www.elfcosmetics.co.uk Open in urlscan Pro
204.2.48.22 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cosmeticcriminals.co.uk/
Effective URL:
https://www.elfcosmetics.co.uk/cosmetic-criminals
Submission: On January 05 via api (January 5th 2024, 12:41:49 am UTC) from US — Scanned from US

Summary HTTP 138 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 28 IPs in 1 countries across 21 domains to perform 138 HTTP transactions. The main IP is 204.2.48.22, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.co.uk. The Cisco Umbrella rank of the primary domain is 344886.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.

This is the only time www.elfcosmetics.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	204.2.133.237 204.2.133.237	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
1 17	204.2.48.22 204.2.48.22	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
5 11	2606:4700:440... 2606:4700:4400::ac40:9ba6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:440... 2606:4700:4400::ac40:952f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2607:f8b0:400... 2607:f8b0:4006:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
3	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
13	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	64.185.227.156 64.185.227.156	18450 (WEBNX) (WEBNX)
6	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
4	2607:f8b0:400... 2607:f8b0:4006:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:817::2006	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4006:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:822::2004	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80d::2016	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:806::2003	15169 (GOOGLE) (GOOGLE)
1	204.2.49.48 204.2.49.48	393259 (YOTTAA-AS-1) (YOTTAA-AS-1)
9	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
2	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:4400::ac40:91b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.193.35 151.101.193.35	54113 (FASTLY) (FASTLY)
2	108.138.106.128 108.138.106.128	16509 (AMAZON-02) (AMAZON-02)
3	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
12	192.225.157.157 192.225.157.157	30286 (THM) (THM)
2	192.225.158.1 192.225.158.1	30286 (THM) (THM)
1	192.225.158.3 192.225.158.3	30286 (THM) (THM)
138	28

1 204.2.133.237 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

cosmeticcriminals.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 204.2.48.22 (United States) 1 redirects

ASN393259 (YOTTAA-AS-1, US)

www.elfcosmetics.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:4400::ac40:9ba6 (United States) 5 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.media.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:4400::ac40:952f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.static.amplience.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2607:f8b0:4006:808::200e (United States)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

cdn-fsly.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.185.227.156 (New York, United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

sdk.iad-05.braze.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80b::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:821::2002 (United States) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:817::2006 (United States)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:80e::200a (United States)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80d::2016 (United States)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:806::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.2.49.48 (United States)

ASN393259 (YOTTAA-AS-1, US)

qoe-1.yottaa.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.65.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxxt4gy2ig.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:91b7 (United States)

ASN13335 (CLOUDFLARENET, US)

elfcosmetics.a.bigcontent.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.106.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-128.jfk50.r.cloudfront.net

cdn-scripts.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.225.157.157 (United States)

ASN30286 (THM, US)

imgs.signifyd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.225.158.1 (United States)

ASN30286 (THM, US)
PTR: a-sac.h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.3 (United States)

ASN30286 (THM, US)
PTR: d.aa.online-metrix.net

w2txo5aaa27ic2cz2vozrfne677ss46h7bnbri7e3bbf40168fcbde45sac.d.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	youtube.com www.youtube.com — Cisco Umbrella Rank: 79	2 MB
17	elfcosmetics.co.uk 1 redirects www.elfcosmetics.co.uk — Cisco Umbrella Rank: 344886	317 KB
16	amplience.net 5 redirects cdn.media.amplience.net — Cisco Umbrella Rank: 13847 cdn.static.amplience.net — Cisco Umbrella Rank: 47248	7 MB
14	signifyd.com cdn-scripts.signifyd.com — Cisco Umbrella Rank: 10774 imgs.signifyd.com — Cisco Umbrella Rank: 8345	95 KB
13	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 625	214 KB
12	paypal.com www.paypal.com — Cisco Umbrella Rank: 3050 t.paypal.com — Cisco Umbrella Rank: 3583	238 KB
8	googleapis.com jnn-pa.googleapis.com — Cisco Umbrella Rank: 306	80 KB
8	gstatic.com fonts.gstatic.com www.gstatic.com	95 KB
6	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 static.doubleclick.net — Cisco Umbrella Rank: 371	2 KB
6	braze.com sdk.iad-05.braze.com — Cisco Umbrella Rank: 3700	1 KB
4	yottaa.net cdn-fsly.yottaa.net — Cisco Umbrella Rank: 25002 Failed qoe-1.yottaa.net — Cisco Umbrella Rank: 9663	1 MB
3	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 3974 w2txo5aaa27ic2cz2vozrfne677ss46h7bnbri7e3bbf40168fcbde45sac.d.aa.online-metrix.net	16 KB
3	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2512	33 KB
3	bigcontent.io elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 158403	8 KB
2	px-cloud.net collector-pxxt4gy2ig.px-cloud.net — Cisco Umbrella Rank: 271980	1 KB
2	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 104	6 KB
2	google.com www.google.com — Cisco Umbrella Rank: 6	39 KB
2	ipify.org api.ipify.org — Cisco Umbrella Rank: 2685	440 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 950	305 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1219	24 KB
1	cosmeticcriminals.co.uk 1 redirects cosmeticcriminals.co.uk	325 B
138	21

	Domain	Requested by
18	www.youtube.com	www.elfcosmetics.co.uk www.youtube.com
17	www.elfcosmetics.co.uk	1 redirects www.elfcosmetics.co.uk cdn-fsly.yottaa.net
13	cdn.cookielaw.org	cdn-fsly.yottaa.net cdn.cookielaw.org www.elfcosmetics.co.uk
12	imgs.signifyd.com	www.elfcosmetics.co.uk imgs.signifyd.com
11	cdn.media.amplience.net	5 redirects www.elfcosmetics.co.uk
9	www.paypal.com	www.elfcosmetics.co.uk www.paypal.com www.paypalobjects.com
8	jnn-pa.googleapis.com	www.youtube.com
6	sdk.iad-05.braze.com	cdn-fsly.yottaa.net
5	cdn.static.amplience.net	www.elfcosmetics.co.uk
4	www.gstatic.com	www.youtube.com www.gstatic.com
4	googleads.g.doubleclick.net	2 redirects www.youtube.com
4	fonts.gstatic.com	www.youtube.com
3	www.paypalobjects.com	www.elfcosmetics.co.uk www.paypalobjects.com
3	t.paypal.com
3	elfcosmetics.a.bigcontent.io
3	cdn-fsly.yottaa.net	www.elfcosmetics.co.uk
2	h.online-metrix.net	imgs.signifyd.com
2	cdn-scripts.signifyd.com	www.elfcosmetics.co.uk
2	collector-pxxt4gy2ig.px-cloud.net	www.elfcosmetics.co.uk
2	i.ytimg.com	www.youtube.com
2	www.google.com	www.youtube.com
2	static.doubleclick.net	www.youtube.com
2	api.ipify.org	cdn-fsly.yottaa.net
1	w2txo5aaa27ic2cz2vozrfne677ss46h7bnbri7e3bbf40168fcbde45sac.d.aa.online-metrix.net
1	qoe-1.yottaa.net	www.elfcosmetics.co.uk
1	geolocation.onetrust.com	cdn.cookielaw.org
1	code.jquery.com	www.elfcosmetics.co.uk
1	cosmeticcriminals.co.uk	1 redirects
138	28

This site contains links to these domains. Also see Links.

Domain
cdn.dynamicyield.com
st.dynamicyield.com
rcom.dynamicyield.com
www.tiktok.com
www.instagram.com
www.pinterest.com
www.facebook.com
www.youtube.com
twitter.com
www.snapchat.com
www.linkedin.com
www.elfbeauty.com
elfcosmetics.onelink.me
preferences.elfcosmetics.com
cookiepedia.co.uk
tcf.cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
*.elfcosmetics.co.uk Sectigo RSA Domain Validation Secure Server CA	`2023-09-25` - `2024-10-25`	a year	crt.sh
dm.amplience.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-20` - `2024-08-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.yottaa.net GlobalSign RSA OV SSL CA 2018	`2023-09-13` - `2024-10-14`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh
*.iad-05.braze.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-07-27` - `2024-08-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-10-13` - `2024-08-20`	10 months	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-15` - `2024-09-13`	a year	crt.sh
*.bigcontent.io GeoTrust TLS RSA CA G1	`2023-03-14` - `2024-04-13`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2023-09-21` - `2024-10-21`	a year	crt.sh
cdn-scripts.signifyd.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh
imgs.signifyd.com Go Daddy Secure Certificate Authority - G2	`2023-10-20` - `2024-11-20`	a year	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2023-01-09` - `2024-01-23`	a year	crt.sh
*.d.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2023-03-03` - `2024-03-04`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.elfcosmetics.co.uk/cosmetic-criminals
Frame ID: 4DF4F522A7166034EA6E1DF6145D9F2D
Requests: 75 HTTP requests in this frame

