-id
655770c6-032f-49e2-a46a-9fc612d36e2e
x-time-zone
America/New_York
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/en_CA/
Domain
9231397.fls.doubleclick.net
URL
https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8519832651384;auiddc=370987754.1704411140;u6=%2Fen_CA%2Fcosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
Domain
10742279.fls.doubleclick.net
URL
https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2210748364664;auiddc=370987754.1704411140;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals;gtm=45He4130v896608294;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals?
Domain
www.paypal.com
URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Verdicts & Comments Add Verdict or Comment

221 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| documentPictureInPicture object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host string| _pxAppId object| PXXT4Gy2ig object| PX undefined| _XT4Gy2ighandler function| $ function| jQuery object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive boolean| __HYDRATING__ object| dataLayer boolean| rakutenDataLayer object| DataLayer object| gaViewedIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otSPAPathChange boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom string| AppsFlyerSdkObject function| AF object| OneTrustStub object| DYExps object| DYO object| contextManager object| DYJSON object| DYCS object| _uxa object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| onetrustActiveGroups function| create_UUID function| createCookie string| GoogleAnalyticsObject function| ga object| HeroWebPluginSettings string| HeroObject function| hero object| GooglebQhCsO function| snaptr function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| DYWork function| $dy object| gaplugins object| gaGlobal object| gaData object| Optanon object| OneTrust boolean| otLastAcceptAllValue object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ function| ___rmuid object| ___RMCMPW object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| ogJsonpFunction object| OG object| AF_cleanupMethods object| AF_SDK object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels function| DataLayerHelper object| _scPxHelper object| paypalDDL string| PaypalOffersObject function| ppq object| bouncex function| UET function| UET_init function| UET_push object| CS_CONF object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| UXAnalytics object| ueto_fbf925a7b9 object| uetq object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks function| a0_0x450e function| a0_0xdcad object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| __post_robot_10_0_44__ object| PAYPAL object| webpackChunksmart_tag object| threatmetrix object| Hero object| bxgraph function| tmx_post_session_params_fixed boolean| tmx_profiling_started function| tmx_run_page_fingerprinting function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie object| cti110221 function| close_bouncex_ad

93 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: dc4e3509882e40c68a170453af779220
.youtube.com/ Name: YSC
Value: Cd7UZZ-M578
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: WA9pbi62Uy4
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%222c241957-fffa-a021-7992-b95479497bfe%22%2C%22e%22%3A1704412938597%2C%22c%22%3A1704411138597%2C%22l%22%3A1704411138597%7D
