urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.co.uk Open in urlscan Pro
204.2.133.49  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cosmeticscriminals.co.uk/
Effective URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Submission: On March 09 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 28 IPs in 2 countries across 21 domains to perform 132 HTTP transactions. The main IP is 204.2.133.49, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.co.uk.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.2.133.237 393259 (YOTTAA-AS-1)
1 14 204.2.133.49 393259 (YOTTAA-AS-1)
18 142.250.80.14 15169 (GOOGLE)
2 12 23.48.224.13 20940 (AKAMAI-ASN1)
1 151.101.194.137 54113 (FASTLY)
2 104.18.38.209 13335 (CLOUDFLAR...)
3 151.101.66.133 54113 (FASTLY)
12 104.18.130.236 13335 (CLOUDFLAR...)
2 104.26.13.205 13335 (CLOUDFLAR...)
6 151.101.130.133 54113 (FASTLY)
4 142.251.40.163 15169 (GOOGLE)
2 4 142.251.41.2 15169 (GOOGLE)
2 142.250.72.102 15169 (GOOGLE)
8 142.251.40.106 15169 (GOOGLE)
2 142.251.41.4 15169 (GOOGLE)
2 142.251.40.150 15169 (GOOGLE)
1 104.18.32.137 13335 (CLOUDFLAR...)
4 142.251.32.99 15169 (GOOGLE)
1 204.2.49.46 393259 (YOTTAA-AS-1)
7 151.101.1.21 54113 (FASTLY)
2 35.190.10.96 15169 (GOOGLE)
2 151.101.65.35 54113 (FASTLY)
3 172.64.145.183 13335 (CLOUDFLAR...)
3 192.229.210.155 15133 (EDGECAST)
2 108.138.106.22 16509 (AMAZON-02)
12 192.225.157.157 30286 (THM)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
132 28
1    204.2.133.237 (United States)

ASN393259 (YOTTAA-AS-1, US)
cosmeticscriminals.co.uk
14    204.2.133.49 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.co.uk
18    142.250.80.14 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f14.1e100.net
www.youtube.com
12    23.48.224.13 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-224-13.deploy.static.akamaitechnologies.com
cdn.media.amplience.net
1    151.101.194.137 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
2    104.18.38.209 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.static.amplience.net
3    151.101.66.133 (United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
12    104.18.130.236 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
6    151.101.130.133 (United States)

ASN54113 (FASTLY, US)
sdk.iad-05.braze.com
4    142.251.40.163 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f3.1e100.net
fonts.gstatic.com
4    142.251.41.2 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f2.1e100.net
googleads.g.doubleclick.net
2    142.250.72.102 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f6.1e100.net
static.doubleclick.net
8    142.251.40.106 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f10.1e100.net
jnn-pa.googleapis.com
2    142.251.41.4 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f4.1e100.net
www.google.com
2    142.251.40.150 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f22.1e100.net
i.ytimg.com
1    104.18.32.137 (None, )

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
4    142.251.32.99 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f3.1e100.net
www.gstatic.com
1    204.2.49.46 (United States)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
7    151.101.1.21 (United States)

ASN54113 (FASTLY, US)
www.paypal.com
2    35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com
collector-pxxt4gy2ig.px-cloud.net
2    151.101.65.35 (United States)

ASN54113 (FASTLY, US)
t.paypal.com
3    172.64.145.183 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
elfcosmetics.a.bigcontent.io
3    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
2    108.138.106.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-22.jfk50.r.cloudfront.net
cdn-scripts.signifyd.com
12    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
2    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aatutr2nedhitimuu2jervk445tfp3ngegeedddf329b493724sac.d.aa.online-metrix.net
Apex Domain
Subdomains		 Transfer
18 youtube.com
www.youtube.com — Cisco Umbrella Rank: 66
2 MB
14 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8695
imgs.signifyd.com — Cisco Umbrella Rank: 7215
96 KB
14 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 14862
cdn.static.amplience.net — Cisco Umbrella Rank: 47800
6 MB
14 elfcosmetics.co.uk
www.elfcosmetics.co.uk
314 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 334
214 KB
9 paypal.com
www.paypal.com — Cisco Umbrella Rank: 2952
t.paypal.com — Cisco Umbrella Rank: 3463
243 KB
8 googleapis.com
jnn-pa.googleapis.com — Cisco Umbrella Rank: 218
81 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
95 KB
6 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
static.doubleclick.net — Cisco Umbrella Rank: 259
2 KB
6 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3272
852 B
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 24616 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 10482
1 MB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 2615
w2txo5aatutr2nedhitimuu2jervk445tfp3ngegeedddf329b493724sac.d.aa.online-metrix.net
16 KB
3 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2598
33 KB
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 101445
8 KB
2 px-cloud.net
collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 248275
1 KB
2 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 89
6 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 2
39 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2821
229 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 541
309 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 760
24 KB
1 cosmeticscriminals.co.uk
cosmeticscriminals.co.uk
521 B
132 21
Domain Requested by
18 www.youtube.com www.elfcosmetics.co.uk
www.youtube.com
14 www.elfcosmetics.co.uk 1 redirects www.elfcosmetics.co.uk
cdn-fsly.yottaa.net
12 imgs.signifyd.com www.elfcosmetics.co.uk
imgs.signifyd.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.co.uk
12 cdn.media.amplience.net 2 redirects www.elfcosmetics.co.uk
8 jnn-pa.googleapis.com www.youtube.com
7 www.paypal.com www.elfcosmetics.co.uk
www.paypal.com
www.paypalobjects.com
6 sdk.iad-05.braze.com cdn-fsly.yottaa.net
4 www.gstatic.com www.youtube.com
www.gstatic.com
4 googleads.g.doubleclick.net 2 redirects www.youtube.com
4 fonts.gstatic.com www.youtube.com
3 www.paypalobjects.com www.elfcosmetics.co.uk
www.paypalobjects.com
3 elfcosmetics.a.bigcontent.io
3 cdn-fsly.yottaa.net www.elfcosmetics.co.uk
2 h.online-metrix.net imgs.signifyd.com
2 cdn-scripts.signifyd.com www.elfcosmetics.co.uk
2 t.paypal.com
2 collector-pxxt4gy2ig.px-cloud.net www.elfcosmetics.co.uk
2 i.ytimg.com www.youtube.com
2 www.google.com www.youtube.com
2 static.doubleclick.net www.youtube.com
2 api.ipify.org cdn-fsly.yottaa.net
2 cdn.static.amplience.net www.elfcosmetics.co.uk
1 w2txo5aatutr2nedhitimuu2jervk445tfp3ngegeedddf329b493724sac.d.aa.online-metrix.net
1 qoe-1.yottaa.net www.elfcosmetics.co.uk
1 geolocation.onetrust.com cdn.cookielaw.org
1 code.jquery.com www.elfcosmetics.co.uk
1 cosmeticscriminals.co.uk 1 redirects
132 28
Subject Issuer Validity Valid
*.elfcosmetics.co.uk
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
*.google.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-20 -
2024-08-14		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
ipify.org
GTS CA 1P5		 2024-01-22 -
2024-04-21		 3 months crt.sh
*.iad-05.braze.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-07-27 -
2024-08-27		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
www.google.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA		 2023-08-15 -
2024-09-13		 a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-09-21 -
2024-10-21		 a year crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2023-03-14 -
2024-04-13		 a year crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M01		 2023-07-03 -
2024-07-31		 a year crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2023-10-20 -
2024-10-21		 a year crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2023-10-20 -
2024-10-21		 a year crt.sh

This page contains 9 frames:

Primary Page: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Frame ID: 7CE4ED7494D4E01D38387C45D09EDDA0
Requests: 70 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: FB1A91B5D4AE4527A86897F628108E36
Requests: 18 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 6D44091D0BE27961B1C3497ACD259680
Requests: 18 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.57.0&integrationType=SDK
Frame ID: 5B2DD05A2E2D1759F4E7C64D0AFDF86B
Requests: 4 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: FAAB053AA8B307105541AC28625C14D0
Requests: 3 HTTP requests in this frame

Frame: https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Frame ID: 465E35E9F121AD146B908EA7307F3BF7
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/YGj0hc11y0QpiGQ4?a0ba6c5d6c2fded0=oIqa_kcV2P015ENd1dLknecpq4xR_IrZf7mi5X4-hDRYDcictQJBozSQecH0rOoESTDiy0x7JDQLcug1xI2_2IjxhNyeYt-vUIML-chLTRKr7OcSCj7u052KECePyxo7SDDewwIyrEMOJ4yvMtdKwCLyfCJ5GA8hGRPbU1F0ez6bUjvKM6roChC69jOb2VxupnCUA0OsUeIhhNpHsHI
Frame ID: E72D0A2AB3DC90773A3F0A581F0430A8
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/yedj79cwrOkuEMcy?dd54b919f87211c1=sEQZJgGeWOTAzMMRKPx16rSBWpH2Y-cl0fPRuXnYN9_gTSATuCUu9kpopDh9iqT0Y-IsoM_cVNL5AjpwZkgK2vSqo1PN8ged3qHAdqS4DSZLS0Dv5Ur7miSGRbXM9r_CvO9h4cv1A96MgR3RmNW2CSZWUaLbrg59i6-lkLqXFFKFRHDBSX29ZwLKbCyut_PZlYBDkE_p-4Zjdh1IjvLT
Frame ID: 08D12FA104D33C58184B5BD1631B9B53
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/CbCyGTAl7bnrL5ul?d0e6f115b7a1d847=gdIu2EqpHbv5feGkGen506cx7V7o2ddZMhxO2-z9IMxgi3W0sX4l_ofVQDn9W06kJimYlBMLlZmYBg9DZy9j3lg4SgBCe2_ydUQIqNeLFFjKxhAAGNQ_jFy2lKw2RILSzhSggEkw7yb6Kx8OIMnYfZw4qi6-WIyCYvEs4139gYDWQWy4abv5xuKDQItXx67hurfRFtg-2RXHxk_B3Upc
Frame ID: 2DB10F41594A6DA446675F6B371DEB32
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. CosmeticsBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. http://cosmeticscriminals.co.uk/ HTTP 301
    https://www.elfcosmetics.co.uk/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

132
Requests

92 %
HTTPS

0 %
IPv6

21
Domains

28
Subdomains

28
IPs

2
Countries

10815 kB
Transfer

21847 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cosmeticscriminals.co.uk/ HTTP 301
    https://www.elfcosmetics.co.uk/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 16
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 37
  • https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-eu&code_challenge=pL8W0g8dCUiZy7kH62QFiPqPSPq0h8qD0eHYqlJTeqU HTTP 303
  • https://www.elfcosmetics.co.uk/callback?usid=d2c7bfb3-bfbb-4853-abd7-41bea9c6b4a0&code=5HXwaHFrOUfXwqJEES3_kZ86IaN9jqP0pQ4Kp14BGlA
Request Chain 45
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Request Chain 47
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

132 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.co.uk/
Redirect Chain
  • http://cosmeticscriminals.co.uk/
  • https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
843 KB
225 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ee1c5a177ab7dba0f7ca896016ddeae40552d1ebb6df9a52551006c2216022a5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
0
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
228681
content-type
text/html; charset=utf-8
date
Sat, 09 Mar 2024 13:06:22 GMT
etag
W/"b56f9-SkNTWqqIA7WtpHBESJPd8DPVF+8"
vary
Accept-Encoding
via
1.1 646b231fddd116a809b791efe727aba6.cloudfront.net (CloudFront)
x-amz-apigw-id
UXPAAEjPiYcECrA=
x-amz-cf-id
1GTUorAPpV4djoClX4CFmLi9pxcCumtH8XSf8dwsgDAMz8TPkDHfuw==
x-amz-cf-pop
SFO53-P5
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
743161
x-amzn-remapped-date
Sat, 09 Mar 2024 13:06:21 GMT
x-amzn-requestid
271a77c7-27a2-4239-be5c-d7d17e1b4cbe
x-amzn-trace-id
Root=1-65ec5ecc-7ae2ead8521fc9670a70ee3e;Parent=1ad8b3abaffea38e;Sampled=0;lineage=dcd1e669:0
x-cache
Miss from cloudfront
x-yottaa-metrics
2521cc028529/[1782,1734,-] 25D1cc028531/[-,1824.389]
x-yottaa-optimizations
ob/1000000100001000 si/25D1cc028531-1709931560-9821779522 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-yottaa-os
200