Frame: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Frame ID: 02875B33A21839179B9DB50916BD6E3F
Requests: 18 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 95CEB8AF72CA009B812CC6AC2C545687
Requests: 18 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
Frame ID: 466EF02EBDA0DF62173EE05792357FD7
Requests: 4 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 1B9120B8FE83D90B3F37BF8D1593038B
Requests: 3 HTTP requests in this frame

Frame: https://imgs.signifyd.com/e3Ff9hZBYFXOixiv?387c24070224faaf=j-GI_FdF2u3E2HM1qqGE_e5EQKf7jUQoGaD97hJDKiRNxhwqUldiSaWA7gIwaJQGgRnq47l2OnybR5nyTp_CUMb3zC_Fhsfk0FWQNBFSz_EGlV17dljS9_uWlmRuC5QeemuEuBSiML94H369LosR5XeW-zdC4khvBzY9KxoFPdNZNyYv77xLF4vIV-eseAEnyzlIZT9KHIDMbyHu&jb=3d3b242c6073677d355d696e6e657d7b2e62736f3757636c6e6f77732f3232393926687b6a773f49627267656d2c6a73683749607a676d652f323a333830
Frame ID: 98B3E754BBB22D25A3A618974CAD8A02
Requests: 9 HTTP requests in this frame

Frame: https://imgs.signifyd.com/T7CJJgznsP-m6x11?f554e79646fefc72=qp8FTZUuGxiUsL6hIqrMgJkMHCiy7AEf3b7KI0rDhp83bDQnSAjdLMAXhoq6C7JceU8x8R0b7ZVJPPWn4EVINNTb70l6OcfuxdAADx1Rg6FuzswOd9rhquN_5-Gcignz138csi-u23oFHyQXWfdtC8jk7uzjxGEdeSkgZ33WKcgOCzU2Y9KbCMuQ5Wl4VQu5pcOhMOXZ3z5ofrRSFNM
Frame ID: 22F932A14CF82B5F8E50C1034F12283D
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/Tq9qBqOBppRjOBMW?e56e95d19b3f44d0=Bnp_vQyrYq1EA_GXiHuNy5m4r19XBnOlVGajTOeSiXZwhsRUPuGK_8jQKyxCPTwSlUq9nwN0ddPzUn8eO__LTLgK6cwEuIG8T_v9oZNxKhXEpwJvWrvTm-4DDtGwJF1DtnP4gmq1h7c2m5iTyp1XedU7DSMX8kx3QkrcXnimImGUppN3ZJ1g_RXNVu1A2yRT8oWQhWTBCufZ5hqGYFLc
Frame ID: DF7E4E1DDA88E9380F3D9BE0E297E2A0
Requests: 2 HTTP requests in this frame

Frame: https://imgs.signifyd.com/KaMHAqWBDBm3Fbo9?629faaa69e5ac612=O0h1-7K3gbcCrSxF6c3iyyv4PX8BiNUJMnCHa2Y0U0tHsUPb3aSKvxqNsGk8QZr7fxYQ3NnFIoZPhSz23MbMp7lZwA4HAl-n20l0bBHK4koFvZafUBgbVl-bEQf2LXpzvHGjNP8XqJe_Ax4i-uAqf_82To4cfiUl4Ko5KHqATo8vtbdAl1bpOwQO_a9HyC1SCP3_TPAQfSGfO-iq53kF
Frame ID: EAA46C4E99EC0B4BD1DCD7FF635E8FB8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

e.l.f. Cosmetics | e.l.f. CosmeticsBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://cosmeticcriminals.co.uk/ HTTP 301
https://www.elfcosmetics.co.uk/cosmetic-criminals Page URL

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

138
Requests

91 %
HTTPS

50 %
IPv6

21
Domains

28
Subdomains

28
IPs

1
Countries

11395 kB
Transfer

22308 kB
Size

16
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://st.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://rcom.dynamicyield.com/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@elfyeah/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elfcosmeticsuk/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfcosmetics/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/eyeslipsfacedotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/add/elfcosmetics

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/e-l-f-beauty

Search URL Search Domain Scan URL

URL: https://www.elfbeauty.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://elfcosmetics.onelink.me/wTtZ/AcrossSiteCosmetics

Search URL Search Domain Scan URL

URL: https://preferences.elfcosmetics.com/privacy
Title: Privacy Rights Request Form

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://tcf.cookiepedia.co.uk/?lang=en
Title: | View Full Legal Text Opens in a new Tab

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cosmeticcriminals.co.uk/ HTTP 301
https://www.elfcosmetics.co.uk/cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

Request Chain 14

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/webm_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm

Request Chain 15

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/webm_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm

Request Chain 17

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/webm_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm

Request Chain 18

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/webm_720p HTTP 302
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm

Request Chain 37

https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-eu&code_challenge=-N86SsWApM_yVarlqHK2ATC2Ys_XtPrWQBD8aEURVHU HTTP 303
https://www.elfcosmetics.co.uk/callback?usid=210907cb-ec25-4da3-9b62-14606fd39323&code=JXLHpDDfo2Pil8JzGHM6votCPJipd00Z2BsHQNAh92U

Request Chain 46

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 50

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

138 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cosmetic-criminals Show response
www.elfcosmetics.co.uk/
Redirect Chain

https://cosmeticcriminals.co.uk/
https://www.elfcosmetics.co.uk/cosmetic-criminals

890 KB
227 KB

3269ms
3043ms

Document
text/html

204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: a1bbbf39bfb5cb785d5e3517475d5d07e2d52f8c1a7444cbdc7554b84b4210eb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 0
cache-control: public, must-revalidate, s-maxage=900
content-encoding: gzip
content-length: 231150
content-type: text/html; charset=utf-8
date: Fri, 05 Jan 2024 00:41:34 GMT
etag: W/"c16d3-EW+HA0yjKyruRaIhdbafIkUgPJk"
vary: Accept-Encoding
via: 1.1 0dfd4a767fdb169a154f978de9887036.cloudfront.net (CloudFront)
x-amz-apigw-id: RCl5bEi-CYcEnHA=
x-amz-cf-id: eOsDGmktZW9HKcmORZcPNVXeAZAN-LpLJ6u8qHrYTtDKtQv3eHj0Iw==
x-amz-cf-pop: ORD52-C2
x-amzn-remapped-connection: close
x-amzn-remapped-content-length: 792275
x-amzn-remapped-date: Fri, 05 Jan 2024 00:41:34 GMT
x-amzn-requestid: 21882343-78e4-4313-bd13-e686e964ffaa
x-amzn-trace-id: Root=1-6597503c-143fbead1ce21aa644fc72ca;Sampled=0;lineage=dcd1e669:0
x-cache: Miss from cloudfront
x-yottaa-metrics: 2621cc02836a/[2801,2671,-] 26D1cc023016/[-,2923.940]
x-yottaa-optimizations: ob/1000000100001000 si/26D1cc023016-1704395137-9105549065 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-yottaa-os: 200

Redirect headers

age: 0
content-length: 1197
content-type: text/html; charset=utf-8
date: Fri, 05 Jan 2024 00:41:31 GMT
location: https://www.elfcosmetics.co.uk/cosmetic-criminals
vary: User-Agent
x-yottaa-fw: fb/100000 tid/658f1f27d931403bb4ae5240 rid/658f266dd931403bb4ae60ab stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics: 25D1cc0285ed/[-,0.157]
x-yottaa-optimizations: ob/0 si/25D1cc0285ed-1704395137-1971329981 tts/1704415291714 ti/0 ai/658f1f27d931403bb4ae5240

GET
H2 200 PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 630 KB
630 KB 217ms
73ms Image
image/jpeg 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: KecjuB3UJ,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: M5Lpt5cG_4
alt-svc: h3=":443"; ma=86400
content-length: 644728
x-xss-protection: 1; mode=block
x-amp-source-height: 1249
last-modified: Thu, 04 Jan 2024 15:02:24 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 3199
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 8407ad2bcaac4bc1-BUF
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
H2 200 PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 210 KB
211 KB 221ms
77ms Image
image/png 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c856ca647a5edf9ff56752649cd2bbd3d6d6fb2263d1b473a255534f5bf6f830

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: KE_4p-anu,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: v6oCa1skal
alt-svc: h3=":443"; ma=86400
content-length: 215306
x-xss-protection: 1; mode=block
x-amp-source-height: 340
last-modified: Thu, 04 Jan 2024 20:43:02 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 800
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 8407ad2bcaab4bc1-BUF
x-amp-published: Wed, 20 Dec 2023 20:47:39 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 2 MB
2 MB 222ms
78ms Image
image/png 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

