urlscan.io logo urlscan.io
SecurityTrails logo

bflholidayshopping.com Open in urlscan Pro
2606:4700:20::ac43:4b31  Public Scan

Go To Rescan Add Verdict Report
URL: https://bflholidayshopping.com/
Submission: On December 01 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 28 HTTP transactions. The main IP is 2606:4700:20::ac43:4b31, located in United States and belongs to CLOUDFLARENET, US. The main domain is bflholidayshopping.com.
TLS certificate: Issued by WE1 on November 22nd 2024. Valid for: 3 months.
This is the only time bflholidayshopping.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
24 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
28 4
Apex Domain
Subdomains		 Transfer
24 bflholidayshopping.com
bflholidayshopping.com
2 MB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
185 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3353
28 3
Domain Requested by
24 bflholidayshopping.com bflholidayshopping.com
2 www.googletagmanager.com bflholidayshopping.com
www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
28 3

This site contains links to these domains. Also see Links.

Domain
mtr.mastercardservices.com
www.butterfieldgroup.com
Subject Issuer Validity Valid
bflholidayshopping.com
WE1		 2024-11-22 -
2025-02-20		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bflholidayshopping.com/
Frame ID: EBD1850A45F423C139501DE158EC1CE7
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/vue(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

28
Requests

96 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

1982 kB
Transfer

2969 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bflholidayshopping.com/ 		13 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb152700baf8cb65898f6fe60e2a3c45cbec5977fee23148010fc284fa9975c0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8eafefc72960dc55-FRA
content-encoding
br
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
content-type
text/html; charset=utf-8
date
Sun, 01 Dec 2024 03:19:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
referrer-policy
strict-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2xsnwfapD%2FoSSFMOzUk8g5LrC%2Fxo%2B%2BHHZ58CZ4abSrP%2B8nHUjIprHzl558zi4AsA8%2BFRhZhEsa1uhvcN8TTBTSsFxTMHrJRo4CSabuK%2B47u7VGe9kz0%2FhkMv06Hu5vv7DZdx%2F%2BwkQfpYygVfY3XZTUT3%2F0g%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=26207&min_rtt=25978&rtt_var=4257&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3986&recv_bytes=2329&delivery_rate=151206&cwnd=253&unsent_bytes=0&cid=c867ae98b219ac7d&ts=260&x=0"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
bootstrap.min.css
bflholidayshopping.com/css/ 		227 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/css/bootstrap.min.css
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4c123551432f10a965b8a9f706d3a8f9ed36e1564620f520de64cdf5bfe6dc9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efe64f9"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2FKnoUaoaWaI%2FvAol5AhXdscUIwRRCyaUu9T1pOjKCEbE0LZxAnUPnrcRdC347xjQhZsmMe1tkJHgmIXrdpRnPdWmoPkOZQ8WjVAiUF5Zh%2FlmgW4p4htEWEm%2FU%2FQfdq3KAKV2lJnP9Q1Z8QOuLcGEoG2iBE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=27618&min_rtt=25978&rtt_var=2646&sent=18&recv=22&lost=0&retrans=0&sent_bytes=10354&recv_bytes=2906&delivery_rate=317237&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=525&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
text/css
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefc8dafedc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
main.css
bflholidayshopping.com/css/ 		44 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/css/main.css?v=1.0.6
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37b84de7ede764acc4c915cd430483f8699ae84341207b529de653ee17a58a13