Redirect headers

Age
0
Connection
keep-alive
Content-Length
1197
Content-Type
text/html; charset=utf-8
Date
Sat, 09 Mar 2024 13:06:19 GMT
Location
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Vary
User-Agent
X-Yottaa-FW
fb/100000 tid/658f1ff1d931403bb4ae5dba rid/658f266dd931403bb4ae60ab stid/5ad7b08e2bb0ac0c5ba3d38c
X-Yottaa-Metrics
25D1cc0285ed/[-,0.149]
X-Yottaa-Optimizations
ob/0 si/25D1cc0285ed-1709931560-7551654322 tts/1709989579756 ti/0 ai/658f1ff1d931403bb4ae5dba
/
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ 		0
0
/
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ 		0
0
/
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ 		0
0
/
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ 		0
0
bxGKZ6lfJ7A
www.youtube.com/embed/ Frame FB1A 		91 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
ESF /
Resource Hash
3d1d150700c9b366b0736ea4ad4f01bab83bef1f948bc8a441a1a90ca4b7f4ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Sat, 09 Mar 2024 13:06:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
rZPCKoUReO0
www.youtube.com/embed/ Frame 6D44 		90 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
ESF /
Resource Hash
7a9e3acfc90f7f7b7fd43b79735ec07cefdae1549c46bf9f0ccad8af0480b697
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Sat, 09 Mar 2024 13:06:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
415ug_fp0,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-req-id
tqkfx4544N
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
server
Unknown
x-frame-options
DENY
x-amp-source-width
3199
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
XROlcgt46,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-req-id
XDzmGTIDW-
content-length
209440
x-xss-protection
1; mode=block
x-amp-source-height
340
server
Unknown
x-frame-options
DENY
x-amp-source-width
800
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
pFa_T_RlD,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-req-id
IZp1kLTThM
content-length
2085695
x-xss-protection
1; mode=block
x-amp-source-height
1484
server
Unknown
x-frame-options
DENY
x-amp-source-width
3080
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
YOdGtw2Ga,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-req-id
OIDf0f3nK2
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
server
Unknown
x-frame-options
DENY
x-amp-source-width
2806
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:22 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
2YGwlfvlf,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-req-id
E8K8LmmGB6
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
server
Unknown
x-frame-options
DENY
x-amp-source-width
1952
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
TGGuiYewC,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-req-id
y_gmEqakn4
content-length
628288
x-xss-protection
1; mode=block
x-amp-source-height
525
server
Unknown
x-frame-options
DENY
x-amp-source-width
3200
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:22 GMT
content-encoding
gzip
via
1.1 varnish
age
1405455
x-cache
HIT
content-length
24036
x-served-by
cache-lga21924-LGA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1709989583.948480,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
112
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
ESF /
Resource Hash
dc055917bb20b6042962d6e972655061a178db6b161b02c217406b62fd85c0e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:22 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /cspreport
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Sat, 09 Mar 2024 13:06:22 GMT
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Server
104.18.38.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
x-amz-version-id
null
cf-cache-status
MISS
x-amz-request-id
8EE3EBB4Y46J690V
Content-Range
bytes 0-1060947/1060948
Content-Length
1060948
x-amz-id-2
3LXp5S7bJLlYGql7NSFeDD5p8HrDaWQxjQTz2YmVomPAMSSIB2VQYy/bk6835EmalZH3+F5hT+8=
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
server
cloudflare
etag
"dd3676819bd88a250c875a11e38c307d"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
861b48369952c335-EWR

Redirect headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
q0RIzSua3,l4p5bDg2e,bgWw7nQ29
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Server
104.18.38.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
x-amz-version-id
null
cf-cache-status
MISS
x-amz-request-id
8EEA1FXEDTP6A6RB
Content-Range
bytes 0-1262366/1262367
Content-Length
1262367
x-amz-id-2
RK3OVhpDolLTiZ4t3Mq9fYcoz4gciry10Mqd7SmNNLkBRvSPKzn032rGWoaAcL01RExCOUlusoo=
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
server
cloudflare
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
861b48369954c335-EWR

Redirect headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
server
Unknown
x-frame-options
DENY
x-amp-srv
A
cache-tag
hC9Dh_eU3,l4p5bDg2e,fH6Lo3_5e
access-control-allow-origin
*
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
content-type
text/html; charset=UTF-8
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin
https://www.elfcosmetics.co.uk
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin
https://www.elfcosmetics.co.uk
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
vendor.js
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/ 		2 MB
620 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
65a3f669b13f6b35a9e6bd0788784a1bb3b82ead49598684dcfaeda3b15d78bc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id
U8rj_zN0KI9billPxoA.iNJviYCUzjcI
via
1.1 94344436af750794f6bc9899d89d3a0a.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Sat, 09 Mar 2024 13:06:22 GMT
x-amz-cf-pop
EWR53-C2
age
1347260
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/3811cc023146-1706802497-1648231197 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
679716
content-length
634417
x-amz-meta-bundle
10719
x-served-by
cache-lga21934-LGA
x-yottaa-forcecache
true
last-modified
Thu, 22 Feb 2024 19:39:33 GMT
server
AmazonS3
x-timer
S1709989583.691820,VS0,VE4
etag
W/"f8770cf77965857cc888398dd0649ea4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3821cc02316c/[165,138,-] 3811cc023146/[-,282.574]
accept-ranges
bytes
x-amz-cf-id
QVmVb0BuR49RtxhqI_ezFGBI_tp584c6zsjhQ3Pmy--bWIAHVe96ig==
x-cache-hits
1
main.js
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/ 		2 MB
471 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/main.js?yocs=o_q_
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3647c672a453341430a3684a219414cb50fad3fc9c008e00bb22eb1427fafd00

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id
qX8tejKc7GD7wl01qGK_FZCo0qRKhh..
via
1.1 55d59f6fe20d812e375923d2e18ac7fc.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Sat, 09 Mar 2024 13:06:22 GMT
x-amz-cf-pop
PHL50-C1
age
847070
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/2311cc8d59cd-1706807745-741170348 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
679716
content-length
481410
x-amz-meta-bundle
10719
x-served-by
cache-lga21934-LGA
x-yottaa-forcecache
true
last-modified
Thu, 22 Feb 2024 19:39:28 GMT
server
AmazonS3
x-timer
S1709989583.692119,VS0,VE18
etag
W/"e1740102fc0b27d3504e6b6b92da4536"
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2321cc8d59e5/[225,167,-] 2311cc8d59cd/[-,475.363]
accept-ranges
bytes
x-amz-cf-id
I8ILMJafA1xA1QM7ykuTScxzWmwUfCejvjgNy0GX0tynKwcmi-G3DQ==
x-cache-hits
1
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/ 		41 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/pages-product-list-product-list-page.js?yocs=o_q_
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
24ac4da29c53564ae8c82180e85921818ad3fef0311e627f08b6edddf79a3b34

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id
rrFEs6OuMMO9TerycTQSYLYdzMylOhlw
via
1.1 d47bfce74ac0ba73e842bed313cc9e16.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
date
Sat, 09 Mar 2024 13:06:22 GMT
x-amz-cf-pop
DFW55-C3
age
1344726
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1000 si/2611cc028371-1708617476-1478124563 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
679716
content-length
11524
x-amz-meta-bundle
10719
x-served-by
cache-lga21934-LGA
x-yottaa-forcecache
true
last-modified
Thu, 22 Feb 2024 19:39:30 GMT
server
AmazonS3
x-timer
S1709989583.692104,VS0,VE2
etag
W/"30e1633195f3f330a723de07387efc64"
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
2621cc8d5874/[35,28,-] 2611cc028371/[-,41.852]
accept-ranges
bytes
x-amz-cf-id
D4Gg1hifhDRGagZ69VTI_JFBimKL6OFv6WGDUnVXx1bSaxI_zyxf2Q==
x-cache-hits
1
PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min
cdn.media.amplience.net/i/elfcosmetics/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min?fmt=auto
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
c75a0f7c4104d907f8419aeb5f87467a90bce54ef633af1e8a05c6c585c9994d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
HJbztN6Fp,l4p5bDg2e,5-jG4GMEO,WepA0szpz
x-req-id
-yyoIN17WQ
content-length
74537
x-xss-protection
1; mode=block
x-amp-source-height
1303
server
Unknown
x-frame-options
DENY
x-amp-source-width
855
access-control-allow-origin
*
content-type
image/avif
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min
cdn.media.amplience.net/i/elfcosmetics/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min?fmt=auto
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
cJnlnZPw3,l4p5bDg2e,QvpKILV5P,DtzGFM5oJ
x-req-id
Akh-VqtzNY
content-length
16698
x-xss-protection
1; mode=block
x-amp-source-height
2000
server
Unknown
x-frame-options
DENY
x-amp-source-width
2000
access-control-allow-origin
*
content-type
image/webp
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min
cdn.media.amplience.net/i/elfcosmetics/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min?fmt=auto
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
32aaeee96fd5d4ee55d785e181d136b89e21de673bd8b6e89f4731412ba5aba9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
UalTEaF1V,l4p5bDg2e,h1qKNVnZ0,WepA0szpz
x-req-id
J4gYyWu5d2
content-length
52930
x-xss-protection
1; mode=block
x-amp-source-height
1324
server
Unknown
x-frame-options
DENY
x-amp-source-width
862
access-control-allow-origin
*
content-type
image/avif
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min
cdn.media.amplience.net/i/elfcosmetics/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min?fmt=auto
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.224.13 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-224-13.deploy.static.akamaitechnologies.com
Software
Unknown /
Resource Hash
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:23 GMT
x-content-type-options
nosniff
x-amp-srv
A
cache-tag
dV3wuXU7N,l4p5bDg2e,nb-u70u49,DtzGFM5oJ
x-req-id
iDx-wVK5WN
content-length
20738
x-xss-protection
1; mode=block
x-amp-source-height
2400
server
Unknown
x-frame-options
DENY
x-amp-source-width
2400
access-control-allow-origin
*
content-type
image/webp
cache-control
max-age=1800, s-maxage=86400
accept-ranges
bytes
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/main.js?yocs=o_q_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
/RTAD1TAPuPWblD15GN1pg==
age
45207
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6842
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 20:52:31 GMT
server
cloudflare
etag
0x8DC3EE8820BCF86
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
b581cd2d-601e-0006-2605-710a3c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b48352a57c32b-EWR
/
api.ipify.org/ 		22 B
74 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba91ae2d795e612b37624d68868f1dcea5e4a3e2eadc4bf6b5df375c70ccddbb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
861b48342953236a-EWR
content-length
22
/
api.ipify.org/ 		22 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba91ae2d795e612b37624d68868f1dcea5e4a3e2eadc4bf6b5df375c70ccddbb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
861b48342952236a-EWR
content-length
22
www-player.css
www.youtube.com/s/player/c48a9559/ Frame FB1A 		369 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
d310954cebcc052fcbc240c8a0e27bbceff52454a5bf557cdf3568ab0d3b634f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 16:22:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
74638
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47894
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 16:22:26 GMT
embed.js
www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/ Frame FB1A 		57 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
78143c1940ae7c3efe66773ebaa3ba5e2d27d4685304b0492d84a39783e0be86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:14:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
53533
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18005
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 22:14:11 GMT
www-embed-player.js
www.youtube.com/s/player/c48a9559/www-embed-player.vflset/ Frame FB1A 		319 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
1344811659720c8e29a95ba3956bbfa439aa5cd496c77212bf1d4465f7598b88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:09:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
53798
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97308
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 22:09:46 GMT
base.js
www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/ Frame FB1A 		2 MB
778 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
bafc666308f50a3848018f6c98e6c082c5ef57d646f65a26936c56db34e8cbf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52735
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
796296
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 22:27:29 GMT
www-player.css
www.youtube.com/s/player/c48a9559/ Frame 6D44 		369 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
d310954cebcc052fcbc240c8a0e27bbceff52454a5bf557cdf3568ab0d3b634f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 16:22:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
74638
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47894
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 16:22:26 GMT
embed.js
www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/ Frame 6D44 		57 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
78143c1940ae7c3efe66773ebaa3ba5e2d27d4685304b0492d84a39783e0be86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:14:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
53533
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18005
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 22:14:11 GMT
www-embed-player.js
www.youtube.com/s/player/c48a9559/www-embed-player.vflset/ Frame 6D44 		319 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
1344811659720c8e29a95ba3956bbfa439aa5cd496c77212bf1d4465f7598b88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:09:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
53798
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97308
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 22:09:46 GMT
base.js
www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/ Frame 6D44 		2 MB
778 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
bafc666308f50a3848018f6c98e6c082c5ef57d646f65a26936c56db34e8cbf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52735
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
796296
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 22:27:29 GMT
callback
www.elfcosmetics.co.uk/
Redirect Chain
  • https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client...
  • https://www.elfcosmetics.co.uk/callback?usid=d2c7bfb3-bfbb-4853-abd7-41bea9c6b4a0&code=5HXwaHFrOUfXwqJEES3_kZ86IaN9jqP0pQ4Kp14BGlA
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/callback?usid=d2c7bfb3-bfbb-4853-abd7-41bea9c6b4a0&code=5HXwaHFrOUfXwqJEES3_kZ86IaN9jqP0pQ4Kp14BGlA
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
via
1.1 5ef053ed5de62b8aa34580e3bd7d802a.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
SFO53-P5
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
403c437a-d42b-455b-8f5f-f21058771c92
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1709931560-9821779533 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
UXPAsGH6CYcEErA=
content-length
0
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-65ec5ed0-4b602ac325c7963e1b5734ca;Parent=2455fee1baca161a;Sampled=0;lineage=dcd1e669:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
2521cc02851e/[318,317,-] 25D1cc028531/[-,319.926]
x-amzn-remapped-date
Sat, 09 Mar 2024 13:06:25 GMT
x-amz-cf-id
IA88O46b3xHHf01Ui88DCjYGhUhEVRCSlo_IZRf6jXBvAXagJ1yGOQ==