349a84fa24c5bda7424681c4ab9a0d265a0966a963f47e975dc5f7f347e3bb1d

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: -jHS4uPc9,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: dnzeFDmWeV
alt-svc: h3=":443"; ma=86400
content-length: 2102142
x-xss-protection: 1; mode=block
x-amp-source-height: 1484
last-modified: Thu, 04 Jan 2024 20:43:02 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 3080
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 8407ad2bcaad4bc1-BUF
x-amp-published: Wed, 03 Jan 2024 21:02:28 GMT

GET
H2 200 PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 330 KB
331 KB 216ms
72ms Image
image/jpeg 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: 7Sw-cmdXJ,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: 3a49ACuGFd
alt-svc: h3=":443"; ma=86400
content-length: 338113
x-xss-protection: 1; mode=block
x-amp-source-height: 1062
last-modified: Thu, 04 Jan 2024 20:43:02 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 2806
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 8407ad2bcaaf4bc1-BUF
x-amp-published: Wed, 27 Dec 2023 17:21:33 GMT

GET
H2 200 PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 180 KB
180 KB 184ms
41ms Image
image/jpeg 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: ZFdUusQOi,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: cVLp3cRHhJ
alt-svc: h3=":443"; ma=86400
content-length: 184181
x-xss-protection: 1; mode=block
x-amp-source-height: 1108
last-modified: Thu, 04 Jan 2024 20:43:02 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
x-amp-source-width: 1952
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 8407ad2bcaae4bc1-BUF
x-amp-published: Fri, 29 Dec 2023 07:51:47 GMT

GET
H2 200 PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 613 KB
614 KB 220ms
77ms Image
image/png 2606:4700:4400::ac40:9ba6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9ba6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b311b78042906393bf9c3cdc5bc8115b450b8b31905b1641dec7246fbd4cc85

Security Headers

Name	Value
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: Oytu0AD1d,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-amp-cf-worker: true
edge-control: max-age=86400
x-req-id: HRUX_khFCb
alt-svc: h3=":443"; ma=86400
content-length: 627998
x-xss-protection: 1; mode=block
x-amp-source-height: 525
last-modified: Thu, 04 Jan 2024 15:02:24 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
x-amp-source-width: 3200
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 8407ad2bcab04bc1-BUF
x-amp-published: Thu, 28 Dec 2023 16:15:28 GMT

GET /
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ 0
0

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b

Request headers

Referer
Origin: https://www.elfcosmetics.co.uk
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd

Request headers

Referer
Origin: https://www.elfcosmetics.co.uk
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2

206

8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4

1 MB
1 MB

998ms
71ms

Media
video/mp4

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:36 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: AWBCNBGEDADFG8ZW
age: 1231
Content-Range: bytes 0-1060947/1060948
Content-Length: 1060948
x-amz-id-2: nNHn9kP/hBmLvhceSjR/vliMFX+RYhpVq1m5Ckv6ZtPzFVHhaV6kl0H8eOHEvnehLAsBHsjfSXM=
last-modified: Fri, 22 Dec 2023 15:50:27 GMT
server: cloudflare
etag: "dd3676819bd88a250c875a11e38c307d"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/mp4
cf-ray: 8407ad336a8b4bd3-BUF

Redirect headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: dYhYQwie9,l4p5bDg2e,bgWw7nQ29
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407ad2cab2a4bc1-BUF

GET
H2

206

8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/webm_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm

1 MB
1 MB

999ms
72ms

Media
video/webm

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 692db01eb703744d633776b15675c6b2c761732ca585236d376836bf6f04bc9e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:36 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: V3ERNCQXQWPF2QE8
age: 1231
Content-Range: bytes 0-1210813/1210814
Content-Length: 1210814
x-amz-id-2: opqKGOFOGyBguJ5cPN0A5b2dMeAzbRh2ZdzRM7IPJvMQRI/kd1qxuOZiLDFYjhfEDrFAdhmaQxM=
last-modified: Fri, 22 Dec 2023 17:43:50 GMT
server: cloudflare
etag: "fae641824ad9e109b5a20c2cba506e57"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/webm
cf-ray: 8407ad336a8a4bd3-BUF

Redirect headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: smKfyYikL,l4p5bDg2e,fH6Lo3_5e
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/8a65b983-c39f-43b2-bfd6-6361ab5d5303.webm
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407ad2cab2b4bc1-BUF

GET
H2

206

dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_DESKTOP_8_BEAR-alt/webm_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm

375 KB
376 KB

997ms
71ms

Media
video/webm

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4973f562e7d8f8ad478be1fe1090639ca7b50af5f98c5c13efe61d22fb72665e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:36 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: V3ES8H9WHPZR1R2E
age: 1231
Content-Range: bytes 0-384464/384465
Content-Length: 384465
x-amz-id-2: ExXgsXZV140h83Uz0C2jxZu4zUDnwWAMtIa7z2fX9QIbbPnGoKMarZX0NpYOjgBUtxyFkdrwuOc=
last-modified: Fri, 29 Dec 2023 07:23:44 GMT
server: cloudflare
etag: "dd9940f6d244dca562aef306c8b59fe0"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/webm
cf-ray: 8407ad336a8c4bd3-BUF

Redirect headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: Ffb8Zr4M4,l4p5bDg2e,6oVxns4D8
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_desktop_8_bear-alt/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/dd0a711b-b81d-4c1b-a295-3836b2414bcc.webm
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407ad2cab2c4bc1-BUF

GET
H2 200 bxGKZ6lfJ7A Show response
www.youtube.com/embed/ Frame 0287 94 KB
41 KB 296ms
181ms Document
text/html 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f850127ae998f314c46aceb0f826e81fe08f39f44168f4342db12bc406ca62e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-2WEhU2_X5O8c5fvOby0etg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 00:41:35 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

206

848c5446-ecbd-46ce-a180-637c5c42845d.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_PLANT/webm_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm

237 KB
238 KB

1142ms
38ms

Media
video/webm

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 744f83518728b979fb7e008389501d1acaa5a3086284274c296f26c5d4cfc8e4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:36 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: V3ENW2TZ8YVN29YY
age: 1231
Content-Range: bytes 0-243067/243068
Content-Length: 243068
x-amz-id-2: BDrLvuWadaMrEiyawUHA+EBd7cU+2/pQIYkq0ZwkC9IRrG/19/0ae4yafpFTn8jzvxDFmX6cHy8=
last-modified: Tue, 02 Jan 2024 17:30:06 GMT
server: cloudflare
etag: "bc22e0c363ee3e170f7a975b978bad39"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/webm
cf-ray: 8407ad336a884bd3-BUF

Redirect headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: K4zby9wxt,l4p5bDg2e,tO41Cj3M_
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_plant/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/848c5446-ecbd-46ce-a180-637c5c42845d.webm
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407ad2beabf4bc1-BUF

GET
H2

206

b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/
Redirect Chain

https://cdn.media.amplience.net/v/elfcosmetics/COSMETICSECURITY_MOBILE_8_BOOK/webm_720p
https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm

194 KB
195 KB

1174ms
70ms

Media
video/webm

2606:4700:4400::ac40:952f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 2606:4700:4400::ac40:952f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5ce843cf166fdb4108ebcfe16b22da332149e2bcb4b7d93b3abd0d93e2def8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:36 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: V3EPFWZBX9VDN4QP
age: 1231
Content-Range: bytes 0-198985/198986
Content-Length: 198986
x-amz-id-2: jx97sWiK/oVsMCoTPBkPEN/Knx55eE96RvFsNjt1vlrbEdoouig0zDz9DURMJDlIVURK8j0LkyE=
last-modified: Tue, 02 Jan 2024 17:20:49 GMT
server: cloudflare
etag: "a2b2c1d6820d46784bd0e0e1ed3190de"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-type: video/webm
cf-ray: 8407ad336a894bd3-BUF

Redirect headers

date: Fri, 05 Jan 2024 00:41:35 GMT
cf-cache-status: HIT
age: 6738
x-amp-srv: CF
edge-cache-tag: ZBNA9w0AC,l4p5bDg2e,nvYvyivv1
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://cdn.static.amplience.net/elfcosmetics/_vid/cosmeticsecurity_mobile_8_book/63b3ea60-97ad-430e-bed7-2b3caea65a55/video/b275741b-78ac-4d86-9f6d-ffd5e2b0836a.webm
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407ad2beac04bc1-BUF