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: %7B%22g%22%3A%22d77093af-419c-83df-024c-e329652ade4d%22%2C%22c%22%3A1704411138599%2C%22l%22%3A1704411138599%7D
.elfcosmetics.com/ Name: _pxvid
Value: 7fa2357f-ab59-11ee-8a7a-a1f9d1b2d88a
.elfcosmetics.com/ Name: pxcts
Value: 7fa24815-ab59-11ee-8a7a-425f6afe0c45
.elfcosmetics.com/ Name: _dyjsession
Value: p5j9afhcel4pqx98zw8ez7qogdrnw90b
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fen_ca%2Fcosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: p5j9afhcel4pqx98zw8ez7qogdrnw90b
.elfcosmetics.com/ Name: _dy_c_exps
Value:
.dynamicyield.com/ Name: DYID
Value: -3877599028353482749
.elfcosmetics.com/ Name: _dy_soct
Value: 647796.1248068.1704411139.p5j9afhcel4pqx98zw8ez7qogdrnw90b*836603.1652212.1704411139*837245.1654610.1704411140*861617.1750272.1704411139
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.370987754.1704411140
www.elfcosmetics.com/ Name: FPC
Value: df8b83d9-19af-4d15-b303-584507f81b0a
.adsrvr.org/ Name: TDID
Value: bc7bde60-d87c-42d1-a928-3cf9c87e7e81
.adnxs.com/ Name: uuid2
Value: 7127193156451201099
.elfcosmetics.com/ Name: _px3
Value: 8545a6dec5992fae866334643fd3a5293ffa38516871bb48b15041627776ef06:eKwgTgGOFkUURZHolnXMCd/SeqKxDFZO5gbdUuUcHy+owLTJpBHaF6D6cAaTrZCegPTyazEZl1BhpwvBJ/VuhQ==:1000:7no14tMqtnEUF4183D9oykmHRc2pM8+WdjqY6+k4Y57aPcNfHoFjd9hpqbMsxh1SsQzMsMYC7jmpLOFDckYbO9jp1yqcFvBzaoA+7Ej8Sb0ahMnZsSKdfReOqTMW/4N7G1ZkqKioUdZA4AjEYd3sP3YKJc7zzHPMNkDhkJ8L1hCxPjPWXPWT5TQyyNqGm78w2frJO7WgEUQ4hQZo+DHU3iimcCrz3VIkYdc7bkkf/H0=
.pointmediatracker.com/ Name: c
Value: 0677feb3-0500-4a01-97ff-ff502b254234
.elfcosmetics.com/ Name: _dycnst
Value: dg
www.elfcosmetics.com/ Name: scapi
Value: prd:67ebbc74-692b-4e3e-8ee5-a14d83b9cad5:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjY3ZWJiYzc0LTY5MmItNGUzZS04ZWU1LWExNGQ4M2I5Y2FkNSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxMTExMCwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YWJsSEJKd0toSGxYb1JsSElXd0dZWXhybEo6OmNoaWQ6ICIsImV4cCI6MTcwNDQxMjk0MCwiaWF0IjoxNzA0NDExMTQwLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDc2MDU2MjUxNjc3MjU2In0.9n-1VoPWvwpILGkIyzMXSz4zYAseLMznFWfE1T38QmmMZRCbGEQ01NuM1TDbwrx6zBnvNSl6QRfXFAbnGjbV4A
www.elfcosmetics.com/ Name: dwsid
Value: -2epG9pXJpfsHkDWmP4jQFJiWE3Zcombt4qZ5irRsMBYavdipLJqh6Is66VPv4J6a08P7er3xUYfYACmN_UYSA==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: ablHBJwKhHlXoRlHIWwGYYxrlJ
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.elfcosmetics.com/ Name: _gid
Value: GA1.2.971881214.1704411141
.elfcosmetics.com/ Name: _gat_UA-432816-1
Value: 1
.rubiconproject.com/ Name: khaos
Value: LQZUDX8O-H-1I3F
.rubiconproject.com/ Name: audit
Value: 1|uxhQB7kqUIJOYA5rvNu073feMV23uNrqoVUkUKSf4Id+xL8LlrcUaFWzBQyWQ3XMbIqpvPXxIKeM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLvCDl+ljUJeBgUWJMRbPpYRyDIfhGvuBwz1PKlfSQ/+gshc+8Sw4dByOpWvBGztqNVbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIYXBwbmV4dXMSCwjA5vvd7eHGPBAFEhYKB3J1Ymljb24SCwjgiPzd7eHGPBAFEhkKCnJpZ2h0bWVkaWESCwjun9Xi7eHGPBAFGAUgAigBMgsIhqeqh4TixjwQBUIPIg0IARIJCgV0aWVyMhABWgczZnRmbmgzYAFyCnJpZ2h0bWVkaWE.
.bidr.io/ Name: bito
Value: AAIMmk7LLoAAABIoK608rQ
.bidr.io/ Name: bitoIsSecure
Value: ok
.elfcosmetics.com/ Name: _dyid
Value: -3877599028353482749
.elfcosmetics.com/ Name: _dyfs
Value: 1704411141156
.elfcosmetics.com/ Name: _dycst
Value: dk.w.c.ws.