Redirect headers

date
Sat, 09 Mar 2024 13:06:24 GMT
x-correlation-id
861b48360a9fc4dc
via
1.1 60e55687f4f0ad988a569a499b543a0e.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
SFO53-P5
age
0
x-yottaa-optimizations
ob/0 si/25D1cc028531-1709931560-9821779531 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache
Miss from cloudfront
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23520, 1959429
x-ratelimit-1m-reset
35618, 35617
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.co.uk/callback?usid=d2c7bfb3-bfbb-4853-abd7-41bea9c6b4a0&code=5HXwaHFrOUfXwqJEES3_kZ86IaN9jqP0pQ4Kp14BGlA
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-eu&code_challenge=pL8W0g8dCUiZy7kH62QFiPqPSPq0h8qD0eHYqlJTeqU
x-yottaa-metrics
2521cc028521/[162,160,-] 25D1cc028531/[-,163.929]
cf-ray
861b48360a9fc4dc-SEA
x-amz-cf-id
lTnZAeEOhOmM7uSreWGN68-j7K05JnFH2ut6BYpbeASV4HX-ES9G4Q==
/
sdk.iad-05.braze.com/api/v3/data/ 		334 B
455 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
56f2742d7fbf93000ccdecf5a0235f493addcdd1092f7622fb7d5f11b44b7f7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type
application/json
Referer
https://www.elfcosmetics.co.uk/
X-Requested-With
XMLHttpRequest

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
8b7763e9-fa95-4aa3-af84-20fa99d3f6f7
x-served-by
cache-lga21964-LGA
x-runtime
0.126253
etag
W/"56f2742d7fbf93000ccdecf5a0235f49"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Sat, 09 Mar 2024 13:06:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-lga21964-LGA
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FB1A 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:56:40 GMT
x-content-type-options
nosniff
age
274184
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 08:56:40 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FB1A 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 09:09:27 GMT
x-content-type-options
nosniff
age
273417
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 09:09:27 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6D44 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 08:56:40 GMT
x-content-type-options
nosniff
age
274184
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 08:56:40 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6D44 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 06 Mar 2024 09:09:27 GMT
x-content-type-options
nosniff
age
273417
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Mar 2025 09:09:27 GMT
25840211-e69f-428e-bb3b-0787cffdf0e8.json
cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/25840211-e69f-428e-bb3b-0787cffdf0e8.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
949062629321267f5e4f5d183435ab758ad7898afe2b31dc262b6b164167ffa0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-md5
FgAuBFiP8zSeAA1ZcGm5bQ==
content-length
1495
x-ms-lease-status
unlocked
last-modified
Tue, 13 Dec 2022 17:32:15 GMT
server
cloudflare
etag
0x8DADD2FFA203B7A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
41c2cfdd-501e-006f-78e6-1d3370000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b4837be1217b1-EWR
expires
Sun, 10 Mar 2024 13:06:24 GMT
id
googleads.g.doubleclick.net/pagead/ Frame FB1A
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
21842eff7313dc3aa41cdf3fed20e654c54ffa1f9506e8e1a784eac9294d59b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 09 Mar 2024 13:06:24 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame FB1A 		29 B
494 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.102 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f6.1e100.net
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:04:58 GMT
x-content-type-options
nosniff
age
86
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 09 Mar 2024 13:19:58 GMT
id
googleads.g.doubleclick.net/pagead/ Frame 6D44
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
189 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
3ac408201feb91a819c5be27b27c5da781a686eba0eaf559ed84673e886ef860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 09 Mar 2024 13:06:24 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 6D44 		29 B
89 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.102 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f6.1e100.net
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:04:58 GMT
x-content-type-options
nosniff
age
86
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 09 Mar 2024 13:19:58 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.106 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f10.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Sat, 09 Mar 2024 13:06:24 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame FB1A 		87 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.106 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f10.1e100.net
Software
ESF /
Resource Hash
d1ed175340032493b9a4e8cc98ae176184425df32723a01bb7e0f8177be3e568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40830
x-xss-protection
0
remote.js
www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/ Frame FB1A 		117 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
ecf66dd0cb3bb5f74fbebb82395dd47313cbb75db6c08c5436749fda9fd1870a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:07:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
53922
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33867
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 22:07:42 GMT
QIgJXlTW_ocH5BKR4VvT459F7KnrK51w4wqraUAmDYI.js
www.google.com/js/th/ Frame FB1A 		51 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/QIgJXlTW_ocH5BKR4VvT459F7KnrK51w4wqraUAmDYI.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
sffe /
Resource Hash
4088095e54d6fe8707e41291e15bd3e39f45eca9eb2b9d70e30aab6940260d82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:15:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
53478
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19860
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 17:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 08 Mar 2025 22:15:06 GMT
default.jpg
i.ytimg.com/vi/bxGKZ6lfJ7A/ Frame FB1A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/bxGKZ6lfJ7A/default.jpg
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.150 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f22.1e100.net
Software
sffe /
Resource Hash
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2965
x-xss-protection
0
server
sffe
etag
"1703142370"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 09 Mar 2024 15:06:24 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 6D44 		87 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.106 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f10.1e100.net
Software
ESF /
Resource Hash
cc3d3ca360782948e68450393b0fff18eeed9f9f49ce9cca858d348df565a589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40941
x-xss-protection
0
remote.js
www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/ Frame 6D44 		117 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
ecf66dd0cb3bb5f74fbebb82395dd47313cbb75db6c08c5436749fda9fd1870a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:07:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
53922
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33867
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 08 Mar 2025 22:07:42 GMT
QIgJXlTW_ocH5BKR4VvT459F7KnrK51w4wqraUAmDYI.js
www.google.com/js/th/ Frame 6D44 		51 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/QIgJXlTW_ocH5BKR4VvT459F7KnrK51w4wqraUAmDYI.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
sffe /
Resource Hash
4088095e54d6fe8707e41291e15bd3e39f45eca9eb2b9d70e30aab6940260d82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 22:15:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
53478
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19860
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 17:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 08 Mar 2025 22:15:06 GMT
default.jpg
i.ytimg.com/vi/rZPCKoUReO0/ Frame 6D44 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi/rZPCKoUReO0/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARhyIFYoPTAP&rs=AOn4CLCM5ONTEJwdjxOrSlWBNC86VGolng
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.150 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f22.1e100.net
Software
sffe /
Resource Hash
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2380
x-xss-protection
0
server
sffe
etag
"1703117772"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 09 Mar 2024 15:06:24 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.106 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f10.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Sat, 09 Mar 2024 13:06:24 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		71 B
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.32.137 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4da8a6638ad70698ad3d01aa0ef124aebe35c297685c0796b174822f597b1d09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.elfcosmetics.co.uk/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
861b483bbc81db6e-LAX
access-control-allow-headers
Content-Type
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a61c884ef9d6caaa5be82633b8396ff987904c3473da08a0e73a7694e9b7cacf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.co.uk/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
2fa64200-fc23-4c69-894c-1c9604945126
x-served-by
cache-lga21964-LGA
x-runtime
0.171614
etag
W/"a61c884ef9d6caaa5be82633b8396ff9"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Sat, 09 Mar 2024 13:06:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-lga21964-LGA
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame FB1A 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.99 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f3.1e100.net
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 09 Mar 2024 13:06:25 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 6D44 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.99 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f3.1e100.net
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 09 Mar 2024 13:06:25 GMT
generate_204
www.youtube.com/ Frame FB1A 		0
40 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?EdmQyg
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.106 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f10.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Sat, 09 Mar 2024 13:06:25 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame FB1A 		90 B
181 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.106 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f10.1e100.net
Software
ESF /
Resource Hash
0d86398d6a63444e0f94ca374a4570fa9a3c97d741757d73bbb6e1ef10b8aef3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.106 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f10.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Sat, 09 Mar 2024 13:06:25 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 6D44 		90 B
178 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/player_ias.vflset/en_US/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.106 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f10.1e100.net
Software
ESF /
Resource Hash
99f5cea2899b91eee936dd797ea9ba8ea599ce496e02d77743173e70d808bbca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
token
www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
0842c681c00a2b571f7f28d4eaa5646e6fb845f964fd8f5aafa2cc7ce22a548b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-correlation-id
861b483c681ac4dc
cf-cache-status
DYNAMIC
via
1.1 8ac53533ca4aefd756e737ced2d2dc78.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
SFO53-P5
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1709931560-9821779535 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache
Miss from cloudfront
pragma
no-cache
x-ratelimit-1m-remaining
23495, 1957859
x-ratelimit-1m-reset
34596, 34596
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
2521cc028a77/[173,172,-] 25D1cc028531/[-,174.561]
cf-ray
861b483c681ac4dc-SEA
x-amz-cf-id
yXgQcCorswC0Gv8o_gUncpsEQNAP7U2nMMcxSKTn5_2a8s26PaR0uQ==
generate_204
www.youtube.com/ Frame 6D44 		0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?V7uxsw
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202211.2.0/ 		383 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
uPFqyxtrxGqJsyAvB7RnSg==
age
10129
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
93482
x-ms-lease-status
unlocked
last-modified
Mon, 12 Dec 2022 17:31:45 GMT
server
cloudflare
etag
0x8DADC66BDFA5EC7
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a5ea234d-301e-0069-6d88-1700cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b483c7f22c32b-EWR
cast_sender.js
www.gstatic.com/eureka/clank/122/ Frame FB1A 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/122/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.99 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f3.1e100.net
Software
sffe /
Resource Hash
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 18:12:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68064
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14711
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 16:03:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Sat, 09 Mar 2024 18:12:01 GMT
cast_sender.js
www.gstatic.com/eureka/clank/122/ Frame 6D44 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/122/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.32.99 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f3.1e100.net
Software
sffe /
Resource Hash
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Fri, 08 Mar 2024 18:12:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68064
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14711
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 16:03:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Sat, 09 Mar 2024 18:12:01 GMT
en.json
cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/6e10e834-96b1-4572-80d7-3109ba160fd7/ 		73 KB
15 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/6e10e834-96b1-4572-80d7-3109ba160fd7/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71bd66530457656271aa253073fb867cdc9068586f7af54e341667687162909e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-md5
FVTe+XzL+4tWjb2VPxjyIQ==
content-length
15363
x-ms-lease-status
unlocked
last-modified
Tue, 13 Dec 2022 17:32:16 GMT
server
cloudflare
etag
0x8DADD2FFAAA3EC3
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
73e8b48e-b01e-0058-5103-24e1dc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b483cc90117b1-EWR
expires
Sun, 10 Mar 2024 13:06:25 GMT
iab2Data.json
cdn.cookielaw.org/vendorlist/ 		399 KB
57 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/vendorlist/iab2Data.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f4c5ad5f85696506e2299defa50e89de0fbcc7abed8995a7cbe7fc22447c12a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
TNXX/aaKeIzL6c75XJzdQQ==
age
54643
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
58188
x-ms-lease-status
unlocked
last-modified
Fri, 08 Mar 2024 08:29:17 GMT
server
cloudflare
etag
0x8DC3F49D8899EE2
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
8181d10c-901e-002d-0f3a-718af0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b483cc90217b1-EWR
otTCF.js
cdn.cookielaw.org/scripttemplates/202211.2.0/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202211.2.0/otTCF.js
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f94185bf320b088eb3c40b75de95ac8516680f4036bd287131b34f9c058146a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
jNSx0jAViofB7ggqqp6FUQ==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
15011
x-ms-lease-status
unlocked
last-modified
Mon, 12 Dec 2022 17:31:44 GMT
server
cloudflare
etag
0x8DADC66BD0C2AD7
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
e8c255f1-801e-001e-27e6-1dd55b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b483ccf5ac32b-EWR
init.js
www.elfcosmetics.co.uk/XT4Gy2ig/ 		168 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
2db35528a2c4e894f206c3f9be945f65b6304928200445dc9515766586ab493f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
active-cdn
Akamai
x-yottaa-optimizations
ob/0 si/25D1cc028531-1709931560-9821779536 tts/1709989585574 ti/0 ai/5dbb1b434f1bbf5af87e10a5
vary
Accept-Encoding
etag
"29e91-O14kD7H8Z7H/7XhAIy9GyJVbQJc"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
active-cdn,x-served-by,Akamai-Request-BC
cache-control
max-age=600
x-yottaa-metrics
25D1cc028531/[-,16.263]
x-px-hash
NmRlOGU3NzRhY2EwMzQxNTIxZDdjMjA2MjJhMTg0ODI2YTlkNmQyNTdhNWFlZGExYjkyNWI5MjBjMzdiNDAyZQ==
access-control-allow-headers
x-px-cookies
sessions
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmQyYzdiZmIzLWJmYmItNDg1My1hYmQ3LTQxYmVhOWM2YjRhMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk5ODk1NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFieGJoSGwwaEt3SGtSd0t4R3dHWVltYnNYOjpjaGlkOiAiLCJleHAiOjE3MDk5OTEzODUsImlhdCI6MTcwOTk4OTU4NSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTMxNzEwNjU4MDczMzIzMCJ9.Olkqt3IVQ6nnw6I8SaDAAgBfsnG2hd__G6zyixm1kqchSeAYlFkuq5OW6ua9uCYZ984bA8kILG8YSIOSCUv6fA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
via
1.1 d2610666ad934f0664cd719e5472324a.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
SFO53-P5
age
0
x-yottaa-optimizations
ob/0 si/25D1cc028531-1709931560-9821779537 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.co.uk
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
2521cc028a79/[461,459,-] 25D1cc028531/[-,462.031]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
861b483e5d7a306f-SEA
x-dw-request-base-id
_8FUKtFe7GUBAAB_
x-amz-cf-id
I32pq1rB7yoYWoyQbIwYQFgsrq-TsXvLZNrx0vuiuQ2c0-PwFSSCYQ==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.co.uk/api/v1/ 		57 B
773 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/api/v1/shoppercontext?siteId=elf-eu
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
a6cbc4c9c0b39f6d4edd8d4db4e73971e23c1e4b8b9b6ddd5956164b87fd3ebc