GET
H2 200 rZPCKoUReO0 Show response
www.youtube.com/embed/ Frame 95CE 93 KB
40 KB 282ms
188ms Document
text/html 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4c1819fa895ca17b327d0237929e60ebe1f1318a243794f2545edd4a2c5e70f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Fri, 05 Jan 2024 00:41:35 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 jquery-3.7.1.slim.min.js Show response
code.jquery.com/ 69 KB
24 KB 142ms
31ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:35 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 4464905
x-cache: HIT, HIT
content-length: 24036
x-served-by: cache-lga21942-LGA, cache-nyc-kteb1890029-NYC
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1704415295.472123,VS0,VE1
etag: W/"28feccc0-11278"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 2800, 1

GET
H2 200 player_api Show response
www.youtube.com/ 993 B
2 KB 266ms
173ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:35 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Fri, 05 Jan 2024 00:41:35 GMT

GET
H2 200 vendor.js Show response
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/ 2 MB
619 KB 143ms
90ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: ryOdsDyPqMma0Bz2j3lHVfVV1PGsqvj5
via: 1.1 d97dd7c0e5494b112a00ed17f5ede034.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Fri, 05 Jan 2024 00:41:35 GMT
x-amz-cf-pop: DFW55-C3
age: 729568
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/3211a5fec641-1692101820-1733780954 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621188
content-length: 633349
x-amz-meta-bundle: 10312
x-served-by: cache-yyz4556-YYZ
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:06 GMT
server: AmazonS3
x-timer: S1704415295.418509,VS0,VE3
etag: W/"2cdf96682220db2ea40feb07d3bdee6d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 3221a5fec663/[144,19,-] 3211a5fec641/[-,444.823]
accept-ranges: bytes
x-amz-cf-id: wHSfVQ1CnDWTbQhrm0f2TjSi30GrzP20LE-EiV_XA_9JtFN-GCIjvg==
x-cache-hits: 1

GET
H2 200 main.js Show response
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/ 2 MB
454 KB 87ms
34ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/main.js?yocs=o_q_
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 0MUSynTyx03nRq3yU4boF4q321TmKQZJ
via: 1.1 eb0e559672da6f524cf68a461f930cc4.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Fri, 05 Jan 2024 00:41:35 GMT
x-amz-cf-pop: PHL50-C1
age: 2161966
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/23114047a14c-1695931013-2239811078 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621188
content-length: 464645
x-amz-meta-bundle: 10312
x-served-by: cache-yyz4556-YYZ
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:02 GMT
server: AmazonS3
x-timer: S1704415295.418488,VS0,VE2
etag: W/"27402e9d694cdb3cca51cf2f76ddce4f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 23214047a175/[292,228,-] 23114047a14c/[-,527.087]
accept-ranges: bytes
x-amz-cf-id: IFuecPIClN7jmCzqGi6kPcUaQK5p6s6g6naeAWp1pRmKBRXmr1lUWw==
x-cache-hits: 1

GET
H2 200 pages-product-list-product-list-page.js Show response
cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/ 40 KB
12 KB 85ms
33ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/pages-product-list-product-list-page.js?yocs=o_q_
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: kGo5q_WYPU5req20vNr3VzMYgKtS7.00
via: 1.1 29c5489c5e1405c3b5e0ac847cbfad6e.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
date: Fri, 05 Jan 2024 00:41:35 GMT
x-amz-cf-pop: PHL50-C1
age: 163482
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1000 si/23114047a14c-1695931013-2287017463 tts/1701368385513 ti/5dbb1b444f1bbf5af87e110e ai/5dbb1b434f1bbf5af87e10a5 tm/0
x-cache: Hit from cloudfront, HIT
x-amz-meta-deploy: 621188
content-length: 11125
x-amz-meta-bundle: 10312
x-served-by: cache-yyz4556-YYZ
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:05 GMT
server: AmazonS3
x-timer: S1704415295.418477,VS0,VE1
etag: W/"588785bf0bd820aa0bfb16d1f1d1b104"
vary: Accept-Encoding
content-type: application/javascript; charset=utf8
cache-control: public, max-age=31104000
x-yottaa-metrics: 2321cc8d59d5/[15,10,-] 23114047a14c/[-,22.560]
accept-ranges: bytes
x-amz-cf-id: FVRxtI77ZuHMV1egOIPAXdMS9uS07edCoNtwKbV2SR6Q2Kdi-T4bHw==
x-cache-hits: 1

GET
H2 404 OtAutoBlock.js
cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/ 0
0 636ms
43ms Script
text/plain 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/OtAutoBlock.js
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/main.js?yocs=o_q_
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 631ms
39ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/main.js?yocs=o_q_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: FWT01iLvZ++xUAz3aesSug==
age: 58795
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jan 2024 22:17:18 GMT
server: cloudflare
etag: 0x8DC0CA9BF9BFF37
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 1f518f4a-801e-0043-4dbb-3edfdf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad3d2a014bcf-BUF

GET
H/1.1 200
OK / Show response
api.ipify.org/ 20 B
220 B 584ms
36ms XHR
application/json 64.185.227.156
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 64.185.227.156 New York, United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.1 /
Resource Hash: df28b04534ebeeeb0221cb7daf0de49a53b97aa8a6cfe668f2fd60aab1245f84

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 05 Jan 2024 00:41:38 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 20
Vary: Origin
Content-Type: application/json

GET
H/1.1 200
OK / Show response
api.ipify.org/ 20 B
220 B 578ms
32ms XHR
application/json 64.185.227.156
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 64.185.227.156 New York, United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.1 /
Resource Hash: df28b04534ebeeeb0221cb7daf0de49a53b97aa8a6cfe668f2fd60aab1245f84

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 05 Jan 2024 00:41:38 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 20
Vary: Origin
Content-Type: application/json

GET
H2 200 www-player.css
www.youtube.com/s/player/da154528/ Frame 0287 358 KB
47 KB 28ms
25ms Stylesheet
text/css 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 19:16:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 105906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47436
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 19:16:31 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 0287 52 KB
16 KB 45ms
44ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 21:22:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 184775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16296
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 01 Jan 2025 21:22:02 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame 0287 322 KB
97 KB 180ms
179ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 07:24:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 234999
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98735
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 01 Jan 2025 07:24:58 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 0287 2 MB
767 KB 56ms
55ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:05:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102948
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 785283
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 20:05:49 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/da154528/ Frame 95CE 358 KB
46 KB 170ms
168ms Stylesheet
text/css 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 19:16:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 105906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47436
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 19:16:31 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 95CE 52 KB
16 KB 172ms
170ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 21:22:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 184775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16296
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 01 Jan 2025 21:22:02 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/da154528/www-embed-player.vflset/ Frame 95CE 322 KB
97 KB 174ms
172ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 07:24:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 234999
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98735
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 01 Jan 2025 07:24:58 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 95CE 2 MB
767 KB 174ms
173ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:05:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102948
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 785283
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 20:05:49 GMT

GET
H2

200

callback
www.elfcosmetics.co.uk/
Redirect Chain

https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client...
https://www.elfcosmetics.co.uk/callback?usid=210907cb-ec25-4da3-9b62-14606fd39323&code=JXLHpDDfo2Pil8JzGHM6votCPJipd00Z2BsHQNAh92U

0
0

214ms
214ms

Fetch
application/json

204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/callback?usid=210907cb-ec25-4da3-9b62-14606fd39323&code=JXLHpDDfo2Pil8JzGHM6votCPJipd00Z2BsHQNAh92U
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:38 GMT
via: 1.1 98e2eb12ca62ecc662bc928ec41abedc.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 0
x-amz-cf-pop: ORD52-C2
age: 0
x-amzn-remapped-connection: close
x-amzn-requestid: 45f25724-a547-42fd-b3ad-09e9ceb995e7
x-yottaa-optimizations: ob/1000 si/26D1cc023016-1704395137-9105549194 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
x-amz-apigw-id: RCl6eHyyiYcEBFQ=
content-length: 0
x-yottaa-forcecache: true
x-amzn-trace-id: Root=1-65975042-16c48b7f0ad83a3335e58832;Sampled=0;lineage=dcd1e669:0
content-type: application/json
cache-control: public, max-age=604800
x-yottaa-os: 200
x-yottaa-metrics: 2621cc02836f/[182,177,-] 26D1cc023016/[-,184.507]
x-amzn-remapped-date: Fri, 05 Jan 2024 00:41:38 GMT
x-amz-cf-id: k-_esLNYX56l4zapjANuJ7_PzhFrt3qZKRaubuyXlriEx3O8qRi28Q==