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efd591f"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tPxtyQ3JLjIBZJMBOFDBmbkSysuoHkrcCzCxpLcd8O7iO41jCRH7z%2FkQNZQzBJH6MbxoWaLCWEN2%2FgZS6n1bUvLQ7dnbZETKcQpq9gUjG9XFik6lfvssVNCfBhIgEHMVpE0DuIgAfiOy%2FnAKwKLuGIP2l9o%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=27618&min_rtt=25978&rtt_var=2646&sent=85&recv=22&lost=0&retrans=0&sent_bytes=74482&recv_bytes=2906&delivery_rate=317237&cwnd=256&unsent_bytes=8019&cid=c867ae98b219ac7d&ts=538&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
text/css
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefc8daffdc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
swiper-bundle.min.css
bflholidayshopping.com/css/vendor/ 		21 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/css/vendor/swiper-bundle.min.css
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44e46c4fdef6f1bad12b9a04657312506932a88dec1a3b2830f66ad26c607b07
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efdbaa6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qvxHZtP5%2FbXeMUAAKxipvhd6Th45JtmSp3RIjJRKrWu3uq3Op3hfis3RWF9zASpif4uIDYZpGA6MLmZdPjhHje6vzJRD9ulh67852g0Nc3Kx6jvOdNbHK2O4FgOBVPi5fNChSH9%2BtOufKAU80ZwVKDt0WvM%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=27618&min_rtt=25978&rtt_var=2646&sent=85&recv=22&lost=0&retrans=0&sent_bytes=74482&recv_bytes=2906&delivery_rate=317237&cwnd=256&unsent_bytes=19307&cid=c867ae98b219ac7d&ts=542&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
text/css
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefc8db01dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
vue.min.js
bflholidayshopping.com/js/vendor/ 		91 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/js/vendor/vue.min.js
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a410460285968ae56f3748e57fd09c6da63c17934a9f59cc7f9a6542f5cf2d3b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
MISS
etag
W/"1db416f4efc84eb"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=akUfDaCq%2B%2BuzaT8pk5a0qPu9MvDVcD6%2FY0XfU3o1%2BoKzEgKTMrNc60bIENiFO9hbuSBXEannurLe60zQskckrNp5TO%2FJdwh8Zx9sj%2FrRld9shEKq%2B%2BBCm7g9x9zPFqR3jlVyKF0LWhTaPWQ9GgXqK1vceb4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=33006&min_rtt=25978&rtt_var=1515&sent=113&recv=66&lost=0&retrans=0&sent_bytes=103520&recv_bytes=3141&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=739&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefc8db03dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
logo_mastercard_butterfield.svg
bflholidayshopping.com/img/vector/ 		41 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bflholidayshopping.com/img/vector/logo_mastercard_butterfield.svg?v=1.0.2
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59b494237d781f06613db88400adaf29bdfc235e1ab817cfaf862b29097cd0f3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efd4b15"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uaSoiLSrN9NdUci6vZy26zXc0b%2FbiXWSnzASx43cuSl4rcOsiF1KrwIYDZR6tnKXWqB0ylGRQBjxmZKmGJITaeHE%2FHD0uzZ3MYECbv%2FlVaNmAPUwbWq7cz4Cb51IYSMi2x9kKf2OjntHEdirFq9UXxxCfmw%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=27618&min_rtt=25978&rtt_var=2646&sent=23&recv=22&lost=0&retrans=0&sent_bytes=13872&recv_bytes=2906&delivery_rate=317237&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=525&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
image/svg+xml
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefc8db04dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
img-landing-card-3.png
bflholidayshopping.com/img/brand/ 		2 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bflholidayshopping.com/img/brand/img-landing-card-3.png
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca3fe28f01e674cdfa862b414bc55e201235f6c492d245a86145994379620dfc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