Request headers

Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmQyYzdiZmIzLWJmYmItNDg1My1hYmQ3LTQxYmVhOWM2YjRhMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk5ODk1NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFieGJoSGwwaEt3SGtSd0t4R3dHWVltYnNYOjpjaGlkOiAiLCJleHAiOjE3MDk5OTEzODUsImlhdCI6MTcwOTk4OTU4NSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTMxNzEwNjU4MDczMzIzMCJ9.Olkqt3IVQ6nnw6I8SaDAAgBfsnG2hd__G6zyixm1kqchSeAYlFkuq5OW6ua9uCYZ984bA8kILG8YSIOSCUv6fA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type
application/json

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
via
1.1 c84ddafed7088f377cf7518b7821ae6c.cloudfront.net (CloudFront)
content-encoding
gzip
x-amzn-remapped-content-length
57
x-amz-cf-pop
SFO53-P5
age
0
x-amzn-remapped-connection
close
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1709931560-9821779538 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-amzn-requestid
f4ffc203-c2b8-4316-aa38-1f1cd8ff0f4f
x-cache
Miss from cloudfront
x-amz-apigw-id
UXPA0H7eiYcEpVg=
content-length
79
etag
W/"39-LgPw152VfElAKHYfDt/MyAcU00g"
x-amzn-trace-id
Root=1-65ec5ed1-72024698439c472517eaa290;Parent=75cb737bbc2614ad;Sampled=0;lineage=dcd1e669:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
2521cc028a78/[598,597,-] 25D1cc028531/[-,600.003]
x-amzn-remapped-date
Sat, 09 Mar 2024 13:06:26 GMT
x-amz-cf-id
A-WYChvLBPo921Y0T_uq48jSY5hujp9sai4mzT3FOQ3s7xD09P12Gg==
geo-ip
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/ 		200 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=5.181.234.132
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
97288c12b80b1296fe10c5d60c188d495fd900eae4d95c41038de6e7bd002bab
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type
application/json

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 0a60df055acf18164b14661cb4d16952.cloudfront.net (CloudFront)
x-amz-cf-pop
SFO53-P5
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1709931560-9821779539 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=5.181.234.132
x-yottaa-metrics
2521cc028a7a/[518,517,-] 25D1cc028531/[-,519.117]
cf-ray
861b483f6f16eb7b-SEA
x-dw-request-base-id
ortSSNJe7GUBAAB_
x-amz-cf-id
D4AoyvFUbT72VutXMXfXTnRYvfmpLh_uI3Wu1X00yxyy_qgZrPLztg==
geo-ip
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/ 		200 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=5.181.234.132
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
97288c12b80b1296fe10c5d60c188d495fd900eae4d95c41038de6e7bd002bab
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type
application/json

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 0a60df055acf18164b14661cb4d16952.cloudfront.net (CloudFront)
x-amz-cf-pop
SFO53-P5
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1709931560-9821779541 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=5.181.234.132
x-yottaa-metrics
2521cc028a7b/[737,737,-] 25D1cc028531/[-,738.938]
cf-ray
861b483f4ac0c515-SEA
x-dw-request-base-id
ortRSNJe7GUBAAB_
x-amz-cf-id
jCB8OLtepxtbHM2IBDZsk6mwnsLFWGhyIgq_Navu42jgGgbktTGy_A==
baskets
www.elfcosmetics.co.uk/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abxbhHl0hKwHkRwKxGwGYYmbsX/ 		11 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abxbhHl0hKwHkRwKxGwGYYmbsX/baskets?siteId=elf-eu
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
accept-language
en-US,en;q=0.9
x-pwa-request
true
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmQyYzdiZmIzLWJmYmItNDg1My1hYmQ3LTQxYmVhOWM2YjRhMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk5ODk1NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFieGJoSGwwaEt3SGtSd0t4R3dHWVltYnNYOjpjaGlkOiAiLCJleHAiOjE3MDk5OTEzODUsImlhdCI6MTcwOTk4OTU4NSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTMxNzEwNjU4MDczMzIzMCJ9.Olkqt3IVQ6nnw6I8SaDAAgBfsnG2hd__G6zyixm1kqchSeAYlFkuq5OW6ua9uCYZ984bA8kILG8YSIOSCUv6fA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
x-correlation-id
861b483f5a2fc705
dnt
0
cf-cache-status
DYNAMIC
via
1.1 7ebf86def0385a427d4375fd043f4f94.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
SFO53-P5
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1709931560-9821779540 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
sfdc_load
3
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abxbhHl0hKwHkRwKxGwGYYmbsX/baskets?siteId=elf-eu
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
861b483f5a2fc705-SEA
x-amz-cf-id
Myv7BrIkFnJ3mjDCD9w-i1bpDhjLRTxWQKd4S1SI9XbbPbgb3Ib05g==
x-yottaa-metrics
2521cc028a7c/[632,630,-] 25D1cc028531/[-,633.366]
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
198 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dc103bf7ced474769abfc47941b65a14e81e18d606f2e39f17e0b7c87f7b730c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-DataRequest
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type
application/json
BRAZE-SYNC-RETRY-COUNT
0
Referer
https://www.elfcosmetics.co.uk/
X-Requested-With
XMLHttpRequest
X-Braze-ContentCardsRequest
true

Response headers

date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
MISS
x-request-id
c52cea16-762e-4064-81ee-351005c1ebff
x-served-by
cache-lga21964-LGA
x-runtime
0.063008
etag
W/"dc103bf7ced474769abfc47941b65a14"
access-control-max-age
7200
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
vary
Origin,Accept-Encoding
accept-ranges
bytes
x-cache-hits
0
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.2.49.46 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.co.uk/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 09 Mar 2024 13:06:25 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/c48a9559/www-widgetapi.vflset/ 		215 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c48a9559/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
sffe /
Resource Hash
9e407fb5bd2b9e460b37f6acc3ad65c5fb753f1ea6aecbaef61f534309e493be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:04:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
132
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68253
x-xss-protection
0
last-modified
Wed, 06 Mar 2024 05:21:30 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 09 Mar 2025 13:04:13 GMT
js
www.paypal.com/sdk/ 		416 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5aacf62b959a1c46265183c895838fa90de010bd3e16e9623d0e3951e370851f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-PMfbg6IVIBwy043lFCSKFgJbpn8MGNV2p73++uxyJD1LWGXq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-PMfbg6IVIBwy043lFCSKFgJbpn8MGNV2p73++uxyJD1LWGXq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-PMfbg6IVIBwy043lFCSKFgJbpn8MGNV2p73++uxyJD1LWGXq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-PMfbg6IVIBwy043lFCSKFgJbpn8MGNV2p73++uxyJD1LWGXq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Sat, 09 Mar 2024 13:06:25 GMT
age
10725
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, MISS, MISS
p3p
true
paypal-debug-id
f730161864d82
server-timing
"traceparent;desc="00-0000000000000000000f730161864d82-e6e0f551e2546b1a-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
116550
x-xss-protection
1; mode=block
x-served-by
cache-iad-kcgs7200119-IAD, cache-lga21950-LGA, cache-lga21950-LGA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f730161864d82-ef15c7d40922f7ae-01
x-timer
S1709989586.732554,VS0,VE19
etag
W/"1c746-YqLGPBuedYpOPzq9OWwc4PnghXo"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
184, 0, 0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-encoding
gzip
date
Sat, 09 Mar 2024 13:06:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-lga21964-LGA
otFlat.json
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
vO8A/abKpoPacUrvSk9OSw==
age
69690
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3020
x-ms-lease-status
unlocked
last-modified
Mon, 12 Dec 2022 17:31:35 GMT
server
cloudflare
etag
0x8DADC66B7AF38D0
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
716fea89-301e-0069-5c71-2200cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b483f0aab17b1-EWR
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/ 		61 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
mBGnk7IXt0USbYmXZQhmOw==
age
69690
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12540
x-ms-lease-status
unlocked
last-modified
Mon, 12 Dec 2022 17:31:37 GMT
server
cloudflare
etag
0x8DADC66B90C98A8
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
926fc64a-e01e-009e-04be-0b2a5d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b483f0aad17b1-EWR
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
XcxlleAcPGO2n5kTZrHH2Q==
age
54643
x-ms-lease-status
unlocked
last-modified
Mon, 12 Dec 2022 17:31:50 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
58a0ec20-b01e-0058-05af-0be1dc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
861b483f1aaf17b1-EWR
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		540 B
789 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
7e5d570aed6b863b2048773cf5ed9de261d1f5a3e45098c6c1e30f3d73395b72