Redirect headers

date: Fri, 05 Jan 2024 00:41:38 GMT
x-correlation-id: 8407ad3e0fc6222e
via: 1.1 361be9423fbc0d226d13a3e0f5517234.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: ORD52-C2
age: 0
x-yottaa-optimizations: ob/0 si/26D1cc023016-1704395137-9105549184 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
content-length: 0
pragma: no-cache
x-ratelimit-1m-remaining: 23009, 1958234
x-ratelimit-1m-reset: 21703, 21703
x-ratelimit-1m-limit: 24000, 2000000
vary: Accept-Encoding
location: https://www.elfcosmetics.co.uk/callback?usid=210907cb-ec25-4da3-9b62-14606fd39323&code=JXLHpDDfo2Pil8JzGHM6votCPJipd00Z2BsHQNAh92U
cache-control: no-store
x-yottaa-os: 303
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-eu&code_challenge=-N86SsWApM_yVarlqHK2ATC2Ys_XtPrWQBD8aEURVHU
x-yottaa-metrics: 2621cc8d5882/[136,130,-] 26D1cc023016/[-,138.892]
cf-ray: 8407ad3e0fc6222e-ORD
x-amz-cf-id: j1FuioK-JgDND_pBBMsdC1kcZYGWfVCMUIkO-rFcxepSAT942tdXmQ==

POST
H2 201 / Show response
sdk.iad-05.braze.com/api/v3/data/ 334 B
464 B 142ms
142ms XHR
application/json 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

83f77701d6f8aa2b017e97775fc33276e34463fbe98df196a11d363bca8c3359

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-TriggersRequest: true
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
Referer: https://www.elfcosmetics.co.uk/
X-Requested-With: XMLHttpRequest

Response headers

date: Fri, 05 Jan 2024 00:41:38 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: bbf5fd1a-199d-44db-ae20-210e70d2993e
x-served-by: cache-yyz4523-YYZ
x-runtime: 0.099632
etag: W/"83f77701d6f8aa2b017e97775fc33276"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 /
sdk.iad-05.braze.com/api/v3/data/ Frame 0
0 176ms
71ms Preflight 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/data/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: content-type,x-braze-api-key,x-braze-datarequest,x-braze-triggersrequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Fri, 05 Jan 2024 00:41:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4523-YYZ

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0287 15 KB
15 KB 114ms
44ms Font
font/woff2 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 02:52:49 GMT
x-content-type-options: nosniff
age: 164929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 02:52:49 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0287 15 KB
16 KB 95ms
26ms Font
font/woff2 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 08:56:26 GMT
x-content-type-options: nosniff
age: 143112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 08:56:26 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 95CE 15 KB
15 KB 108ms
53ms Font
font/woff2 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 02:52:49 GMT
x-content-type-options: nosniff
age: 164929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 02:52:49 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 95CE 15 KB
15 KB 120ms
66ms Font
font/woff2 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 08:56:26 GMT
x-content-type-options: nosniff
age: 143112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jan 2025 08:56:26 GMT

GET
H2 200 25840211-e69f-428e-bb3b-0787cffdf0e8.json Show response
cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/ 4 KB
2 KB 121ms
43ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/25840211-e69f-428e-bb3b-0787cffdf0e8.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

949062629321267f5e4f5d183435ab758ad7898afe2b31dc262b6b164167ffa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24498
content-md5: FgAuBFiP8zSeAA1ZcGm5bQ==
content-length: 1495
x-ms-lease-status: unlocked
last-modified: Tue, 13 Dec 2022 17:32:15 GMT
server: cloudflare
etag: 0x8DADD2FFA203B7A
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 41c2cfdd-501e-006f-78e6-1d3370000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad406f9e4bc1-BUF
expires: Sat, 06 Jan 2024 00:41:38 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
305 B 111ms
43ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8407ad41fff24bc9-BUF
access-control-allow-headers: Content-Type

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 0287
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

40ms
39ms

XHR
application/json

2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35ae1f2d16f1e1f48e24ca207b24b4a6a19f7c22975da09e96c5fbd17eda3c79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 05 Jan 2024 00:41:38 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 0287 29 B
89 B 105ms
26ms Script
text/javascript 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:29:25 GMT
x-content-type-options: nosniff
age: 733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 05 Jan 2024 00:44:25 GMT

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 756 B
691 B 396ms
395ms XHR
application/json 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2b784ffdd264206d880386648d238c014c3bd886aeddb41026adedf65feb82fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.co.uk/
X-Requested-With: XMLHttpRequest
X-Braze-ContentCardsRequest: true

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 13fb064a-4eef-4314-a1a4-6f6196551895
x-served-by: cache-yyz4523-YYZ
x-runtime: 0.351107
etag: W/"2b784ffdd264206d880386648d238c01"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 41ms
40ms Preflight 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Fri, 05 Jan 2024 00:41:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4523-YYZ

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 95CE
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
189 B

42ms
41ms

XHR
application/json

2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7e06fbc331afb794e9653df699f0054d4e522e302f844fbb1aa56bcb36b85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 05 Jan 2024 00:41:38 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 95CE 29 B
495 B 87ms
24ms Script
text/javascript 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:29:25 GMT
x-content-type-options: nosniff
age: 733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 05 Jan 2024 00:44:25 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 91ms
32ms Preflight
text/html 2607:f8b0:4006:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 05 Jan 2024 00:41:38 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0287 86 KB
40 KB 44ms
42ms XHR
application/json+protobuf 2607:f8b0:4006:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

75584ae5b715a75b9b36b92d2e91afdf5e35a43b028cfaab1b86613074ac61b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 05 Jan 2024 00:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40725
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 0287 116 KB
33 KB 25ms
25ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 18:20:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 109241
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33549
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 18:20:57 GMT

GET
H2 200 Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js Show response
www.google.com/js/th/ Frame 0287 51 KB
20 KB 90ms
24ms Script
text/javascript 2607:f8b0:4006:822::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 17:13:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26865
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19777
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Jan 2025 17:13:53 GMT

GET
H2 200 default.jpg
i.ytimg.com/vi/bxGKZ6lfJ7A/ Frame 0287 3 KB
3 KB 84ms
24ms Image
image/jpeg 2607:f8b0:4006:80d::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/bxGKZ6lfJ7A/default.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:04:28 GMT
x-content-type-options: nosniff
age: 5831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2965
x-xss-protection: 0
server: sffe
etag: "1703142370"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 05 Jan 2024 01:04:28 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 33ms
32ms Preflight
text/html 2607:f8b0:4006:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 05 Jan 2024 00:41:39 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 95CE 86 KB
40 KB 50ms
50ms XHR
application/json+protobuf 2607:f8b0:4006:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7251315a3d90101dc3001dd91b4006a3c1c93c02b3a9df9b1b5b255f0fa7c490

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40672
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/da154528/player_ias.vflset/en_US/ Frame 95CE 116 KB
33 KB 25ms
25ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 18:20:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 109242
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33549
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 02:48:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 18:20:57 GMT

GET
H2 200 Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js Show response
www.google.com/js/th/ Frame 95CE 51 KB
19 KB 26ms
24ms Script
text/javascript 2607:f8b0:4006:822::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/Tsw0Yn1BA_u41wm3FNlInuFvbxWhU_qzb8oN8tyvKnc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 17:13:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19777
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Jan 2025 17:13:53 GMT

GET
H2 200 default.jpg
i.ytimg.com/vi/rZPCKoUReO0/ Frame 95CE 2 KB
2 KB 25ms
24ms Image
image/jpeg 2607:f8b0:4006:80d::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/rZPCKoUReO0/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARhyIFYoPTAP&rs=AOn4CLCM5ONTEJwdjxOrSlWBNC86VGolng

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:04:28 GMT
x-content-type-options: nosniff
age: 5831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2380
x-xss-protection: 0
server: sffe
etag: "1703117772"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 05 Jan 2024 01:04:28 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 383 KB
92 KB 46ms
46ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uPFqyxtrxGqJsyAvB7RnSg==
age: 53124
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93482
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:45 GMT
server: cloudflare
etag: 0x8DADC66BDFA5EC7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a5ea234d-301e-0069-6d88-1700cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad435d554bcf-BUF

POST
H2 200 token Show response
www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 2 KB
2 KB 206ms
204ms Fetch
application/json 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

96b3271ea38c0a7c724c4d5e0682337176bfe05ba2284e521732a48e2bc15736

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-correlation-id: 8407ad43fe2c61de
cf-cache-status: DYNAMIC
via: 1.1 a4a5018e47c99d5484f43a6eb50bda5e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: ORD52-C2
age: 0
x-yottaa-optimizations: ob/1000 si/26D1cc023016-1704395137-9105549198 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Miss from cloudfront
pragma: no-cache
x-ratelimit-1m-remaining: 22985, 1957198
x-ratelimit-1m-reset: 20774, 20773
vary: Accept-Encoding, User-Agent
x-ratelimit-1m-limit: 24000, 2000000
content-type: application/json
cache-control: no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics: 2621cc023035/[117,115,-] 26D1cc023016/[-,118.593]
cf-ray: 8407ad43fe2c61de-ORD
x-amz-cf-id: 34G4n9NS31-muqDo3Vn9GZoslOLhaJjZDBxUecX3h8-uxpgyYo0XBQ==