.elfcosmetics.com/ Name: _dy_geo
Value: US.NA.US_NY.US_NY_Buffalo
.elfcosmetics.com/ Name: _dy_df_geo
Value: United%20States.New%20York.Buffalo
.elfcosmetics.com/ Name: _dy_toffset
Value: -2
.yahoo.com/ Name: A3
Value: d=AQABBAVAl2UCECWkfLjONWoZoG8WCak-pqwFEgEBAQGRmGWhZdxH0iMA_eMAAA&S=AQAAAgKmxPsHvWBdOLsGAG9aCnI
.analytics.yahoo.com/ Name: IDSYNC
Value: "1769~2fzz:19e0~2fzz"
.hb.yahoo.net/ Name: visitor-id
Value: 3474127416634683000V10
.hb.yahoo.net/ Name: data-ttd
Value: bc7bde60-d87c-42d1-a928-3cf9c87e7e81~~63
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Jan+04+2024+13%3A32%3A22+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=30c98345-2a71-4575-82a8-023b8448eb63&interactionCount=0&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Fcosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2COSSTA_BG%3A1%2C4%3A1%2C5%3A1
.adnxs.com/ Name: XANDR_PANID
Value: 3Hg9YcStcvsyc4tMlXm4ghZAcTl63ix-HCOy0cIq2K4u1W7snRQpw8w38XDMdFUiRRngEzyRE2t2mhkcceANfsZWqYxrXtEtCkeHKhWowgc.
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2HbZ^o6[x!1yIE'Yg-$0y=/d!!'.m$V4<2
.undertone.com/ Name: UTID
Value: 4318e247946e4d2a94a9863ed71d219a
.undertone.com/ Name: UTID_ENC
Value: 3z04euclmtee5dg7ibf9v8om2
www.elfcosmetics.com/ Name: esw.currency
Value: CAD
www.elfcosmetics.com/ Name: sid
Value: GVTHCTqRgoyt7u5Lgc78FLBRNl85tC2A9no
www.elfcosmetics.com/ Name: _dyid_server
Value: -3877599028353482749
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: true
www.elfcosmetics.com/ Name: esw.location
Value: CA
www.elfcosmetics.com/ Name: currentLocale
Value: en_CA
www.elfcosmetics.com/ Name: esw.sessionid
Value: ablHBJwKhHlXoRlHIWwGYYxrlJ
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_CA
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.doubleclick.net/ Name: IDE
Value: AHWqTUkZG1tbPq06nTu2AasBEQ5gfZYnSZSfx19vS5QTQPxG067Ln7wnHUDMZgFT
.elfcosmetics.com/ Name: og_session_id
Value: 1e72a9589c4f11e9a62ebc764e10b970.535893.1704411143
.tiktok.com/ Name: _ttp
Value: 2aVkTajmsYDpo8dd4cySFT9CEWB
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1704411143172.b799319a-da72-4efc-a595-25cf5a5b6334
.elfcosmetics.com/ Name: _scid
Value: a4d083ed-8442-433f-a4f6-fcb9df3ba189
.elfcosmetics.com/ Name: _scid_r
Value: a4d083ed-8442-433f-a4f6-fcb9df3ba189
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1704411143.1.0.1704411143.60.0.0
.elfcosmetics.com/ Name: _ga
Value: GA1.1.1154552486.1704411141
.linksynergy.com/ Name: rmuid
Value: f194f6a8-5669-44b1-9e11-faf050eba203
.elfcosmetics.com/ Name: _uetsid
Value: 83142b70ab5911ee9f7567b959f12ff6
.elfcosmetics.com/ Name: _uetvid
Value: 83147680ab5911ee8cf973baacef3033
.elfcosmetics.com/ Name: hero-session-efcf9631-4c6b-4874-9f76-51f71464249a
Value: author=client&expires=1735947143478&visitor=bc2ddaf4-c308-455f-b63e-4512111e87f9
.elfcosmetics.com/ Name: _cs_c
Value: 0
.elfcosmetics.com/ Name: _cs_id
Value: 968d62b4-0b47-a4e5-f266-319e48330c34.1704411143.1.1704411143.1704411143.1558384338.1738575143511
.bing.com/ Name: MUID
Value: 1BC27C8F904E6B2D3B726F7391496A6B
.bat.bing.com/ Name: MR
Value: 0
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1704411143607.440130904
.pinterest.com/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: dK2NWvPvQCIz9-v-7NE8SX-c3tk