cf-cache-status
REVALIDATED
etag
"1db416f4efdee09"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s81ly3yB4pOEIyKRvmEMrNHr4wgk0gNlwHFXGqBNMazZ7NvyTIoWzG37vqIGgSXlFfCYkPbsup7ycbR%2BXsTTKsHF38%2B1kFbRr4JLwiVfnXKdvIfP1RUMUkYJSi05lluqQXiOD%2B8VTEH9ZUAo5mQa1PBM3ig%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=27618&min_rtt=25978&rtt_var=2646&sent=28&recv=22&lost=0&retrans=0&sent_bytes=17393&recv_bytes=2906&delivery_rate=317237&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=526&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
image/png
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefc8db05dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
accept-ranges
bytes
content-length
1801
x-xss-protection
1; mode=block
server
cloudflare
close-circle.svg
bflholidayshopping.com/img/vector/ 		545 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bflholidayshopping.com/img/vector/close-circle.svg
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1df56af66680348c91da9b075e09b0a3f3939383c39ae5afaa04d0e9c1b886a2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efdeb21"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5yEOsEFdUYhSM3V4ayY%2FYmH1N1%2BzSnawvtELvIly%2FfhhpwkKAL228VhPvWlZTmimH2EN99Wr3E%2BwsW5K%2FLBy4dkEUo8cuMUaPkjP%2FBNRT0tw5SqeiluOOlI3ilPteAe7jSnQwG2%2B%2BUOyLkCPDYKu3doFU2s%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=37621&min_rtt=25978&rtt_var=10819&sent=116&recv=68&lost=0&retrans=0&sent_bytes=106964&recv_bytes=3141&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=828&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
image/svg+xml
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefca7c7bdc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
loading.gif
bflholidayshopping.com/img/vector/ 		61 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bflholidayshopping.com/img/vector/loading.gif
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5db74e78c2a94e4d5688344197d46f1e06dde57bb98f5e1d8e983537ec610ef9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

cf-cache-status
REVALIDATED
etag
"1db416f4efd1d70"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zksdp71jDlsVuZQBEPRvWhj%2BoxPSM3jYkb6jRbK1QryFMnNObDpWlSWWhUMFFOeqHcmr7Np6nMma6pknYDCG96GCdz%2BQxcHtEITcfFYr%2FohOsl%2FTfsb8vglJ0E%2BaGmXWeASgxDJDR93FvXBBPQh1lE33vG4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26535&min_rtt=24963&rtt_var=1895&sent=223&recv=103&lost=0&retrans=0&sent_bytes=222219&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=1105&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
image/gif
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc7ef0dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
accept-ranges
bytes
content-length
62576
x-xss-protection
1; mode=block
server
cloudflare
gtm.js
www.googletagmanager.com/ 		217 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MV755XWF
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cf60ca7dc053257d1da86addb9262ebefb34383be1cb05ca8bafdf91cf1b28ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Sun, 01 Dec 2024 03:19:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 01 Dec 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
78851
x-xss-protection
0
server
Google Tag Manager
email-decode.min.js
bflholidayshopping.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