Request headers

Referer
https://www.elfcosmetics.co.uk/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 09 Mar 2024 13:06:24 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.co.uk
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
540
local
www.paypal.com/credit-presentment/experiments/ Frame 5B2D 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.57.0&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a17793a04016eb52396740a06b0a7766063bbea2ebc597df7c634e8d2e5bf64f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
73929
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1524
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Sat, 09 Mar 2024 13:06:25 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-IeC2WtOSNZkQ8wVRBU4vPzgg0/o"
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f5396774b0093
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f5396774b0093-36013a21156ec9ac-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f5396774b0093-9639ef1c28cf10cc-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, HIT, MISS
x-cache-hits
0, 22827, 0
x-served-by
cache-iad-kcgs7200072-IAD, cache-lga21950-LGA, cache-lga21950-LGA
x-timer
S1709989586.970626,VS0,VE9
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.co.uk&t=xo&v=5.0.427&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
66be7956c0293e2e023c81979367a1763a596e64cf2b0fb3de400f95a3307f39
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-CYBdLUaxx4CNB9WhlJvLar5A0X/4N428ekRK6vDbYScDyl9J' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-CYBdLUaxx4CNB9WhlJvLar5A0X/4N428ekRK6vDbYScDyl9J' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 09 Mar 2024 13:06:25 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
66108
x-cache
HIT, HIT, MISS
paypal-debug-id
f529606a4d10f
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4795
x-xss-protection
1; mode=block
x-served-by
cache-iad-kcgs7200030-IAD, cache-lga21950-LGA, cache-lga21950-LGA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f529606a4d10f-47c15c13f753c2b5-01
x-timer
S1709989586.970921,VS0,VE11
etag
W/"3695-JLt5dKZX4ymZ6FklmQ8wSvE6EDE"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
9, 1, 0
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
533 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
69690
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 20:52:33 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
ebac0d7d-c01e-0052-6e2e-71456b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
861b48409bbb17b1-EWR
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
20493
content-length
4036
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 20:52:33 GMT
server
cloudflare
etag
0x8DC3EE883601794
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
d3e6e35b-e01e-00a1-2330-71e2fe000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
861b4840a9c3c32b-EWR
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Mar 2024 13:06:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
22938
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 20:52:33 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
512e0dfe-301e-009d-4a0c-71cb39000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
861b4840a9c4c32b-EWR
js
www.paypal.com/sdk/ Frame 5B2D 		416 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.57.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5aacf62b959a1c46265183c895838fa90de010bd3e16e9623d0e3951e370851f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-PMfbg6IVIBwy043lFCSKFgJbpn8MGNV2p73++uxyJD1LWGXq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-PMfbg6IVIBwy043lFCSKFgJbpn8MGNV2p73++uxyJD1LWGXq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.57.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-PMfbg6IVIBwy043lFCSKFgJbpn8MGNV2p73++uxyJD1LWGXq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-PMfbg6IVIBwy043lFCSKFgJbpn8MGNV2p73++uxyJD1LWGXq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Sat, 09 Mar 2024 13:06:26 GMT
age
10725
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f730161864d82
server-timing
"traceparent;desc="00-0000000000000000000f730161864d82-e6e0f551e2546b1a-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
116550
x-xss-protection
1; mode=block
x-served-by
cache-iad-kcgs7200119-IAD, cache-lga21950-LGA, cache-lga21950-LGA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f730161864d82-ef15c7d40922f7ae-01
x-timer
S1709989586.061131,VS0,VE24
etag
W/"1c746-YqLGPBuedYpOPzq9OWwc4PnghXo"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
184, 1, 0
ts
t.paypal.com/ 		42 B
553 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=95c92811-df2a-4f29-8e3f-9af8b4e63cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1709989586074&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Sat, 09 Mar 2024 13:06:26 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
5e537e76f8cd6
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-iad-kjyo7100063-IAD, cache-lga21981-LGA
pragma
no-cache
correlation-id
5e537e76f8cd6
traceparent
00-00000000000000000005e537e76f8cd6-2e5ddb76d275d9e0-01
x-timer
S1709989586.119786,VS0,VE74
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Mar 2024 13:06:26 GMT
hash
www.paypal.com/credit-presentment/experiments/ Frame 5B2D 		40 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_72dd286859_mtm6mdy6mjy&disableSetCookie=true&features=disable-set-cookie
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.57.0&integrationType=SDK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.57.0&integrationType=SDK
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Sat, 09 Mar 2024 13:06:26 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
0
edge-cache-tag
up-treatments-hash
x-cache
MISS, MISS, MISS
paypal-debug-id
f96147697c91e
server-timing
"traceparent;desc="00-0000000000000000000f96147697c91e-8be850813eea80c8-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
56
x-xss-protection
1; mode=block
x-served-by
cache-iad-kiad7000059-IAD, cache-lga21950-LGA, cache-lga21950-LGA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f96147697c91e-47206020c7cb060a-01
x-timer
S1709989586.147333,VS0,VE133
etag
W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-expose-headers
Server-Timing
cache-control
s-maxage=86400, max-age=0
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
x-amz-version-id
null
cf-cache-status
HIT
age
6637
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
5378
last-modified
Sat, 09 Mar 2024 11:15:49 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
861b4845c9374340-EWR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
59930
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 08 Mar 2024 20:27:36 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
861b4845d93c4340-EWR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-hearts-257768v2
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-hearts-257768v2?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-hearts-257768v2?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-hearts-257768v2?%24Desktop%24=&fmt=auto%203x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ddc89ba3c2a29bf8b6a376737d491efdb8f9bcebc7c635639cda62390f45a06

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
75513
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 08 Mar 2024 16:07:53 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
861b4845d93b4340-EWR
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nya/79B8) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
1333bff2f03fc
dc
ccg11-origin-www-1.paypal.com
content-length
16355
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (nya/79B8)
traceparent
00-00000000000000000001333bff2f03fc-be3510410c6531de-01
etag
"64f25363-daa8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sat, 09 Mar 2024 14:06:26 GMT
logger
www.paypal.com/xoplatform/logger/api/ Frame 5B2D 		0
0
gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10719/static/img/flag-icons/ 		717 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.co.uk/mobify/bundle/10719/static/img/flag-icons/gb.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
x-amz-version-id
vKJZZM5udni7SWIA4k6WKVuk7GJ6HNh8
via
1.1 00980881c14af16ba44a5b402a52c1fc.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
SFO53-P5
age
850248
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/25D1cc028531-1709931560-9821666409 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679716
content-length
431
x-amz-meta-bundle
10719
x-yottaa-forcecache
true
last-modified
Thu, 22 Feb 2024 19:39:42 GMT
etag
"09d729feb9edb852ea0daca331a9b058"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
2521cc028a86/[7,5,-] 25D1cc028531/[hit]
x-amz-cf-id
Fsljjggvs0j0M9c92ss4EeN9nKuS2sXfQZkkKkemLKVm4AEOfDaROg==
baskets
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d09d4d2798c413f1f1721dce236187c6f5e2abaf799e2445897ee57ad70933d6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language
en-US,en;q=0.9
x-pwa-request
true
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmQyYzdiZmIzLWJmYmItNDg1My1hYmQ3LTQxYmVhOWM2YjRhMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk5ODk1NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFieGJoSGwwaEt3SGtSd0t4R3dHWVltYnNYOjpjaGlkOiAiLCJleHAiOjE3MDk5OTEzODUsImlhdCI6MTcwOTk4OTU4NSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTMxNzEwNjU4MDczMzIzMCJ9.Olkqt3IVQ6nnw6I8SaDAAgBfsnG2hd__G6zyixm1kqchSeAYlFkuq5OW6ua9uCYZ984bA8kILG8YSIOSCUv6fA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type
application/json

Response headers

date
Sat, 09 Mar 2024 13:06:27 GMT
via
1.1 0a60df055acf18164b14661cb4d16952.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
SFO53-P5
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1709931560-9821779543 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=G7nMltmXi1.2y34wwHIXhKGyS1J11ZhwIGJ9QfTadaU-1709989587-1.0.1.1-0xaONvfOlvrQiPCm46NKAGpwHrFc1Mr07ZNlwTuJwmKKZKhc3auIhPzXJ6aZi5_4l7LZ74ZH7kwQnShYVieIwKDFMzw1ODNhE6pXxYWiaeheI2owyLI_tg.rXN4fPx_GBoGGFBiCSMc9DL3iCmyBfCxhfQ1VmydlZekt1SvPo.JyUi5QTx7SdJRzWQSvHdWf; report-to cf-csp-endpoint
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
content-length
1010
pragma
no-cache
etag
a7d84afd47a28b6661914c15999ecd9aaf2cacdc8a98fd857f1df454ed9c73be
allow
OPTIONS,POST
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=G7nMltmXi1.2y34wwHIXhKGyS1J11ZhwIGJ9QfTadaU-1709989587-1.0.1.1-0xaONvfOlvrQiPCm46NKAGpwHrFc1Mr07ZNlwTuJwmKKZKhc3auIhPzXJ6aZi5_4l7LZ74ZH7kwQnShYVieIwKDFMzw1ODNhE6pXxYWiaeheI2owyLI_tg.rXN4fPx_GBoGGFBiCSMc9DL3iCmyBfCxhfQ1VmydlZekt1SvPo.JyUi5QTx7SdJRzWQSvHdWf"}],"group":"cf-csp-endpoint","max_age":86400}
content-type
application/json;charset=UTF-8
x-dw-resource-state
a7d84afd47a28b6661914c15999ecd9aaf2cacdc8a98fd857f1df454ed9c73be
access-control-allow-origin
https://www.elfcosmetics.co.uk
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics
2521cc028a7d/[478,476,-] 25D1cc028531/[-,479.142]
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
861b4844eb4a306f-SEA
x-dw-request-base-id
_8FhKtNe7GUBAAB_
x-amz-cf-id
nHT-K_0dENPMrFH89bPPzYgkCUhJhQH2PDpFUUf4xtimZ5MTO3GsJQ==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
log_event
www.youtube.com/youtubei/v1/ Frame FB1A 		28 B
163 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
X-Goog-Request-Time
1709989586585
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
X-YouTube-Client-Version
1.20240305.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
Cgs1M3h2OGlsLW56USjOvbGvBjIKCgJVUxIEGgAgOQ%3D%3D
X-YouTube-Ad-Signals
dt=1709989584253&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
log_event
www.youtube.com/youtubei/v1/ Frame 6D44 		28 B
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/c48a9559/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f14.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
X-Goog-Request-Time
1709989586682
Content-Type
application/json
X-YouTube-Utc-Offset
-600
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
X-YouTube-Client-Version
1.20240305.00.00
X-YouTube-Time-Zone
Pacific/Honolulu
X-Goog-Visitor-Id
CgtTNTBIMDVKaWFQdyjOvbGvBjIKCgJVUxIEGgAgTA%3D%3D
X-YouTube-Ad-Signals
dt=1709989584268&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0
collector
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 		600 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
2b4b04ab5e0b45dd8337595c19249241fe5a074f0ed0bae6e0b53019738c63e2