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPU1EQTBOV1ZpWVRZdE56ZzVPUzAwTkdKakxUZ3haakl0WW1ZNU16UmxOR1JqTkdWaA
.snapchat.com/ Name: sc_at
Value: v2|H4sIAAAAAAAAAE3GwQ3AIAwDwIkixdSqSbcJEKZgeL6910VprmphI+HGHc3yVbcZQ7k21Z86oH+QkwDI86tfZxBWQUAAAAA=
imgs.signifyd.com/ Name: thx_guid
Value: 46aee4c3754ecc95d0f15de4b14d4afe
.tapad.com/ Name: TapAd_TS
Value: 1704411144519
.tapad.com/ Name: TapAd_DID
Value: 1bf33bc0-5ab8-429d-b81d-8f8e0bbc75d9
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.1704412944610
www.elfcosmetics.com/ Name: hero-user-id
Value: null
.elfcosmetics.com/ Name: _sctr
Value: 1%7C1704362400000
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2aVkU0ydQZNeCWZ6OuaAue4bLbv","deviceID":"2aVkU1kI9pYaMtdbCYzzWoG7vrz","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJhVmtVMHlkUVpOZUNXWjZPdWFBdWU0YkxidiIsImRldmljZUlEIjoiMmFWa1Uxa0k5cFlhTXRkYkNZenpXb0c3dnJ6IiwiaXYiOiIiLCJ2IjoiIn0%3D
.rlcdn.com/ Name: rlas3
Value: cfctfUEw/vfyKbHuDP5wMOmglQFhkLeNXBHXR+WR0BM=
.rlcdn.com/ Name: pxrc
Value: CImA3awGEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-01-04T23:32:25Z
.bounceexchange.com/ Name: bounceClientVisit6664c
Value: %7B%22vid%22%3A1704411145857749%2C%22did%22%3A%226361988846489152407%22%7D
www.elfcosmetics.com/ Name: bounceClientVisit6664v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgINmrDgFpaAJzZM2-AIZgUIADQg5MEFpBsUggOb1BKCihRt6-GNTWXtR0xAtWbdh04oBfIA

4 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/en_CA/cosmetic-criminals
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a3/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://connect.facebook.net/signals/config/1638306756445368?v=2.9.139&r=stable&domain=www.elfcosmetics.com(Line 141)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.usehero.com/plugin.5.46.0.js
Message:
<link rel=preload> has an invalid `href` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ads.undertone.com
adservice.google.com
alb.reddit.com
analytics.google.com
analytics.pangle-ads.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
api.usehero.com
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.usehero.com
cnv.event.prod.bidr.io
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
connect.facebook.net
ct.pinterest.com
data.cdnbasket.net
elfcosmetics.a.bigcontent.io
events.bouncex.net
evt.undertone.com
external-api.jebbit.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
hb.yahoo.net
i.ytimg.com
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
jnn-pa.googleapis.com
js.cnnx.link
js.jebbit.com
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
pixel.tapad.com
px.dynamicyield.com
qoe-1.yottaa.net
s.pinimg.com
sc-static.net
sdk.iad-05.braze.com
secure.adnxs.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.doubleclick.net
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
tr.snapchat.com
tr6.snapchat.com
upload.usehero.com
ups.analytics.yahoo.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aax2tfi3ouyrvyd6sfuvuoxns3helzscpka00efa3b15da992esac.d.aa.online-metrix.net
websdk.appsflyer.com
www.cosmeticcriminal.ca
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
cdn-fsly.yottaa.net
www.paypal.com
104.102.136.211
104.117.182.179
108.138.106.22
142.251.174.148
142.251.174.149
142.251.174.156
151.101.129.21
151.101.194.133
151.101.65.140
151.101.66.133
173.231.16.77
18.164.116.94
18.173.132.20