x-frame-options
DENY
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"6740aa56-4d7"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b448FHJveTkbhvtpqg2Pt43fi6Iu61%2FdW7oW1FSCpyHIO2iF%2FjlgtyTm%2FnEbUFrKYuITFXoPsToj9I6lNGKkGQxafOmq6iDIHjxsqVJNOmf4tnLW420QZwriWXLzsbM5rXfW1pMu7D%2B84Nu69fADnFCZxHw%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8eafefca7c7ddc55-FRA
expires
Tue, 03 Dec 2024 03:19:37 GMT
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript
last-modified
Fri, 22 Nov 2024 15:59:18 GMT
server
cloudflare
vary
Accept-Encoding
axios.min.js
bflholidayshopping.com/js/vendor/ 		13 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/js/vendor/axios.min.js
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b849e3f5952daf2c7404f61140ed4b275c1e3f01d9cbe6839d276a0a1f1ff94
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efddb95"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tgG7Eh%2BfP0zEoXKwWGvoEXgERxk4lobQN22HJuH82XvYiRxzTOGjCPb4bfJmcRqPMIEaOzWOmQ2wLeOQNzeOJFZrZYk1vEZW6nlm4LxOoPDiCZEZ1q2MrMJ7z9SloBtz5Kn7O%2BBjrk2H%2FhA%2BTJIU%2Bjd5HWQ%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=31965&min_rtt=25955&rtt_var=8909&sent=151&recv=74&lost=0&retrans=0&sent_bytes=146051&recv_bytes=3214&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=865&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcabcf6dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
swiper-bundle.min.js
bflholidayshopping.com/js/vendor/ 		257 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/js/vendor/swiper-bundle.min.js
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
899db03a9409a45b4988c60e65b8c08d4c6936d6dda1363d86a5a1298109023e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4ef9ec8f"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHkfvSkW0UlhIIB2%2FSVE%2FJtdmQIA6OurMDiZNwwEFV7cUR0dGUqXWHZETiQTZB8zZ50TVeQvLwweWLzyPP9DghV746ngqibnZHuFOXS%2BdCW4hTSAn6XvDMBjzIf9KgQHS5k%2FtkC6ugCCy7KrSZydLcvxi6w%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26535&min_rtt=24963&rtt_var=1895&sent=164&recv=103&lost=0&retrans=0&sent_bytes=154377&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=1093&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc4ea1dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
popper.min.js
bflholidayshopping.com/js/vendor/ 		20 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/js/vendor/popper.min.js
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41d59b04452edce75331c4416ff9435de714df5f1183e4e620d259d54874f9af
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efda79e"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5f3lpBE3WYI0HIBpmCcMAMb7nBS%2BlaNQzaH%2BVHcq7rKRA4aWFSz5aNOu5V4X8deyaShUrqw%2Fecca21F9abgvE4gv49URo9UhiGRPqvnyC5IQqab0ajHM3UQNRicdaYXKvOwXusD0ekG2dLevQHtT5O7j70Y%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26310&min_rtt=24736&rtt_var=1871&sent=311&recv=104&lost=0&retrans=0&sent_bytes=333833&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=65072&cid=c867ae98b219ac7d&ts=1122&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc7eecdc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
bootstrap.min.js
bflholidayshopping.com/js/vendor/ 		59 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/js/vendor/bootstrap.min.js
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb1e9574b097e7e8c86577ea959e36220e65553c96369fc15e98ba6414982e84
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efd05a7"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N2yL8D1wxbe9rPAP%2BM0beJfzKBy%2Bo0Sar4scV%2FNSYfm4JQvM1cdfpD0R%2FF47fDDWJjbkbWpXQE%2Fn7xuLd3nqJMr%2BGaTrDeCYbyTy8GPJzy7GncHlTSX8u7JgUhXqvle919TPVWV7hOJr13vTHrGDcG7jCFs%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26303&min_rtt=24736&rtt_var=584&sent=570&recv=176&lost=0&retrans=0&sent_bytes=673309&recv_bytes=3934&delivery_rate=3854938&cwnd=284&unsent_bytes=25232&cid=c867ae98b219ac7d&ts=1147&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc7eeddc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
main.js