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 36ms
31ms Preflight
text/html 2607:f8b0:4006:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 05 Jan 2024 00:41:39 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0287 90 B
134 B 36ms
36ms XHR
application/json+protobuf 2607:f8b0:4006:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

093e2808dc802407819bd1b5606167349bafacede8e500db07b21f448922a088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 32ms
31ms Preflight
text/html 2607:f8b0:4006:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 05 Jan 2024 00:41:39 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 95CE 90 B
134 B 38ms
38ms XHR
application/json+protobuf 2607:f8b0:4006:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

75310ba3b1d2c5abd40b81da11130cc6e0f5063d7df4a6f906b67ed2059c21ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 0287 4 KB
2 KB 383ms
66ms Script
text/javascript 2607:f8b0:4006:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:806::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 05 Jan 2024 00:41:39 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 95CE 4 KB
2 KB 419ms
108ms Script
text/javascript 2607:f8b0:4006:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:806::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 05 Jan 2024 00:41:39 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/6e10e834-96b1-4572-80d7-3109ba160fd7/ 73 KB
15 KB 40ms
40ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/6e10e834-96b1-4572-80d7-3109ba160fd7/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71bd66530457656271aa253073fb867cdc9068586f7af54e341667687162909e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 6739
content-md5: FVTe+XzL+4tWjb2VPxjyIQ==
content-length: 15363
x-ms-lease-status: unlocked
last-modified: Tue, 13 Dec 2022 17:32:16 GMT
server: cloudflare
etag: 0x8DADD2FFAAA3EC3
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 73e8b48e-b01e-0058-5103-24e1dc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad458b364bc1-BUF
expires: Sat, 06 Jan 2024 00:41:39 GMT

GET
H2 200 iab2Data.json Show response
cdn.cookielaw.org/vendorlist/ 398 KB
57 KB 39ms
38ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/iab2Data.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7daaea0e23f1b46b8cee7ee002e8b5e16dcd602bae7990a073e6f77a40a33984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: T2EO+M5YujGweuw6GKbrmg==
age: 6739
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 58301
x-ms-lease-status: unlocked
last-modified: Thu, 04 Jan 2024 08:21:37 GMT
server: cloudflare
etag: 0x8DC0CFE2B8F0CCA
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: ab7f320e-d01e-0013-22ea-3e1d8f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad459b374bc1-BUF

GET
H2 200 otTCF.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 68 KB
15 KB 37ms
36ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otTCF.js

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f94185bf320b088eb3c40b75de95ac8516680f4036bd287131b34f9c058146a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jNSx0jAViofB7ggqqp6FUQ==
age: 40377
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 15011
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:44 GMT
server: cloudflare
etag: 0x8DADC66BD0C2AD7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e8c255f1-801e-001e-27e6-1dd55b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad459e524bcf-BUF

GET
H3 204 generate_204
www.youtube.com/ Frame 0287 0
10 B 25ms
24ms Image
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?FSNvBQ
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
www.youtube.com/ Frame 95CE 0
10 B 25ms
24ms Image
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?5UK2Mg
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H2 200 sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 0
0 121ms
120ms Preflight 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-requested-with
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
content-encoding: gzip
date: Fri, 05 Jan 2024 00:41:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4523-YYZ

POST
H2 204 sessions Show response
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/ 0
1 KB 242ms
241ms XHR
text/plain 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/sessions
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjIxMDkwN2NiLWVjMjUtNGRhMy05YjYyLTE0NjA2ZmQzOTMyMyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxNTI2OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrSGNVbXJhMXcwZ1J4dWtXbHFZWXhlY1g6OmNoaWQ6ICIsImV4cCI6MTcwNDQxNzA5OSwiaWF0IjoxNzA0NDE1Mjk5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDgwMjE1Mzk2NjgwNTk5In0.DJBD9QQpjh03F1Ct2vnjk7J-yIKciBp09iVENiXE4qX3FEwR-94HSLdbmHU49Q4AZ6SBv28QbfrPfYaJwXQxJA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
via: 1.1 b285fdc0da95c54b3ea5b2d16104bc8c.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: ORD52-C2
age: 0
x-yottaa-optimizations: ob/0 si/26D1cc023016-1704395137-9105549207 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
pragma: no-cache
allow: OPTIONS,POST
access-control-allow-origin: https://www.elfcosmetics.co.uk
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2621cc02303b/[174,173,-] 26D1cc023016/[-,175.976]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/sessions
accept-ranges: bytes
cf-ray: 8407ad475c4422da-ORD
x-dw-request-base-id: 22TlhURQl2UBAAB_
x-amz-cf-id: 1pyWN1dipZbgeFuH244BXA1Sj4jXGzP4JXRR8Hgj6VYsOG_DXmcaJQ==
x-yottaa-os: 204
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 shoppercontext Show response
www.elfcosmetics.co.uk/api/v1/ 57 B
758 B 482ms
482ms XHR
application/json 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/api/v1/shoppercontext?siteId=elf-eu
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: a6cbc4c9c0b39f6d4edd8d4db4e73971e23c1e4b8b9b6ddd5956164b87fd3ebc

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
accept-language: en-US,en;q=0.9
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjIxMDkwN2NiLWVjMjUtNGRhMy05YjYyLTE0NjA2ZmQzOTMyMyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxNTI2OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrSGNVbXJhMXcwZ1J4dWtXbHFZWXhlY1g6OmNoaWQ6ICIsImV4cCI6MTcwNDQxNzA5OSwiaWF0IjoxNzA0NDE1Mjk5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDgwMjE1Mzk2NjgwNTk5In0.DJBD9QQpjh03F1Ct2vnjk7J-yIKciBp09iVENiXE4qX3FEwR-94HSLdbmHU49Q4AZ6SBv28QbfrPfYaJwXQxJA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
via: 1.1 361be9423fbc0d226d13a3e0f5517234.cloudfront.net (CloudFront)
content-encoding: gzip
x-amzn-remapped-content-length: 57
x-amz-cf-pop: ORD52-C2
age: 0
x-amzn-remapped-connection: close
x-yottaa-optimizations: ob/1000 si/26D1cc023016-1704395137-9105549209 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-amzn-requestid: cdc475f2-164c-4cb8-b6c6-e3d3440d5da4
x-cache: Miss from cloudfront
x-amz-apigw-id: RCl6nFLwiYcESWg=
content-length: 79
etag: W/"39-LgPw152VfElAKHYfDt/MyAcU00g"
x-amzn-trace-id: Root=1-65975043-6c9709214d39c7e2139e3d14;Sampled=0;lineage=dcd1e669:0
content-type: application/json; charset=utf-8
x-yottaa-os: 200
x-yottaa-metrics: 2621cc02303a/[449,448,-] 26D1cc023016/[-,451.180]
x-amzn-remapped-date: Fri, 05 Jan 2024 00:41:40 GMT
x-amz-cf-id: Dcm83ZYlNThweqYXL5kGl6JVROG4am38Kr7ozqCsbEYq8YH5k7I5xg==

GET
H2 200 geo-ip Show response
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/ 199 B
1 KB 249ms
247ms XHR
application/json 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.34

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 af5cdbeee0d74dc841ba3e8c1801409a.cloudfront.net (CloudFront)
x-amz-cf-pop: ORD52-C2
age: 0
x-yottaa-optimizations: ob/1000 si/26D1cc023016-1704395137-9105549215 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.34
x-yottaa-metrics: 2621cc02832f/[183,180,-] 26D1cc023016/[-,185.546]
cf-ray: 8407ad486e0422da-ORD
x-dw-request-base-id: 22TwhURQl2UBAAB_
x-amz-cf-id: ZeSyqvfOHLZOFmeyE-yGhfmLSltiX-g13G2ULbz6sE-hemfR09oS2A==

GET
H2 200 geo-ip Show response
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/ 199 B
1 KB 421ms
420ms XHR
application/json 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.34

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
x-amz-cf-pop: ORD52-C2
age: 0
x-yottaa-optimizations: ob/1000 si/26D1cc023016-1704395137-9105549216 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
allow: GET,HEAD,OPTIONS
content-type: application/json;charset=UTF-8
cache-control: max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os: 200
x-proxy-request-url: https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=96.9.249.34
x-yottaa-metrics: 2621cc02832e/[280,276,-] 26D1cc023016/[-,281.960]
cf-ray: 8407ad48ca35113c-ORD
x-dw-request-base-id: khnp0kRQl2UBAAB_
x-amz-cf-id: -KJDxwwXplRH9FKVzXzwSbckOzAcWPMAf93SCZ_Hy8w-lJ8_z4R0Xg==