18.238.49.105
18.238.55.47
18.238.74.246
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:32::181
2001:4860:4802:36::178
204.141.89.195
204.2.133.82
204.2.49.171
23.44.201.169
23.48.224.103
23.56.163.9
2600:1400:9000::687e:775a
2600:141b:1c00:23::1730:e04d
2600:141b:1c00:d85::1931
2600:141b:1c00:d::172c:6f08
2600:141b:1c00:d::172c:6f1f
2600:1901:0:56e0::
2600:9000:210b:8a00:11:85b0:d600:93a1
2600:9000:21dd:b800:a:b89d:a6c0:93a1
2600:9000:23cb:e800:13:d6f4:3240:93a1
2600:9000:24f1:3400:a:7914:b00:93a1
2600:9000:24f1:aa00:15:ad21:c740:93a1
2606:4700:4400::ac40:9b77
2606:4700::6812:83ec
2607:f8b0:4004:c09::9b
2607:f8b0:4006:80e::2016
2607:f8b0:4006:81f::2008
2607:f8b0:400d:c03::93
2607:f8b0:400d:c03::9a
2607:f8b0:400d:c07::5b
2607:f8b0:400d:c09::5f
2607:f8b0:400d:c0b::5e
2607:f8b0:400d:c0b::9a
2607:f8b0:400d:c0c::95
2607:f8b0:400d:c1d::5e
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:200::396
2a04:4e42::649
3.220.245.192
3.225.218.10
3.33.220.150
34.102.147.248
34.107.244.18
34.111.113.62
34.111.8.32
34.120.206.65
34.120.253.250
34.149.130.207
34.149.44.52
34.199.4.193
34.230.254.96
34.236.46.241
34.98.67.3
34.98.72.95
35.173.162.10
35.190.10.96
35.190.43.134
35.244.154.8
54.154.97.89
54.157.127.36
54.205.10.10
68.67.181.211
8.43.72.98
0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7
035eec8a7be3c75b397ddfb153515f91a6c8f65ad995ac5714f8e4cf0522f94f
066f884cfd15768801743268a042cc8f5bba3f262b33ff05716b33b9e9550905
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
0b063bab914cd51698d508946cdadd5faa1e3221a46639ea9c5cb6bae54dd69e
0c1417493386a3350120604b760868585098334714924b23424c9073da5de031
0c17844102c55760dfdcd4d496c3323d63563def9a2b8e85d5102c599ed53624
0efb39eb3587e0574eb8f6ce1f32a96ece39e25d17e6397cf07c7b39264be512
11c68d6744f0799984bc9ae234ed94fe5276991bdb8690f70e1d8301ceecc4b3
1a09824b6d7bbd0f5e82a23d14da408abfba60d02f5bdb48309d3ab6ca61bb1f
1a1fe89f11a11d89299028b565a99569e2aa5df3055ce514ba4dec2a8f0fe4fa
1cd44f071142743d8a7cfbc4a4de98c4fe68ae9c5e62e890e145a7d89e7b1678
1ecca6335ccb02d4c40f0790869ae2ba8778357a116bbbcf20b1a140423f992d
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83
2460590a71f767273c7821bcb071f6a10f6016feb3497ba4e0a84bd219c97873
246789ca0cabcb167b492e58c4209609d592f7b5e86c3c5dc93ab2b1fc470539
24cdc4718a83fc82b6e422e3b1d638af85960adbcc77dc31fa617a692b306b3c
262570df7aed12653ee916d25da6cc33f2f3fb6864466119a1fdb7a8723c62e6
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
2d5ce843cf166fdb4108ebcfe16b22da332149e2bcb4b7d93b3abd0d93e2def8
2eed3688f56478253ff9082b0c34cc0e7fc12371988309e5c80edf3789bde5ae
2f006dc34205093033e3e42df81333e2f15bb87dde71ac4f997a149d25cd5a18
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
303903f4323d96ae24ad9c0e4b8f6bc910a666522ee7ac2afafc7f20227bcfd7
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
349a84fa24c5bda7424681c4ab9a0d265a0966a963f47e975dc5f7f347e3bb1d
34ce3b8edfedc8ea291e55851d7d17d09aa946cf75c47bac0bf06054c49d7e39
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
39b407ba527842ba6587698367b62e9c4770a0f1fb906c220879568cce0b1063
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
3d1c9cc2c42b0d0b0432064c8a612fda3db132c898213536b374fc6295ab7993
3d3c8ead180f5d15ab5e5f4cb72be1fc3f391a2000dc62fd6bf2ed1f7cec06c3