Request headers

Referer
https://www.elfcosmetics.co.uk/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.co.uk
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
index.html
www.paypalobjects.com/muse/analytics/ Frame FAAB 		55 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nya/7959) /
Resource Hash
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16892
content-type
text/html
date
Sat, 09 Mar 2024 13:06:26 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc"
expires
Sat, 09 Mar 2024 14:06:26 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
9642d6fdde888
server
ECAcc (nya/7959)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-00000000000000000009642d6fdde888-8c77c02288527907-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
noop.js
www.paypalobjects.com/muse/ Frame FAAB 		18 B
209 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/noop.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (daa/7D46) /
Resource Hash
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.paypalobjects.com/muse/analytics/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:26 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
paypal-debug-id
60a137e6e2144
dc
ccg11-origin-www-1.paypal.com
content-length
18
last-modified
Sat, 13 Feb 2021 00:26:56 GMT
server
ECAcc (daa/7D46)
traceparent
00-000000000000000000060a137e6e2144-bad87d3e0c3cdd0f-01
etag
"60271cd0-12"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Sat, 09 Mar 2024 13:06:25 GMT
ts
t.paypal.com/ 		42 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=95c92811-df2a-4f29-8e3f-9af8b4e63cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1709989586868&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Sat, 09 Mar 2024 13:06:26 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
81a07414a05e3
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-iad-kcgs7200108-IAD, cache-lga21981-LGA
pragma
no-cache
correlation-id
81a07414a05e3
traceparent
00-000000000000000000081a07414a05e3-5df36e959ada17e6-01
x-timer
S1709989587.870338,VS0,VE89
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Mar 2024 13:06:26 GMT
graphql
www.paypal.com/targeting/ Frame FAAB 		435 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
07218446d804c23b2141a7185facdfa6d08f7d1f22685cf157099a7328f7fd01
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-+tYqeUNRERex/eFdrfDUWGFwa1CWHc9kmoKnx9KPXhrE2gbs' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypalobjects.com/
disable-set-cookie
true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-+tYqeUNRERex/eFdrfDUWGFwa1CWHc9kmoKnx9KPXhrE2gbs' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Sat, 09 Mar 2024 13:06:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f660564700c49
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-iad-kiad7000046-IAD, cache-lga21950-LGA, cache-lga21950-LGA
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f660564700c49-9762e195054b0802-01
x-timer
S1709989587.094198,VS0,VE232
etag
W/"1b3-PHhvO+20u2c2+uzOnghc3tLOlps"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
0, 0, 0
graphql
www.paypal.com/targeting/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/targeting/graphql?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,disable-set-cookie
Access-Control-Request-Method
POST
Origin
https://www.paypalobjects.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type,disable-set-cookie
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.paypalobjects.com
access-control-expose-headers
Paypal-Debug-Id
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Sat, 09 Mar 2024 13:06:27 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f6605646f77a9
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f6605646f77a9-c05a2e400125a2c5-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-iad-kiad7000158-IAD, cache-lga21979-LGA, cache-lga21979-LGA
x-timer
S1709989587.968680,VS0,VE120
gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10719/static/img/flag-icons/ 		717 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.co.uk/mobify/bundle/10719/static/img/flag-icons/gb.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:27 GMT
x-amz-version-id
vKJZZM5udni7SWIA4k6WKVuk7GJ6HNh8
via
1.1 00980881c14af16ba44a5b402a52c1fc.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
SFO53-P5
age
850249
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/25D1cc028531-1709931560-9821666409 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679716
content-length
431
x-amz-meta-bundle
10719
x-yottaa-forcecache
true
last-modified
Thu, 22 Feb 2024 19:39:42 GMT
etag
"09d729feb9edb852ea0daca331a9b058"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
2521cc028a86/[7,5,-] 25D1cc028531/[hit]
x-amz-cf-id
Fsljjggvs0j0M9c92ss4EeN9nKuS2sXfQZkkKkemLKVm4AEOfDaROg==
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-22.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 12:40:48 GMT
content-encoding
gzip
via
1.1 7225c7fb64d09bab64bc17e314ef26a2.cloudfront.net (CloudFront)
last-modified
Wed, 10 Jan 2024 11:26:22 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
1540
x-amz-server-side-encryption
AES256
etag
W/"d34fe38d39e71cd6ace9ab1bfc0bb10a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
LN8IakyczYvKjn3kMKS4x0hVAhNZ_dx0WpoOJJkc5POYPNmtE4wdJg==
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-22.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 12:42:13 GMT
content-encoding
gzip
via
1.1 7225c7fb64d09bab64bc17e314ef26a2.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
1455
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
Uvz19KUtn0AkPwarYDrl9P5l7wpgXqteTAHz4ovGNJbnAaAuLUDiLw==
gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10719/static/img/flag-icons/ 		717 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.co.uk/mobify/bundle/10719/static/img/flag-icons/gb.svg
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10719/vendor.js?yocs=o_q_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Sat, 09 Mar 2024 13:06:28 GMT
x-amz-version-id
vKJZZM5udni7SWIA4k6WKVuk7GJ6HNh8
via
1.1 00980881c14af16ba44a5b402a52c1fc.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
SFO53-P5
age
850250
x-amz-server-side-encryption
AES256
x-yottaa-optimizations
ob/1001 si/25D1cc028531-1709931560-9821666409 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache
Hit from cloudfront
x-amz-meta-deploy
679716
content-length
431
x-amz-meta-bundle
10719
x-yottaa-forcecache
true
last-modified
Thu, 22 Feb 2024 19:39:42 GMT
etag
"09d729feb9edb852ea0daca331a9b058"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31104000
x-yottaa-os
200
x-yottaa-metrics
2521cc028a86/[7,5,-] 25D1cc028531/[hit]
x-amz-cf-id
Fsljjggvs0j0M9c92ss4EeN9nKuS2sXfQZkkKkemLKVm4AEOfDaROg==
nhbsjmyfcv7beivp.js
imgs.signifyd.com/ 		98 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/nhbsjmyfcv7beivp.js?o5uoxcvoj8nu1fdm=w2txo5aa&yw84vf90qtdek6kn=LzdmZGNhYzg5ZTEyNWI2M2NhZTZlMjUyZjcw
Requested by
Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
cd1219b40c0e8db08a210dbc96fdc4fc1ca0b1a954abae70e7a69a281d0cf92f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
yBqJ9trkuIuL5P4l
imgs.signifyd.com/ Frame 465E 		275 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/nhbsjmyfcv7beivp.js?o5uoxcvoj8nu1fdm=w2txo5aa&yw84vf90qtdek6kn=LzdmZGNhYzg5ZTEyNWI2M2NhZTZlMjUyZjcw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
4452a6247d8cf0b2c4793bfc3bff8e2fb6aecfdda4e096f4331bdcaf24763627
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
eedddf329b493724
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
0cWw2tPXSwMCdxhV
imgs.signifyd.com/ Frame 465E 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/0cWw2tPXSwMCdxhV?f0a7c2e8b3174322=qlrD5FIjwjI72Gbqlo9c44pcG7100g1FbpLD3WGvkt4YVBVDdccZmr7QMLPlEHFUT6cWvx6jrGtzzRWtqLAmQSTEBKkqD6wwtZM9iULZJLnWei2rUAWKReQvX7l-XYzNgRPcenxeCaAbOidmpjc2TbwzG4akqbFyk5oluSw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
i2j0moDPKi9F4rjv
imgs.signifyd.com/ Frame 465E 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/i2j0moDPKi9F4rjv?d9f3f177fc64b6bc=AVtBuoyBCUG4dlIDtn5tyRLylgEyGJTVScTMxY1EEB8O7M0PCkbmC3sH8UfJHUfVHe0jQ5yJi85J1fcyRT25p9hmDo9ptNRo5hTh4KTAA-iO3SzGWTQYhosYyaFUBDd0CTVkV3pQ__zBQu5smEwhY8NvGYAVytn6auPjdPE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
clear.png
imgs.signifyd.com/fp/ Frame 465E 		81 B
538 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*, w2txo5aa/eedddf329b493724lzdmzgnhyzg5zteynwi2m2nhztzlmjuyzjcw
Referer
https://www.elfcosmetics.co.uk/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Sat, 09 Mar 2024 13:06:28 GMT
Server
Apache
Etag
c061ae40d4f2458aafb7b1134f27483f
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.co.uk
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Thu, 08 Mar 2029 13:06:28 GMT
YGj0hc11y0QpiGQ4
imgs.signifyd.com/ Frame E72D 		91 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/YGj0hc11y0QpiGQ4?a0ba6c5d6c2fded0=oIqa_kcV2P015ENd1dLknecpq4xR_IrZf7mi5X4-hDRYDcictQJBozSQecH0rOoESTDiy0x7JDQLcug1xI2_2IjxhNyeYt-vUIML-chLTRKr7OcSCj7u052KECePyxo7SDDewwIyrEMOJ4yvMtdKwCLyfCJ5GA8hGRPbU1F0ez6bUjvKM6roChC69jOb2VxupnCUA0OsUeIhhNpHsHI
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
6a6587b346cc542242c1669dfed8c7936818f06dad4a338321f615f446532c57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 09 Mar 2024 13:06:28 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
ED8v0rFyCqFUpRrJ
imgs.signifyd.com/ Frame 465E 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ED8v0rFyCqFUpRrJ?e96b8de593abda7d=GgRzszcFlEr_Go7xsgFBsOfhZVw0CwQRl8Jqng-cKBqLFgwtRcIevbLTHphUuHrASfwjtFiews-_5q_wqcrC_ELF1ZFx9hhz0bJxQKHnP3cudf-t77FpsBewXjQQueH3fG-PJxcG_OouV8gW7kqi3cnfiek&jb=3b3c26647963373a6c3937396f65393d3c646a366c373d313f6569693d6b66693b3c67666e3236
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
yedj79cwrOkuEMcy
h.online-metrix.net/ Frame 08D1 		104 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/yedj79cwrOkuEMcy?dd54b919f87211c1=sEQZJgGeWOTAzMMRKPx16rSBWpH2Y-cl0fPRuXnYN9_gTSATuCUu9kpopDh9iqT0Y-IsoM_cVNL5AjpwZkgK2vSqo1PN8ged3qHAdqS4DSZLS0Dv5Ur7miSGRbXM9r_CvO9h4cv1A96MgR3RmNW2CSZWUaLbrg59i6-lkLqXFFKFRHDBSX29ZwLKbCyut_PZlYBDkE_p-4Zjdh1IjvLT
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
3b442074013f86473455e34cee6bb1fe65050c8969b2ed1f0e77bc73b0f51f2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 09 Mar 2024 13:06:28 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
CbCyGTAl7bnrL5ul
imgs.signifyd.com/ Frame 2DB1 		91 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/CbCyGTAl7bnrL5ul?d0e6f115b7a1d847=gdIu2EqpHbv5feGkGen506cx7V7o2ddZMhxO2-z9IMxgi3W0sX4l_ofVQDn9W06kJimYlBMLlZmYBg9DZy9j3lg4SgBCe2_ydUQIqNeLFFjKxhAAGNQ_jFy2lKw2RILSzhSggEkw7yb6Kx8OIMnYfZw4qi6-WIyCYvEs4139gYDWQWy4abv5xuKDQItXx67hurfRFtg-2RXHxk_B3Upc
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
f0601b3db935d1ff1020f5cc2d25147843781f0bbca94685e9f159cce33ad9f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 09 Mar 2024 13:06:28 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=98
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
ED8v0rFyCqFUpRrJ