bflholidayshopping.com/js/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/js/main.js?v=1.0.2
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5d64a46a7ada385cf849ba620e2d3fe8d4e2040f9d5d4903d236f4d21b5a337
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efde7f5"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZmWZzLCh8KdCd%2FVqenAjwA3PfOjW%2BUF9qafN%2FERR17YZ%2FgoXuQ6tLooUJMNNET6GrJ6LJLKrWTR%2BLappkS6Ir7sSKSWkMDVeMchIABd%2BAhRd3%2BYGydJHDstrzvb7DEYmWRC21iHTulyZIo0HSAX9lan1gg%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26535&min_rtt=24963&rtt_var=1895&sent=212&recv=103&lost=0&retrans=0&sent_bytes=213519&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=1101&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc7eeedc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
site.js
bflholidayshopping.com/js/ 		230 B
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/js/site.js?v=4q1jwFhaPaZgr8WAUSrux6hAuh0XDg9kPS3xIVq36I0
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33f35692fd57e7407f9a7a650fcc5cc12b828824f44f8f2c4d133323d87b3c11
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efde9e6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nUFwam83WszISitsT3YnZ4FO5YdhCHzEWKNS8IRCZ2kwDtHIiRxAcFNEkAeTqTpWlU7wvZ1LdpTvGG00vNj%2B%2FISdIiKICi4UnxfGKgxRnbFm3tL4Zw0e0vaATZUKrJQzwRSKGFj6C8GY9l23Nn%2Bmv1JQCTc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26535&min_rtt=24963&rtt_var=1895&sent=218&recv=103&lost=0&retrans=0&sent_bytes=218498&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=1104&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc7eefdc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
logo_mastercard_butterfield.svg
bflholidayshopping.com/img/vector/ 		41 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bflholidayshopping.com/img/vector/logo_mastercard_butterfield.svg?v=1.0.2
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59b494237d781f06613db88400adaf29bdfc235e1ab817cfaf862b29097cd0f3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efd4b15"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uaSoiLSrN9NdUci6vZy26zXc0b%2FbiXWSnzASx43cuSl4rcOsiF1KrwIYDZR6tnKXWqB0ylGRQBjxmZKmGJITaeHE%2FHD0uzZ3MYECbv%2FlVaNmAPUwbWq7cz4Cb51IYSMi2x9kKf2OjntHEdirFq9UXxxCfmw%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=27618&min_rtt=25978&rtt_var=2646&sent=23&recv=22&lost=0&retrans=0&sent_bytes=13872&recv_bytes=2906&delivery_rate=317237&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=525&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
image/svg+xml
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefc8db04dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
close-circle.svg
bflholidayshopping.com/img/vector/ 		545 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bflholidayshopping.com/img/vector/close-circle.svg
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1df56af66680348c91da9b075e09b0a3f3939383c39ae5afaa04d0e9c1b886a2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1db416f4efdeb21"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5yEOsEFdUYhSM3V4ayY%2FYmH1N1%2BzSnawvtELvIly%2FfhhpwkKAL228VhPvWlZTmimH2EN99Wr3E%2BwsW5K%2FLBy4dkEUo8cuMUaPkjP%2FBNRT0tw5SqeiluOOlI3ilPteAe7jSnQwG2%2B%2BUOyLkCPDYKu3doFU2s%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=37621&min_rtt=25978&rtt_var=10819&sent=116&recv=68&lost=0&retrans=0&sent_bytes=106964&recv_bytes=3141&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=828&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
image/svg+xml
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefca7c7bdc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
x-xss-protection
1; mode=block
server
cloudflare
loading.gif
bflholidayshopping.com/img/vector/ 		61 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bflholidayshopping.com/img/vector/loading.gif
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5db74e78c2a94e4d5688344197d46f1e06dde57bb98f5e1d8e983537ec610ef9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