GET
H2 200 baskets Show response
www.elfcosmetics.co.uk/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bckHcUmra1w0gRxukWlqYYxecX/ 11 B
1 KB 235ms
235ms Fetch
application/json 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bckHcUmra1w0gRxukWlqYYxecX/baskets?siteId=elf-eu

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
accept-language: en-US,en;q=0.9
x-pwa-request: true
Authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjIxMDkwN2NiLWVjMjUtNGRhMy05YjYyLTE0NjA2ZmQzOTMyMyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxNTI2OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrSGNVbXJhMXcwZ1J4dWtXbHFZWXhlY1g6OmNoaWQ6ICIsImV4cCI6MTcwNDQxNzA5OSwiaWF0IjoxNzA0NDE1Mjk5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDgwMjE1Mzk2NjgwNTk5In0.DJBD9QQpjh03F1Ct2vnjk7J-yIKciBp09iVENiXE4qX3FEwR-94HSLdbmHU49Q4AZ6SBv28QbfrPfYaJwXQxJA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
x-correlation-id: 8407ad48baa2627b
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 e385fbaea7c648ad7e4ea77cdc0acd94.cloudfront.net (CloudFront)
x-amz-cf-pop: ORD52-C2
age: 0
x-yottaa-optimizations: ob/1000 si/26D1cc023016-1704395137-9105549217 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
content-encoding: gzip
x-cache: Miss from cloudfront
content-length: 37
allow: GET,HEAD,OPTIONS
x-ratelimit-remaining: 999
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0,no-cache,no-store
x-yottaa-os: 200
x-proxy-request-url: https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/bckHcUmra1w0gRxukWlqYYxecX/baskets?siteId=elf-eu
x-ratelimit-limit: 99999
accept-ranges: bytes
cf-ray: 8407ad48baa2627b-ORD
x-amz-cf-id: bJts60MVdpLbxxFekClHWacmAuUOeaEJnghLDxh-kXCf6pE8W792cw==
x-yottaa-metrics: 2621cc02832d/[115,112,-] 26D1cc023016/[-,117.295]

POST
H2 201 sync Show response
sdk.iad-05.braze.com/api/v3/content_cards/ 77 B
220 B 125ms
124ms XHR
application/json 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.iad-05.braze.com/api/v3/content_cards/sync

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fc97bdae5bde02f21b184ca5851b8758baa0840d702d36bfcabd72523f298a7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key: ee22cddf-904f-484e-a004-0181ff9a3268
X-Braze-DataRequest: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/json
BRAZE-SYNC-RETRY-COUNT: 0
Referer: https://www.elfcosmetics.co.uk/
X-Requested-With: XMLHttpRequest
X-Braze-ContentCardsRequest: true

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: MISS
x-request-id: 4132bf08-952f-4021-82a0-0e20383e271b
x-served-by: cache-yyz4523-YYZ
x-runtime: 0.061167
etag: W/"fc97bdae5bde02f21b184ca5851b8758"
access-control-max-age: 7200
access-control-allow-methods: POST, GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin,Accept-Encoding
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/120/ Frame 0287 50 KB
15 KB 24ms
24ms Script
text/javascript 2607:f8b0:4006:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/120/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:806::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 17:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25337
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14705
x-xss-protection: 0
last-modified: Mon, 23 Oct 2023 15:04:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 05 Jan 2024 17:39:22 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 13 KB
3 KB 38ms
37ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: vO8A/abKpoPacUrvSk9OSw==
age: 6739
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B7AF38D0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 716fea89-301e-0069-5c71-2200cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad494d654bc1-BUF

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/ 61 KB
12 KB 38ms
38ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: mBGnk7IXt0USbYmXZQhmOw==
age: 6739
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:37 GMT
server: cloudflare
etag: 0x8DADC66B90C98A8
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 926fc64a-e01e-009e-04be-0b2a5d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad495d664bc1-BUF

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 21 KB
4 KB 39ms
38ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 6739
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 58a0ec20-b01e-0058-05af-0be1dc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8407ad495d674bc1-BUF

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/120/ Frame 95CE 50 KB
14 KB 28ms
27ms Script
text/javascript 2607:f8b0:4006:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/120/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:806::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 17:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25338
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14705
x-xss-protection: 0
last-modified: Mon, 23 Oct 2023 15:04:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 05 Jan 2024 17:39:22 GMT

POST
H2 200 baskets Show response
www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/ 3 KB
2 KB 259ms
254ms XHR
application/json 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfcosmetics.co.uk/mobify/proxy/ocapi/s/elf-eu/dw/shop/v21_3/baskets

Requested by

Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),

Reverse DNS

Software

Resource Hash

f1c842c98ad484abc1113fba5748e00e00dd8c29876dad521d4ce3051d5e3ff3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
x-dw-client-id: f9f7052a-f742-4c38-bdf5-1da004e7fb3b
accept-language: en-US,en;q=0.9
x-pwa-request: true
authorization: Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjIxMDkwN2NiLWVjMjUtNGRhMy05YjYyLTE0NjA2ZmQzOTMyMyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxNTI2OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrSGNVbXJhMXcwZ1J4dWtXbHFZWXhlY1g6OmNoaWQ6ICIsImV4cCI6MTcwNDQxNzA5OSwiaWF0IjoxNzA0NDE1Mjk5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDgwMjE1Mzk2NjgwNTk5In0.DJBD9QQpjh03F1Ct2vnjk7J-yIKciBp09iVENiXE4qX3FEwR-94HSLdbmHU49Q4AZ6SBv28QbfrPfYaJwXQxJA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
via: 1.1 0dfd4a767fdb169a154f978de9887036.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: ORD52-C2
age: 0
x-yottaa-optimizations: ob/1000 si/26D1cc023016-1704395137-9105549223 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-dw-version-status: deprecated
x-cache: Miss from cloudfront
content-length: 1009
pragma: no-cache
etag: 80b7a264501cc53a1655e0849d61851346eea1dbc2a914f545483304d1b476b9
allow: OPTIONS,POST
content-type: application/json;charset=UTF-8
x-dw-resource-state: 80b7a264501cc53a1655e0849d61851346eea1dbc2a914f545483304d1b476b9
access-control-allow-origin: https://www.elfcosmetics.co.uk
access-control-expose-headers: etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-metrics: 2621cc02836a/[182,180,-] 26D1cc023016/[-,186.029]
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-proxy-request-url: https://cc-elf-eu-prd.elfcosmetics.co.uk/s/elf-eu/dw/shop/v21_3/baskets
accept-ranges: bytes
cf-ray: 8407ad4a292722da-ORD
x-dw-request-base-id: 22QBhkRQl2UBAAB_
x-amz-cf-id: E4DfSvw2BVR3JFVNHl3_wFWZCD-CaOp2k3tdZKPI5ngV1D2qIfsBRg==
x-yottaa-os: 200
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 init.js Show response
www.elfcosmetics.co.uk/XT4Gy2ig/ 165 KB
74 KB 106ms
101ms Script
application/javascript 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 720b2cd770797ab3eefd3192cb38cbd2cec573cef3380610ab30f3aac900f7cc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
content-encoding: gzip
etag: "294d5-2jVj86LlhZM0yYYjrM5b1YY9XUU"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
x-yottaa-metrics: 26D1cc023016/[-,45.321]
x-px-hash: YWRlNDg0YjkxYzUxZjBkODgyNmYyYjljYTljZjgzZjQ0OTE2ZTNlMWI5ODQwMjQ0MjAwMDYxOGY1MTNkMjBiMw==
x-yottaa-optimizations: ob/0 si/26D1cc023016-1704395137-9105549224 tts/1704415300130 ti/0 ai/5dbb1b434f1bbf5af87e10a5

POST
H2 200 event
qoe-1.yottaa.net/log-nt/ 3 B
191 B 142ms
28ms Ping
text/json 204.2.49.48
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://qoe-1.yottaa.net/log-nt/event
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.2.49.48 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 05 Jan 2024 00:41:40 GMT
access-control-expose-headers: X-Results-Data-Source
access-control-allow-credentials: true
cache-control: no-cache
timing-allow-origin: *
content-type: text/json

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/ 216 KB
67 KB 31ms
31ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 08:24:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 145017
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68492
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 02:44:34 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Jan 2025 08:24:43 GMT

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
514 B 40ms
37ms Fetch
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 1228
x-ms-lease-status: unlocked
last-modified: Thu, 04 Jan 2024 03:32:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 98ea89d7-501e-009b-03da-3ef886000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8407ad4aae474bc1-BUF