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fc6b6bcffd05473bac21ae5accce811325fefd1eed62722fef4ee1713802a3e
46104baff52a8dcb74ae56bcee67f732b25f7a5039904b298fcc769fd28b72ac
4973f562e7d8f8ad478be1fe1090639ca7b50af5f98c5c13efe61d22fb72665e
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285
532bcb8909320181167f847a492db322b746fe9d010daf0f8a10121b4e22cc97
53b1b3ab5bf12cc8620f33dcffe4cdaf21864254e67762a9a7830ed4a1e55f1f
5570f4a23e52ab1d181c0cbc38821585e6b09260b9a3d5b8da32c125c06e1bb1
56a91178be19c73d3cd57f522c0c8dc23246780057acf2a768f0fd7b12bf492a
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
60dfcadddf11dacb678cf78e8b2fc4af594f6fc5993f9e5141ca0a8fa76e634b
64fb011f8aa4f1a4470c3093845f0c2047a21504f823e2ec6f6684d87b81f0f8
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
67acfe8674f4e40ac89008665f0bc1dd9b2e02976fa90c22366a848a2df7ed18
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
692db01eb703744d633776b15675c6b2c761732ca585236d376836bf6f04bc9e
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
6a4a0717c74846dd12dde0d18ef7b082f2a1405d72a420e5d34b6979451e7131
6d2a323bf08b0afcbc0c198658b7adb2462d07a433ead5da4c2385b095ee6cd3
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e848d0b492539df00f84e58a63d237c58fbab26b7c07243795bb0d10f2428f2
6e9a31b3784b5fa5f384ee596c719982c792ebc9034e6425e2da3ecfd36c0678
6fae6ee38322bd431746cef6a06331484afab6af5c2ab83da404b51e4e2ad4bd
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
744f83518728b979fb7e008389501d1acaa5a3086284274c296f26c5d4cfc8e4
76e932aae8a474d98064755fd0bd3d72c4ef2390c9b53972a57b303c8cb25b1b
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
781917476862613efa795e439adf37ccd1a4ad5f854b2bab69f3e0efa5f9fb37
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7a0ff98dfdd84660a2dda89144d11fca2a0c07f0b0bb76c14c777d6f75f8f00d
7bb9a0e065f86710347b5cbdc6d013eb6e41733771f933a3217292258d6d2d13
7beab9379a72f909c9a6393c27062c2fac973d2daf08b51136db4262d9c50f60
81ff3c9cfebd0d04055fd55040b2f8833e699ecc9b5562d615dc5b36e1a12caa
844e110d367aacf96432d2a6f36b849d92efd4e09773c4673bc0f60fbd7203a8
890e001a83f07334785932a039f2656e7a5f3ebc430ede8d6254e383914e86f5
8b311b78042906393bf9c3cdc5bc8115b450b8b31905b1641dec7246fbd4cc85
8c8dd86b3e886997c85602232db0d01f6fc29e6e903bfd3a6fce4e5e57f022be
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8d054194148fbdb3260500d31ab31353ff39b9e5679c92a1d44f5487b3cecf35
8d6627b09191d1f375acecb28b487b1344d9d780efe5e115d536b6705d351d6e
8dea6b2240fed7b9dccb7a71b05a27a2b41908306b12c498c2c718856568a3cd
8e33955f54ef8025b647a6e685fa689a9256fc5c987f7dc98590310ac3c358e5
8e3855213b9f60776e7039c2b789c570847cca790cd4ae78327e7b09da3d2eb3
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
907548f0fe7742909ca8ac678d0f172fdd710362ddd32e76789320ef33e1ccf2
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
9459f3ea2a31ada4bf8d9f54aacabef3bf32b0f10cbb8f21d430432c2e70249d
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9846c98d92f9ede0abb2db68013d613791db3ccdb486451de1432034b563fb77
98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2
9b3632368a9856515572ac89df71707fcef5d58219d9b7c1b1de04a995f30973
9f8d57ef027fc405d535bbb83dc45d863db5dd6314c29c44ad78b1b59c4519ac
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a68adcd6e4525179b1a4e28b16abe4777a0afb870b4317b427f6d6ea8fbe22ed