cf-cache-status
REVALIDATED
etag
"1db416f4efd1d70"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zksdp71jDlsVuZQBEPRvWhj%2BoxPSM3jYkb6jRbK1QryFMnNObDpWlSWWhUMFFOeqHcmr7Np6nMma6pknYDCG96GCdz%2BQxcHtEITcfFYr%2FohOsl%2FTfsb8vglJ0E%2BaGmXWeASgxDJDR93FvXBBPQh1lE33vG4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26535&min_rtt=24963&rtt_var=1895&sent=223&recv=103&lost=0&retrans=0&sent_bytes=222219&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=1105&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
image/gif
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc7ef0dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
accept-ranges
bytes
content-length
62576
x-xss-protection
1; mode=block
server
cloudflare
bg-landing.png
bflholidayshopping.com/img/brand/ 		1002 KB
1006 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bflholidayshopping.com/img/brand/bg-landing.png
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/css/main.css?v=1.0.6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8e4eca40b6c5cff975c70edb3e8c2a2dbe4dc231aebe2b3e904f448b1c9e88b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

cf-cache-status
REVALIDATED
etag
"1db416f4ef24fed"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0PsBMmnsVfSV0AVCVimrAypxcq2KiJ3wj0JoCUNpM3sVYYmh%2FYbmZy0pmKqszJPhZAdWVfNA8dyr%2F8mTQ1iiZjaT3CQBGWFQGHZLeEtBnK2hg65XVkgMJTAwE0E7OYHdKdsXacJHetD6%2B3L0xbd67cTAK0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26303&min_rtt=24736&rtt_var=584&sent=570&recv=176&lost=0&retrans=0&sent_bytes=673309&recv_bytes=3934&delivery_rate=3854938&cwnd=284&unsent_bytes=25232&cid=c867ae98b219ac7d&ts=1147&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
image/png
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc8efbdc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
accept-ranges
bytes
content-length
1025773
x-xss-protection
1; mode=block
server
cloudflare
Poppins-Bold.ttf
bflholidayshopping.com/fonts/ 		150 KB
154 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/fonts/Poppins-Bold.ttf
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/css/main.css?v=1.0.6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7219547ee25334cbac0fe4b3acf0bf631e48ebb622c71af038edaaa652c60875
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://bflholidayshopping.com
Referer
https://bflholidayshopping.com/

Response headers

cf-cache-status
REVALIDATED
etag
"1db416f4effb058"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZrXWMqK%2FBcWMZmLjb3gTjavrQiVrBDbmvbuoQCTU2wm%2B0booh9Y%2BV3r%2FPhlKqjuCSzjJPdhMwS%2BfmAQpcjkKQ%2B9BA6Wvcr7LA3vmrHEMnDgpyw8N3Pe%2BySgt%2FalP6mCg7mvEGvXD%2B5baysXIsAWbBhALc5I%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26310&min_rtt=24736&rtt_var=1871&sent=311&recv=104&lost=0&retrans=0&sent_bytes=333833&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=65072&cid=c867ae98b219ac7d&ts=1122&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/x-font-ttf
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc8f00dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
accept-ranges
bytes
content-length
153944
x-xss-protection
1; mode=block
server
cloudflare
Poppins-Regular.ttf
bflholidayshopping.com/fonts/ 		155 KB
158 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/fonts/Poppins-Regular.ttf
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/css/main.css?v=1.0.6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://bflholidayshopping.com
Referer
https://bflholidayshopping.com/

Response headers

cf-cache-status
REVALIDATED
etag
"1db416f4eff8320"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ZiVSxfPk9N5yVK8ZpwTkWz2p%2F4SGs%2F151XyHUlVGUqkZ4pIEQvPGywx8jRDO1VhXY9uIIUWEU74BnxigAX8ZfvLxROrTt86WPbuRJk6Os6d%2FOKVRY7O79RpyGRkf%2BrW9POkTNd9lQkQN72x0xEPDrTL5pE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26249&min_rtt=24736&rtt_var=189&sent=438&recv=127&lost=0&retrans=0&sent_bytes=499452&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=30544&cid=c867ae98b219ac7d&ts=1127&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/x-font-ttf
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc8f02dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
accept-ranges
bytes
content-length
158240
x-xss-protection
1; mode=block
server
cloudflare
Poppins-SemiBold.ttf
bflholidayshopping.com/fonts/ 		152 KB
155 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/fonts/Poppins-SemiBold.ttf
Requested by
Host: bflholidayshopping.com
URL: https://bflholidayshopping.com/css/main.css?v=1.0.6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://bflholidayshopping.com
Referer
https://bflholidayshopping.com/