imgs.signifyd.com/ Frame 465E 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ED8v0rFyCqFUpRrJ?e96b8de593abda7d=GgRzszcFlEr_Go7xsgFBsOfhZVw0CwQRl8Jqng-cKBqLFgwtRcIevbLTHphUuHrASfwjtFiews-_5q_wqcrC_ELF1ZFx9hhz0bJxQKHnP3cudf-t77FpsBewXjQQueH3fG-PJxcG_OouV8gW7kqi3cnfiek&ja=393335302c246935253c32302c7a3d382c6435333e323a703b323a382e6b66353b3c3232703b32383a247970713732783a266478783f392e39343a38263138383826313e3a3a2e333a3a30243b343a38243b30303a2c313e3a3224333a323a243a2c3a2e657e3d69323230636a69646b3d356e6c6e6e64396f61383c3b333c35383468316b376b2e65643d3c2c7961663538342e666a37607c7e72732f33412d38442d304e757d7f2465666e6b6573656f7e6b617b2463672477612d3a4c676c6c2d6367796f6d766161276b78696761666b6c7b2c7a6e3f3b2c70603735326e3a3263613c62636e686739333b603d3b32376b6d386e336a6e6830663c2c686037336f6b6b6b3a643f30313f6f316d313a64686e3c343f6e3d3a363c3a3367326d2c6a7b653f5d61666e6d77792532383b332e687b60374b627265656d2f32383b38302462796f7d375563666c6575732c6a736a7f3f4b6a7a6d676d2c6e626b353b362e646e6f3f302c6e657e7237382e7e78643750616b636461612d304c40656e65647d66752e676b766a7a3734383a316e396b3860656930326d3c616b373e323a3038616e393d3f34383b6c66363d3238393e336e3e6d6b63323e6463313e636e606c35383b3b333b313e6b266c78376a767c7a732d39432f3a4e2f30467d7777266f6e6e616771676d7e69697b26696f267f6127304e6f6c6e2761657b656f7669692d637a636f616c696e792e7a3d7a647d6d6966556c6e637b62253d4f646b647b6f237066756761645d7f6b6666657f795f676d6c6361577a66637b6d78253d4f646b647b6f237066756761645d696667606f576b6378676a6b742d3f4f6463647965297a6e7f6f61645d717f6963637e6b65672d374f6e6b6c796d297a6c7d6d636c5d7b626f6b61756b7e6d2f37456c616c7b6f23786e7d65636655726f69647a6c69736f70273d4f666966716f2978667767636e5f7e666157726463736d78253f4d6e6b6c7b6f2b726e7d6d696655666f7e696674722f35456e6b6e7b672972667d6d6964577b7c67577c6367756d78253d4f646b647b6f237066756761645d62637e632f3d4f666b647b6f266f6655613f7f6f626f66556f6a4f4627323a312e382f30382a47726f664d4c2f3a384f532d383a302c382f3238496a78676563776d2357656a4d4e2d303845465b462538384d59253a3a3b2c322d38302045726f664f4627323a45532d38324f4e5b4e2f3a3a45592d3a3a31263a2f30324b627267676b7f65215d67624169745f6f60436b7c2738385d65684f444b4e4f464f5d6b6679746964616f6c576b70726b79732d39402d303847525c5562666d666e5f6563646f63702f334a2f303a4d505e5d6366697057696d66767a6d662d39422f3a384f585c55696d6e67785f6a7f646c6d7a556a6166665f6e666d69762d31482d38304f505c55646d7a7e6a5d6b6661657a27394a2d38324552545f6e666d69765760666d64642f3b4a2f32384f52565d6e78616f55666f787c622733482532384f5a5c5d786d66716d6f6457676c667b6f7e5d61646b6d782f31482d3a3a47585e5f73606b666d7057766f707e75786d57666f6c2f3940273a3a45505e5d7e6d707e77726f5f636767727a677b716367645f68787c69253b482f30324d5254577e67727c7d78675f696f6d7878677b71616d645778677e6b2d39422d383a475a5c55746d72767f7a6d5564696674657a5563666b7b6d7e7a6570636b2d39422d383a475a5c55735a4d402f3b4a2f3030454553576f6e6d6f6d6c7e57636e6e6d70557561647e27314a2f3238454759576e686d5f78656e6c6f70576f617267697a25394a2d3830474f595d717c6b6e6c6b706e576c6f70697c6174617c677b273b402f3a3a4f4f5b577e65707e7f7067576c6c676b762f3b4a2f3030454553577e6770767d706f576c6c65697c556c61646f63702d39422d3832454d5b5576657274757a6f5d60636464556e666f6b7c2d39422d383a4d475b55746d72767f7a6d556a6166665f6e666d6976576e63666f61782d3b48253a3a454751577c657a7e67725769787061735f6f6a60676b762d31482d38305d4d4a4d4c5769656e6d7a55627d6c646f7a576c6e6f6b74253b48273a325f47484f465f6967657a726d79796766577e65707e77786d576b71746925334a2f3038554d404d44556365657878657b796f665d7c6f787c7f706f576d7e61253942253a3a554d404f4e556b656d7a7a6d79736d6e557667707e757a6f5d6f7c6b3b2733482532385d474a45445d69676770786d7b79656c557e677a7c7f726d5571397c6b2f31422f32305f4f404f4e576165657a726f7b7b6f64577e6f7a767d78655779317e6b577970676825334a2f3038554d404d4455646f6a7d6d5f7a6f6466677a6f7257636c6c672d3940253830574d4845445d6c677a7c625f7e6d707e757a6f2f31402d38305f4f404d44576e70617d5f627d6c646d707b27394a2f323a5f4d48474455666d716d55636764766f707c2f31422f32305f4f404f4e576f7f647e69556c7a6b772d39482730385d454a4d4e557867667b67656e5f6565666d333e246d645568376d6a6f643f3c3936303938316e6e35696a693a61396b36616c3a363e303e37683a6b396b6a3c32362e7d6d6e7435436e7c6f6e2f3a38436c632426776f6670354b66766f642f323a417a63732d383a4d726d6447442f303a4d666d6b6e6f26636b6e3f3a&jb=393f352e6673374567706b6c6661253a4c3726322d303a205d69646c677d732d383a4c562d3830393a2c3a2d3b4827323a5769663c362d314a27383872363e212d3830497a7a6e675f6f624363762f3a4e3f31372433362d38322049405647442f32492d3a3a6c61616f2730384d656b616d232d3a3a4168786f6d6d2f304e333a3024382436383e392431393b2f30325b6b6669786b2f3a4e3f3137243336
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
Content-Type
text/javascript;charset=UTF-8
W0lq20EfoSIVz1kY
w2txo5aatutr2nedhitimuu2jervk445tfp3ngegeedddf329b493724sac.d.aa.online-metrix.net/ Frame 465E 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aatutr2nedhitimuu2jervk445tfp3ngegeedddf329b493724sac.d.aa.online-metrix.net/W0lq20EfoSIVz1kY?499f0b3d0f059464=AlzceNkumgGcgUog5-TYmvtI0TAbB5mqp8MNV4kPoQ3hVd_sufJ5sGTRo7X-621F60SHiweFowFQn-tJXgl5suj5eCVjvNb8EPnEWg0_n2FbzbByjYFcY5y39wLEJrmWrc2Uz8BzeI1vv9rR1Mao-QDfnmfAkStomELg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Mar 2024 13:06:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
hrPV7NRo9fiTAFT8
imgs.signifyd.com/ Frame E72D 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/hrPV7NRo9fiTAFT8?19db11cb8b624cf5=3e5AqVBNhKd7s3O6U7QJgEpTfNFVQkblKud6Z87ZmkEfggbY3_kV_tp-45krhwuKbN9CzKo1l0ONIOrdvRDWpprkwrdlx_2JI2euDE2gLUy9d854TRGvnm5bXe_Z9cGOYanBxyPmr9xeQgtA_7CLCGChO98&jf=3b3c26647960376c6e6836353c34303038673c366b323f693b39333a386b36383b3e643a383c32
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/YGj0hc11y0QpiGQ4?a0ba6c5d6c2fded0=oIqa_kcV2P015ENd1dLknecpq4xR_IrZf7mi5X4-hDRYDcictQJBozSQecH0rOoESTDiy0x7JDQLcug1xI2_2IjxhNyeYt-vUIML-chLTRKr7OcSCj7u052KECePyxo7SDDewwIyrEMOJ4yvMtdKwCLyfCJ5GA8hGRPbU1F0ez6bUjvKM6roChC69jOb2VxupnCUA0OsUeIhhNpHsHI
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://imgs.signifyd.com/YGj0hc11y0QpiGQ4?a0ba6c5d6c2fded0=oIqa_kcV2P015ENd1dLknecpq4xR_IrZf7mi5X4-hDRYDcictQJBozSQecH0rOoESTDiy0x7JDQLcug1xI2_2IjxhNyeYt-vUIML-chLTRKr7OcSCj7u052KECePyxo7SDDewwIyrEMOJ4yvMtdKwCLyfCJ5GA8hGRPbU1F0ez6bUjvKM6roChC69jOb2VxupnCUA0OsUeIhhNpHsHI
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mYIk2loHd0RJ8Uce
imgs.signifyd.com/ Frame 465E 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/mYIk2loHd0RJ8Uce?1239a84d97594ee7=XRj1Pcv0mSQjsFWMBaseSlzQ-uh-XBq4Ba_y7BjYiqLSMEsRyggv0v1D0-diuuR-5iPwzfxaLb1fdJx8h5o66U35nWFA6tEqF5T4KH8JMLk_tQwMscYS-OsFcnaYV3w4qxlRI4dExTPh2_HxD98cTQvhLNP5wKlkjCCRsTMmEtNXyjyULtTxOdlaBqx0BoDIx3soK6amEqYXNkXhrl0&jf=3c3b382e796b6e577a64663d7e6472577f745f673978454d6e74654f787c65492c796b66576e617c6f3f3b3f38333b38333538302c716166577673786f3d7d6d6a30656b6e7963247b636457616773353b3a37393930313b3a3438353a63323e3e38696d3b6e303a3a3b32343832326932343e306b6f31643a3330393a3538313c303a383a34693a3d3e336d336863313c323469693b6c313a6c35356830633e6c613a3431336c386c393a303d6b613d3d3d63606a3f633139633f3f3d6c3463386538693e326c306a303a3c32313b3f6938326e323c303a3f6b62316963383f396f67633e38316d3f6169333f64386b39636f6e316e66313d6f3a61693c63306961326b6e3d247363645f7b6365353138363c3838323b38386c32696e3e613b6d3a366a6c3b3f3d3f6c64333e61666e693a3d3639663c306e38323d6e6e613c3f3835606a3d62313933393e696f3a343f36663b3a326d323b32383a3b303a6b303d363c333b3b3b3068323e3a3369696a3c67333a66656d39346a643e316e6968306b383c69336b396b3135386c666d3364693c3b693b313237356d3d6138247b6b6c7a3730
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=98
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
3mbaNisGmKxNXPzi
h.online-metrix.net/ Frame 08D1 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://h.online-metrix.net/3mbaNisGmKxNXPzi?5665f4dcf159655e=HkowPBGNjdNeRxqTlAxoL_5E1F865SgxBV6zKk-eeJD3gHRqbp-Gjwl9AR959lQ6iC7e07cEaJzrj7U9nAxl15flcEjQBaf8wWYEcMfQkh-2gynnByF_y4utHGbYoO6F06KAwRgmcuzaqO-d6JDFeSBGv2L-4RHrI6siRatdidV4LZ-iSoujIfhO8_hjcW9XG6EF0ZLLjCo1N6hLM-E&jf=3c3b362e796b6e577a64663d7e6472576f7579666e604d6a7d55797e3f7c54612c796b66576e617c6f3f3b3f38333b38333538302c716166577673786f3d7d6d6a30656b6e7963247b636457616773353b3a37393930313b3a3438353a63323e3e38696d3b6e303a3a3b32343832326932343e306b6f31643a3330393a3538313c303a383a343e6a393b63303c3264306d68343c39603e69313a37353233666a3d3330366d313d3c3962683f3d3d6330686e63363c6964303867333e6d3837343931363d69643f373f32336a6e376b3f6b6b346a696c30333d68393e3e3a3a386e3c3b643c37313839306a3b6c343a3d3b373d393f6f333a3e6f66343c3c333a3b3b3e6b6933247363645f7b6365353138363f3838323b38386b303b68333b303132303d3d36383e6b6e30363b3434386963693569636e6a6e363e316d38666a3c3267663f68393b6f63393f693864373e39653b6c616e303932383a3a363d6a6c3c653c693f3a3130686339383232303d3f61333c63353c68646d376c303b3b6e636c6a3c6e353f383332306d39386968323b396d6e35353330663039247b6b6e703739
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://h.online-metrix.net/yedj79cwrOkuEMcy?dd54b919f87211c1=sEQZJgGeWOTAzMMRKPx16rSBWpH2Y-cl0fPRuXnYN9_gTSATuCUu9kpopDh9iqT0Y-IsoM_cVNL5AjpwZkgK2vSqo1PN8ged3qHAdqS4DSZLS0Dv5Ur7miSGRbXM9r_CvO9h4cv1A96MgR3RmNW2CSZWUaLbrg59i6-lkLqXFFKFRHDBSX29ZwLKbCyut_PZlYBDkE_p-4Zjdh1IjvLT
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Mar 2024 13:06:28 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ED8v0rFyCqFUpRrJ
imgs.signifyd.com/ Frame 465E 		0
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ED8v0rFyCqFUpRrJ?e96b8de593abda7d=GgRzszcFlEr_Go7xsgFBsOfhZVw0CwQRl8Jqng-cKBqLFgwtRcIevbLTHphUuHrASfwjtFiews-_5q_wqcrC_ELF1ZFx9hhz0bJxQKHnP3cudf-t77FpsBewXjQQueH3fG-PJxcG_OouV8gW7kqi3cnfiek&jac=1&je=3d39302e2c756f61353f2c3132312e3a393626333b302c78673d64672e68617c797e3f273f48253a386e6f7e6d662732382533493b2c38322d30492d3832797c697e757b2f3830273b4b253a386162697a6d6b6e6d25323a2f354c2469776e6037636b3f6a33653e6f3c3a336b69616b3c6438693f6933393839333e39363e603d6139393d393c6a3c6e386c6e3e3a34383a33306c673e6e383964636e38343d33246d7a3b3f693939633e6d383f396d323b66323f3d663b6c6668386c323a376b39383c3e6330606d61396b39622c7d69623d2d3d4827303a6b726b626b7e6d6b7e77726f25323a2f3149273a302f3a3825384b2d38326a637e6c677b79253a382739492d3830253832253a49273a306a706b666e732f3a3a2f33492f3f40273d4e253a4927383a6e7f6e6c5c65727b636d664e61717e2d38322f3b492f354a2f3f46273a49253a386f656a616667253832253b4b64696e7b672f3a4925383a6565646d662f30302d39412d38302f3a3a2f30432f32327866637c646770672d38322f3b492f323a2f3830273a49253a387266697c6c6d726756657a796b676c2d30382d39412f3a3a2f323a2f3841273a3877677d343e2d3a3827334b66616479672d354c247f69663d2f3f4a2f323a6878636c6c79253a382739492d3f40253f44253a49273a30656d686166652f3a3a2f33496c6b6e716d2f324b2f303878646b766665726d2d38302d314927383a2f32382d3f4e
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/yBqJ9trkuIuL5P4l?a2ef07a077ee58e1=Gr8fTm7EMZyOYYA6YG4rIl1a5ZPhOuDvE9e38Ujc3pdaUEQi_FmKrpl5El2AJBtC_DPLCIKz3xQi8CBl1j25gj8456W4hmapqEnj9cemqYcFGe9jpejf4brtcAKXfsJCMlGnY5TrW3p8mZXJl6T9HGYTK59111MZgm6VeOvjh_O2t4CkrwTo-FyIWgO1quVl8G130gnxqAHlflo8&jb=3d33262e6071657d355d6b6e6e6f777b2c687b6d355563666e6f7d7b2d3830393b2c68716a7f3d4b627065656d2c6873683d4360786d65672d303a393832
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.elfcosmetics.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Mar 2024 13:06:29 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/
Domain
www.paypal.com
URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host string| _pxAppId function| $ function| jQuery object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive boolean| __HYDRATING__ object| gaViewedIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otSPAPathChange boolean| otIsInitialized function| OptanonWrapper object| DYcustom object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| __tcfapi object| otStubData object| otTCF object| otIabModule object| Optanon object| OneTrust object| PXXT4Gy2ig object| PX undefined| _XT4Gy2ighandler object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs boolean| otLastAcceptAllValue object| paypalDDL string| PaypalOffersObject function| ppq object| __post_robot_10_0_44__ object| PAYPAL function| a0_0x1b34 function| a0_0xfeda object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| threatmetrix function| tmx_post_session_params_fixed boolean| tmx_profiling_started function| tmx_run_page_fingerprinting