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df
a847df5a8a38a4fec385f0d81bd27b53a567b3ff168358477b69534d7e7eb8fa
a849e2087ba3ca3777d4b4691ee8c049998b464d490adb00bcafd82a28fa1095
ab99a75a2070736b0282d041df3a7e272ad5d4d1929ae430089ac0335e05ad2c
abdc8732cde1ec013d6c32d0a6d490ab03a2ee6f4c107eb170ffee9a2fdf702a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
b24c214fcfb8abe0f59cb6964248056f89eaf8e9b8719eb0c14e529cb164dad1
b2feb72cdd98edb61f89f3a74c5091320eb9ed1b7ddd047df087cdea601830bd
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b6c31aab66c7d12f65fb2d3d9feb66b5eaa697471a6259c19f65d55337eee0d5
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc1c05bdd3b01d9aa9d49cd9381d674cb1e061a55698f2fabf7813ea46036956
bf8b41f6693852a18d2449439f0400cfaf19b755e21f01eda21a6ff985d3526c
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7
c6bba8ad5ad5ec6a4fef018600b107f518172053fdf5cb10200cac55ee23f2d1
c6f4ce85f38e9bafa58f3ccb3ab958b553973bad14172040760af7f06ac68a7c
c73e77cc1c2d340c3f79108e7286061f80bd0527d7ff5cd899ad10f5b8edeba8
c856ca647a5edf9ff56752649cd2bbd3d6d6fb2263d1b473a255534f5bf6f830
ca0a766a064104105db7a847ffd8d594fb8556d364f724916f30a3e45a1ebab4
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca67abd72277ede1c07eeb903847d902d19ec6e30fb5780a24ddff9d788bb300
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346
cd6f19ed889f24b9bcbde6c982c5b4ec540eb533baea58bf8e6bb1c14155c7d3
cf1b4e2a57de561424fb99aa43ef462868d58d9c205a38ae3f564c10266a4dbc
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d17c14417868dd853e976ab5cf9efeeffb7aff06f95510c7c0a86785b0b2cee8
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d7003226e2fea50e6765c46fe1bdacfe3a16adedd6c7a2530fef876c2356cf9f
d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
d8a6566c7e926c37c010dc811a5e82d5eddad8b10057bf711f0f644be60707d3
d9eb4a2283949b30cf8b3edcd05d93231f571c4423866f8e4fea952ee3409297
db559214a97118b56429033fe7d8298cfb695c7539071e90ea098d9e3e31735a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
dfc983293c9baf693a719da3c69be679cbe8aea18c8f35a7abfef41f14800e9c
e0351200b5bfd9edbf5a0c6cde2895c0483b840d7a0eeb5dff4fbf47528b51fb
e038dff62440b626103b2b81adcbb64b5cb3bd80433d1a710f37162cd7c0cc17
e1837b4c48824efbdeb88fa921eeea9770c4dd3be8d573289d96a6f1d90a6752
e19416089e0c1cb3374382e5652b134e554fcd33b63e0915f52ea6d75ed7ba06
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fdb3ea4cc4cf6b0f77fce3b54d03d78a697bec33bb1a023b964e8be16aea5f
e6d5e45e46b34f6825cee91b9aa31fe6fceca196125ca0351885dd5f8935373e
e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f
e96d1ae2515a7adf6e1fa754960645298839e87cd2a139fb6dc94c3e45ab9066
e9e3601db5c7718202ce72bbce50ea10bbccc9bf4ee53b85589d8029b7033905
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ea9e1d390c9942d0b5b739148064cdc25c1b5e74ed9f2d30535c516dfc52fe51
ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4b64e2f51dad13049ae0afa198ff4ed101056864b05df5e147b64a1689311b1
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f68073f49c7ef260ff7449f77367ebe5863bc313d44391857eb952d2ebd1885d
f6ec6449ec80e5ce2f54eee8424f8a0e048d91dabbe490971393a0760eb24401
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5
fefd09307baf0332b143c3c14fb6851c10e354362510d85a0c43d7e3c479093c
ff2fe181c12146189657e92f9ce0489f7f3b51345796f5a5ec9b089f9fb47616