Response headers

cf-cache-status
REVALIDATED
etag
"1db416f4effb760"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UDuL4xODfVFUFkyJ%2BXarPWbBqAgILjm%2BwyWcry0C2O5e4tXsIWiPX9lWukfMQuMbJKw3zBlpZL893l6iQVYEiJcCqdq4nd7%2BJKEUPD4pnNuUj2c6iiqrn%2FNUBYEW8%2Fmqibb5Gt9ZBgeMzsehbSajsU4laSw%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=26535&min_rtt=24963&rtt_var=1895&sent=275&recv=103&lost=0&retrans=0&sent_bytes=288495&recv_bytes=3934&delivery_rate=2765119&cwnd=256&unsent_bytes=0&cid=c867ae98b219ac7d&ts=1117&x=0"
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/x-font-ttf
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcc8f03dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
accept-ranges
bytes
content-length
155232
x-xss-protection
1; mode=block
server
cloudflare
js
www.googletagmanager.com/gtag/ 		0
0
js
www.googletagmanager.com/gtag/ 		322 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-DB2DY95F7E&l=dataLayer&cx=c&gtm=45He4bk0v9200809774za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MV755XWF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
14a7326a3b097080b65d2463935bbc9f280575132a147343176bafc5e0a32cad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 01 Dec 2024 03:19:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 01 Dec 2024 03:19:37 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109632
x-xss-protection
0
server
Google Tag Manager
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-DB2DY95F7E&gtm=45je4bk0v9200970366z89200809774za200zb9200809774&_p=1733023177108&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=2073438813.1733023178&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733023178&sct=1&seg=0&dl=https%3A%2F%2Fbflholidayshopping.com%2F&dt=Home&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1295
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DB2DY95F7E&l=dataLayer&cx=c&gtm=45He4bk0v9200809774za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://bflholidayshopping.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 01 Dec 2024 03:19:38 GMT
content-type
text/plain
server
Golfe2
favicon.png
bflholidayshopping.com/img/ 		14 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://bflholidayshopping.com/img/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4b31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4a34cbf498055e7264cbcc61eac51e4671a46483733044de80cd61916d561dd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bflholidayshopping.com/

Response headers

cf-cache-status
REVALIDATED
etag
"1db416f4efdde52"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5i3WtyRg7Um%2F6OG8un%2FuIFNM1Kxhs06dRonfslPEsoLZXsdYNpQ8%2B2yU4YJntUxJr6gxV5uJkpxlXjpBkyQnzsFPhJ7UerbLF9bUtDvNp5U6ET5iWpevW7WnR%2FZe0fG6B2tMLTcAfKuiCDBhf0sRlt%2FzqT0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
server-timing
cfL4;desc="?proto=TCP&rtt=32558&min_rtt=24736&rtt_var=10442&sent=1444&recv=737&lost=0&retrans=0&sent_bytes=1831935&recv_bytes=4068&delivery_rate=13036213&cwnd=1417&unsent_bytes=0&cid=c867ae98b219ac7d&ts=1543&x=0"
date
Sun, 01 Dec 2024 03:19:38 GMT
content-type
image/png
last-modified
Thu, 28 Nov 2024 08:27:06 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8eafefcf3a66dc55-FRA
permissions-policy
geolocation=(self "https://bflholidayshopping.com"), microphone=()
accept-ranges
bytes
content-length
14162
x-xss-protection
1; mode=block
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-GHX83ZXEDY&l=dataLayer&cx=c&gtm=45He4bk0v9200809774za200

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer function| Vue function| axios function| Swiper object| google_tag_manager object| google_tag_data object| Popper number| uidEvent object| bootstrap function| onYouTubeIframeAPIReady object| gaGlobal