15 Cookies

Domain/Path Name / Value
www.elfcosmetics.co.uk/ Name: _pxhd
Value: pUKCW8uzqjB8lYgw/j0KpFnLfX-7hBXJAQJuOa3CTcBotrdy5h8UTsp/Gk2MprvgTssntxNZfTUoL4NYVinPCA==:qqyOHa9UeAewtl1TN91k6o5igOxEYkEkpeUzMFJE2ztpT1P2KQrTc-53JsSofhipwgQueZPxAvKIq9W3wFWvJJLyq/F-Z7OzAtX8KT7IcIs=
.youtube.com/ Name: YSC
Value: IiG-tTUnaHY
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: S50H05JiaPw
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJVUxIEGgAgTA%3D%3D
www.elfcosmetics.co.uk/ Name: initAuthComplete
Value: true
.elfcosmetics.co.uk/ Name: ab.storage.sessionId.ee22cddf-904f-484e-a004-0181ff9a3268
Value: %7B%22g%22%3A%2294ddb68d-4453-3c83-20ec-dde03dfbf2b2%22%2C%22e%22%3A1709991383909%2C%22c%22%3A1709989583909%2C%22l%22%3A1709989583909%7D
.elfcosmetics.co.uk/ Name: ab.storage.deviceId.ee22cddf-904f-484e-a004-0181ff9a3268
Value: %7B%22g%22%3A%221654f416-30e3-e436-6aba-4098d511931e%22%2C%22c%22%3A1709989583911%2C%22l%22%3A1709989583911%7D
www.elfcosmetics.co.uk/ Name: scapi
Value: prd:d2c7bfb3-bfbb-4853-abd7-41bea9c6b4a0:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI1NWRlMjIyNS1lMmNiLTRmZTctYjZhYS0zNGE1OGFkOTlkZTQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmQyYzdiZmIzLWJmYmItNDg1My1hYmQ3LTQxYmVhOWM2YjRhMCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MDk5ODk1NTUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFieGJoSGwwaEt3SGtSd0t4R3dHWVltYnNYOjpjaGlkOiAiLCJleHAiOjE3MDk5OTEzODUsImlhdCI6MTcwOTk4OTU4NSwianRpIjoiQzJDMTk1MTY2MTE4NjAtNDI0NjM3OTAzMTMxNzEwNjU4MDczMzIzMCJ9.Olkqt3IVQ6nnw6I8SaDAAgBfsnG2hd__G6zyixm1kqchSeAYlFkuq5OW6ua9uCYZ984bA8kILG8YSIOSCUv6fA
.elfcosmetics.co.uk/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Sat+Mar+09+2024+03%3A06%3A26+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202211.2.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0%2CSTACK42%3A0
.elfcosmetics.co.uk/ Name: pxcts
Value: d5d8a34b-de15-11ee-9879-e71f3f909908
.elfcosmetics.co.uk/ Name: _pxvid
Value: d294c515-de15-11ee-a676-adf23c6600b1
www.elfcosmetics.co.uk/ Name: dwanonymous_d0d57f92086b8d4216742497990aeda2
Value: abxbhHl0hKwHkRwKxGwGYYmbsX
www.elfcosmetics.co.uk/ Name: dwsid
Value: -FP19mj4DQGudHtzzM8WilD6tdoUt7ZtcMNxpMSfCJnxyMGLl7mDWde1Kv-CQaY2NM8y3IbtqWtUwWCoNRbrCw==
.elfcosmetics.co.uk/ Name: _px3
Value: c27f477b9355f39e4f01df5122c476308a05717956ec9e1a05fc1df41d8c0166:vXxwNqV0XrbcjT0z4PxNrx5mnPaN2CfukxtzG6HiGR8pHURP2GMWqLpUIKul6q12YcdHXix8ImGY+4gJb5nk5A==:1000:hhREIK4Mp4fTtH0Q6uHOLxt4F3NAFdI279Wev3/vfX+c40f2KapOISu+bXtcz2pO942YLG7+2IfjqiRUgrdZKAS0eEXQj1i/7UNwcwJGrwfFbyTNqMOCMCGFOnJIOCkZuqFInphgjDNySbccrk5sWQvGihw3+c5GT2NybctlowP9Owshz1z9iRQv5X3sIfutODn3vVkaV8hyRaEeD4MynxkIfA0qXBnEp+4xOnWaR7I=
imgs.signifyd.com/ Name: thx_guid
Value: 55ffbfc2c6a23203150f3397b93badba

70 Console Messages

Source Level URL
Text
security error URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals(Line 359)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/elf-cosmetic-criminals. Domains, protocols and ports must match.
security error URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals(Line 359)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/elf-cosmetic-criminals. Domains, protocols and ports must match.
security error URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals(Line 359)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/elf-cosmetic-criminals. Domains, protocols and ports must match.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
javascript error URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=o_' from origin 'https://www.elfcosmetics.co.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=o_
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.elfcosmetics.co.uk/elf-cosmetic-criminals
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.media.amplience.net
cdn.static.amplience.net
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
cosmeticscriminals.co.uk
elfcosmetics.a.bigcontent.io
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
i.ytimg.com
imgs.signifyd.com
jnn-pa.googleapis.com
qoe-1.yottaa.net
sdk.iad-05.braze.com
static.doubleclick.net
t.paypal.com
w2txo5aatutr2nedhitimuu2jervk445tfp3ngegeedddf329b493724sac.d.aa.online-metrix.net
www.elfcosmetics.co.uk
www.google.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.youtube.com
cdn-fsly.yottaa.net
www.paypal.com
104.18.130.236
104.18.32.137
104.18.38.209
104.26.13.205
108.138.106.22
142.250.72.102
142.250.80.14
142.251.32.99
142.251.40.106
142.251.40.150
142.251.40.163
142.251.41.2
142.251.41.4
151.101.1.21
151.101.130.133
151.101.194.137
151.101.65.35
151.101.66.133
172.64.145.183
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
204.2.133.237
204.2.133.49
204.2.49.46
23.48.224.13
35.190.10.96
07218446d804c23b2141a7185facdfa6d08f7d1f22685cf157099a7328f7fd01
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
0842c681c00a2b571f7f28d4eaa5646e6fb845f964fd8f5aafa2cc7ce22a548b
0d86398d6a63444e0f94ca374a4570fa9a3c97d741757d73bbb6e1ef10b8aef3
1344811659720c8e29a95ba3956bbfa439aa5cd496c77212bf1d4465f7598b88
1ddc89ba3c2a29bf8b6a376737d491efdb8f9bcebc7c635639cda62390f45a06
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
1f94185bf320b088eb3c40b75de95ac8516680f4036bd287131b34f9c058146a
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
21842eff7313dc3aa41cdf3fed20e654c54ffa1f9506e8e1a784eac9294d59b5
24ac4da29c53564ae8c82180e85921818ad3fef0311e627f08b6edddf79a3b34
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
2b4b04ab5e0b45dd8337595c19249241fe5a074f0ed0bae6e0b53019738c63e2
2db35528a2c4e894f206c3f9be945f65b6304928200445dc9515766586ab493f
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
32aaeee96fd5d4ee55d785e181d136b89e21de673bd8b6e89f4731412ba5aba9
3647c672a453341430a3684a219414cb50fad3fc9c008e00bb22eb1427fafd00
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3ac408201feb91a819c5be27b27c5da781a686eba0eaf559ed84673e886ef860
3b442074013f86473455e34cee6bb1fe65050c8969b2ed1f0e77bc73b0f51f2f
3d1d150700c9b366b0736ea4ad4f01bab83bef1f948bc8a441a1a90ca4b7f4ad
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4088095e54d6fe8707e41291e15bd3e39f45eca9eb2b9d70e30aab6940260d82
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
4452a6247d8cf0b2c4793bfc3bff8e2fb6aecfdda4e096f4331bdcaf24763627
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4da8a6638ad70698ad3d01aa0ef124aebe35c297685c0796b174822f597b1d09
56f2742d7fbf93000ccdecf5a0235f493addcdd1092f7622fb7d5f11b44b7f7f
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5aacf62b959a1c46265183c895838fa90de010bd3e16e9623d0e3951e370851f
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5f4c5ad5f85696506e2299defa50e89de0fbcc7abed8995a7cbe7fc22447c12a
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
65a3f669b13f6b35a9e6bd0788784a1bb3b82ead49598684dcfaeda3b15d78bc
66be7956c0293e2e023c81979367a1763a596e64cf2b0fb3de400f95a3307f39
68f6710cb2cc63e278cd3be6a0593c700b3ac346e36c1d636c5c13374dc20e91
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
6a6587b346cc542242c1669dfed8c7936818f06dad4a338321f615f446532c57
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
71bd66530457656271aa253073fb867cdc9068586f7af54e341667687162909e
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
765a638d2813ec1b917fc56cf90863f88991ef2550c1a14c99e9e9b243e80f74
78143c1940ae7c3efe66773ebaa3ba5e2d27d4685304b0492d84a39783e0be86
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7a9e3acfc90f7f7b7fd43b79735ec07cefdae1549c46bf9f0ccad8af0480b697
7e5d570aed6b863b2048773cf5ed9de261d1f5a3e45098c6c1e30f3d73395b72
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
949062629321267f5e4f5d183435ab758ad7898afe2b31dc262b6b164167ffa0
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
97288c12b80b1296fe10c5d60c188d495fd900eae4d95c41038de6e7bd002bab
99f5cea2899b91eee936dd797ea9ba8ea599ce496e02d77743173e70d808bbca
9e407fb5bd2b9e460b37f6acc3ad65c5fb753f1ea6aecbaef61f534309e493be
a17793a04016eb52396740a06b0a7766063bbea2ebc597df7c634e8d2e5bf64f
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a61c884ef9d6caaa5be82633b8396ff987904c3473da08a0e73a7694e9b7cacf
a6cbc4c9c0b39f6d4edd8d4db4e73971e23c1e4b8b9b6ddd5956164b87fd3ebc
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
ba91ae2d795e612b37624d68868f1dcea5e4a3e2eadc4bf6b5df375c70ccddbb
bafc666308f50a3848018f6c98e6c082c5ef57d646f65a26936c56db34e8cbf5
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c75a0f7c4104d907f8419aeb5f87467a90bce54ef633af1e8a05c6c585c9994d
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc3d3ca360782948e68450393b0fff18eeed9f9f49ce9cca858d348df565a589
cd1219b40c0e8db08a210dbc96fdc4fc1ca0b1a954abae70e7a69a281d0cf92f
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
d09d4d2798c413f1f1721dce236187c6f5e2abaf799e2445897ee57ad70933d6
d1ed175340032493b9a4e8cc98ae176184425df32723a01bb7e0f8177be3e568
d310954cebcc052fcbc240c8a0e27bbceff52454a5bf557cdf3568ab0d3b634f
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
d85e4dcb52ce714c7136eb95a32765325205a4aabdb51932bd9024c400be665d
dc055917bb20b6042962d6e972655061a178db6b161b02c217406b62fd85c0e4
dc103bf7ced474769abfc47941b65a14e81e18d606f2e39f17e0b7c87f7b730c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
ecf66dd0cb3bb5f74fbebb82395dd47313cbb75db6c08c5436749fda9fd1870a
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee1c5a177ab7dba0f7ca896016ddeae40552d1ebb6df9a52551006c2216022a5
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f0601b3db935d1ff1020f5cc2d25147843781f0bbca94685e9f159cce33ad9f4