2 Cookies

Domain/Path Name / Value
.bflholidayshopping.com/ Name: _ga
Value: GA1.1.2073438813.1733023178
.bflholidayshopping.com/ Name: _ga_DB2DY95F7E
Value: GS1.1.1733023178.1.0.1733023178.0.0.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://globalmastercardaws.multistrategy.co *.globalmastercardaws.multistrategy.co https://static.cloudflareinsights.com *.static.cloudflareinsights.com https://www.clarity.ms https://bflholidayshopping.com https://lptag.liveperson.net https://cdn.jsdelivr.net *.cdn.jsdelivr.net *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com https://api.smooch.io/faye https://player.vimeo.com *.player.vimeo.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com https://fanaticos.bi.com.gt/ *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.connect.facebook.net *.googleadservices.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.zdassets.com/ https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://tags.bkrtx.com wss://ws.hotjar.com wss://api.smooch.io https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.script.hotjar.com *.grupobancolombia.com https://static.zdassets.com https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com; img-src 'self' data: https://d1haqd36xwow0n.cloudfront.net *.d1haqd36xwow0n.cloudfront.net https://script.hotjar.com *.script.hotjar.com https://bancoindustrialsupport.zendesk.com https://static.zdassets.com *.script.hotjar.com https://fanaticos.bi.com.gt/ https://backend.activarpromo.com *.backend.activarpromo.com https://test.multistrategy.co/ *.test.multistrategy.co https://analytics.twitter.com *.googleadservices.com *.facebook.com *.activarpromo.com mastercard.multistrategy.co https://www.facebook.com https://www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co *.maps.gstatic.com https://player.vimeo.com *.player.vimeo.com https://maps.gstatic.com *.gstatic.com https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self'; frame-src 'self' https://* https://static.zdassets.com *.connect.facebook.net *.googleadservices.com *.cloudfront.net https://player.vimeo.com *.player.vimeo.com *.google-analytics.com https://www.google.com *.google.com https://connect.facebook.net https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://* https://connect.facebook.net https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com https://www.gstatic.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com ; connect-src 'self' https://* https://api.smooch.io/faye wss://api.smooch.io wss://ws.hotjar.com https://static.zdassets.com https://script.hotjar.com *.script.hotjar.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.connect.facebook.net *.googlevideo.com *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com; font-src *.st.dynamicyield.com *.cdn.dynamicyield.com *.rcom.dynamicyield.com 'self' data: https://* https://www.googleadservices.com https://cdnjs.cloudflare.com *.cloudflare.com *.cloudfront.net https://fonts.gstatic.com *.gstatic.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bflholidayshopping.com
region1.google-analytics.com
www.googletagmanager.com
www.googletagmanager.com
2001:4860:4802:32::36
2606:4700:20::ac43:4b31
2a00:1450:4001:828::2008
14a7326a3b097080b65d2463935bbc9f280575132a147343176bafc5e0a32cad
1df56af66680348c91da9b075e09b0a3f3939383c39ae5afaa04d0e9c1b886a2
248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
33f35692fd57e7407f9a7a650fcc5cc12b828824f44f8f2c4d133323d87b3c11
37b84de7ede764acc4c915cd430483f8699ae84341207b529de653ee17a58a13
41d59b04452edce75331c4416ff9435de714df5f1183e4e620d259d54874f9af
44e46c4fdef6f1bad12b9a04657312506932a88dec1a3b2830f66ad26c607b07
59b494237d781f06613db88400adaf29bdfc235e1ab817cfaf862b29097cd0f3
5db74e78c2a94e4d5688344197d46f1e06dde57bb98f5e1d8e983537ec610ef9
707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a
7219547ee25334cbac0fe4b3acf0bf631e48ebb622c71af038edaaa652c60875
899db03a9409a45b4988c60e65b8c08d4c6936d6dda1363d86a5a1298109023e
8b849e3f5952daf2c7404f61140ed4b275c1e3f01d9cbe6839d276a0a1f1ff94
a410460285968ae56f3748e57fd09c6da63c17934a9f59cc7f9a6542f5cf2d3b
a4a34cbf498055e7264cbcc61eac51e4671a46483733044de80cd61916d561dd
a4c123551432f10a965b8a9f706d3a8f9ed36e1564620f520de64cdf5bfe6dc9
a5d64a46a7ada385cf849ba620e2d3fe8d4e2040f9d5d4903d236f4d21b5a337
b8e4eca40b6c5cff975c70edb3e8c2a2dbe4dc231aebe2b3e904f448b1c9e88b
bb152700baf8cb65898f6fe60e2a3c45cbec5977fee23148010fc284fa9975c0
ca3fe28f01e674cdfa862b414bc55e201235f6c492d245a86145994379620dfc
cf60ca7dc053257d1da86addb9262ebefb34383be1cb05ca8bafdf91cf1b28ce
fb1e9574b097e7e8c86577ea959e36220e65553c96369fc15e98ba6414982e84