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 38ms
37ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 58657
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Thu, 04 Jan 2024 03:32:43 GMT
server: cloudflare
etag: 0x8DC0CD5CFC75AFB
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 29490746-c01e-007d-10e5-3e48a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8407ad4ad9654bcf-BUF

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 36ms
36ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Jan 2024 00:41:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 58795
x-ms-lease-status: unlocked
last-modified: Thu, 04 Jan 2024 03:32:43 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: f81f2af0-701e-0035-13c1-3e5597000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8407ad4ad9674bcf-BUF

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 35ms
34ms Image
image/svg+xml 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 b285fdc0da95c54b3ea5b2d16104bc8c.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: ORD52-C2
age: 2611282
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/26D1cc023016-1701807751-6065845274 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Hit from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2621cc023043/[13,5,-] 26D1cc023016/[hit]
x-amz-cf-id: xz_nNGhUfgOFk-VkjHfDUcWQU_rHJN0ixu3WkkENII1sXyiAwJ63xg==

GET
H2 200 js Show response
www.paypal.com/sdk/ 406 KB
113 KB 67ms
23ms Script
application/javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6e848d0b492539df00f84e58a63d237c58fbab26b7c07243795bb0d10f2428f2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-c1ytdAj3h9KrW2aNxOy8kw/abItOFl67whF5kzhNyFWhIM7W' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-c1ytdAj3h9KrW2aNxOy8kw/abItOFl67whF5kzhNyFWhIM7W' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-c1ytdAj3h9KrW2aNxOy8kw/abItOFl67whF5kzhNyFWhIM7W' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-c1ytdAj3h9KrW2aNxOy8kw/abItOFl67whF5kzhNyFWhIM7W' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 05 Jan 2024 00:41:40 GMT
age: 5876
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, HIT, MISS
p3p: true
paypal-debug-id: f9902594fd9d1
server-timing: "traceparent;desc="00-0000000000000000000f9902594fd9d1-97213c54f18c7b99-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 113567
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200134-BUR, cache-yyz4528-YYZ, cache-yyz4528-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f9902594fd9d1-ffaca4e52285e7bd-01
x-timer: S1704415301.502569,VS0,VE5
etag: W/"1bb9f-ZMg8mgqn9dqIPJn7MnQi0sUzvhY"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 12, 1, 0

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 560 B
809 B 134ms
62ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: b74c7e9fe7acd67835663553d1d36d74167ac1dc36fa2436a07099da282fefd8

Request headers

Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 05 Jan 2024 00:41:39 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 560

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 35ms
34ms Image
image/svg+xml 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:40 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 b285fdc0da95c54b3ea5b2d16104bc8c.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: ORD52-C2
age: 2611282
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/26D1cc023016-1701807751-6065845274 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Hit from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2621cc023043/[13,5,-] 26D1cc023016/[hit]
x-amz-cf-id: xz_nNGhUfgOFk-VkjHfDUcWQU_rHJN0ixu3WkkENII1sXyiAwJ63xg==

GET
H2 200 NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 5 KB
5 KB 190ms
43ms Image
image/png 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
x-amz-version-id: null
cf-cache-status: HIT
age: 27769
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
content-length: 5378
last-modified: Thu, 04 Jan 2024 08:30:33 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
accept-ranges: bytes
cf-ray: 8407ad5018d34bd2-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 2 KB
1 KB 191ms
44ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 7034
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 Jan 2024 11:44:47 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407ad5018d24bd2-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 icon-noun-snowflake-1044022
elfcosmetics.a.bigcontent.io/v1/static/ 3 KB
2 KB 187ms
40ms Image
image/svg+xml 2606:4700:4400::ac40:91b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-snowflake-1044022?%24Desktop%24=&fmt=auto
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: HIT
age: 27769
x-amz-server-side-encryption: AES256
x-amp-cf-worker: true
edge-control: max-age=86400
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 04 Jan 2024 06:40:00 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=1800
cf-ray: 8407ad5018d54bd2-BUF
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

HEAD
H2 200 init.js Show response
www.elfcosmetics.co.uk/XT4Gy2ig/ 0
449 B 93ms
92ms XHR
application/javascript 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
content-encoding: gzip
etag: "294d5-y+/3pxiuFAjc1edDewd7k7aUuHw"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
x-yottaa-metrics: 26D1cc023016/[-,62.780]
x-px-hash: YzIwNDBiNWY1NTIzYTEyZTdhMGY2ZWE0MWFmZDIzNzFhNjkyZDI4MTY0MDI4YzQyMGQ4NWVhOGVmZmIwNTJkMA==
x-yottaa-optimizations: ob/0 si/26D1cc023016-1704395137-9105549240 tts/1704415301082 ti/0 ai/5dbb1b434f1bbf5af87e10a5

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 0287 28 B
50 B 43ms
43ms XHR
application/json 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time: 1704415301020
Content-Type: application/json
X-YouTube-Utc-Offset: -600
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/bxGKZ6lfJ7A?enablejsapi=1
X-YouTube-Client-Version: 1.20231217.00.00
X-YouTube-Time-Zone: Pacific/Honolulu
X-Goog-Visitor-Id: CgtTZGRWYUFRTzZqcyi_oN2sBjIKCgJVUxIEGgAgYg%3D%3D
X-YouTube-Ad-Signals: dt=1704415298309&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

GET
H2 200 local Show response
www.paypal.com/credit-presentment/experiments/ Frame 466E 5 KB
2 KB 24ms
24ms Document
text/html 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3fc6b6bcffd05473bac21ae5accce811325fefd1eed62722fef4ee1713802a3e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-expose-headers: Server-Timing
age: 41092
cache-control: s-maxage=86400, max-age=0
content-encoding: gzip
content-length: 1525
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type: text/html; charset=utf-8
date: Fri, 05 Jan 2024 00:41:41 GMT
dc: ccg11-origin-www-1.paypal.com
edge-cache-tag: up-treatments-zoid
etag: W/"1479-/Aa6EOLj6s29fqXofNmQvLlyL+g"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f7733657a90a2
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: "traceparent;desc="00-0000000000000000000f7733657a90a2-7cde213f1f371e66-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f7733657a90a2-35b19da423644d04-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT, MISS
x-cache-hits: 5750, 1365, 0
x-served-by: cache-bur-kbur8200094-BUR, cache-yyz4528-YYZ, cache-yyz4528-YYZ
x-timer: S1704415301.193542,VS0,VE6
x-xss-protection: 1; mode=block

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 14 KB
6 KB 27ms
26ms Script
application/x-javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.co.uk&t=xo&v=5.0.418&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

08be9f99365668d3d9b7a68cb33a1312d5ec06d670f6cc010140ec138738f8be

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-xSt4QasQ/5mXG813DfjVo956K5kmYbcorqdj6YiBdn2GUHdt' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-xSt4QasQ/5mXG813DfjVo956K5kmYbcorqdj6YiBdn2GUHdt' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 05 Jan 2024 00:41:41 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 6739
x-cache: MISS, HIT, MISS
paypal-debug-id: f8001859e8769
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4796
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200166-BUR, cache-yyz4528-YYZ, cache-yyz4528-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f8001859e8769-efd97a266535cb6f-01
x-timer: S1704415301.196296,VS0,VE8
etag: W/"3694-BVeCtYVa2QlfyRFe/ZZNbAx1Mjw"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 1, 0

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 35ms
34ms Image
image/svg+xml 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 b285fdc0da95c54b3ea5b2d16104bc8c.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: ORD52-C2
age: 2611283
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/26D1cc023016-1701807751-6065845274 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Hit from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2621cc023043/[13,5,-] 26D1cc023016/[hit]
x-amz-cf-id: xz_nNGhUfgOFk-VkjHfDUcWQU_rHJN0ixu3WkkENII1sXyiAwJ63xg==

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 41ms
40ms Image
image/svg+xml 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 b285fdc0da95c54b3ea5b2d16104bc8c.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: ORD52-C2
age: 2611283
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/26D1cc023016-1701807751-6065845274 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Hit from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2621cc023043/[13,5,-] 26D1cc023016/[hit]
x-amz-cf-id: xz_nNGhUfgOFk-VkjHfDUcWQU_rHJN0ixu3WkkENII1sXyiAwJ63xg==

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 95CE 28 B
50 B 44ms
43ms XHR
application/json 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/da154528/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-Goog-Request-Time: 1704415301545
Content-Type: application/json
X-YouTube-Utc-Offset: -600
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
X-YouTube-Client-Version: 1.20231217.00.00
X-YouTube-Time-Zone: Pacific/Honolulu
X-Goog-Visitor-Id: CgtGU0QybDh5anp2OCi_oN2sBjIKCgJVUxIEGgAgWQ%3D%3D
X-YouTube-Ad-Signals: dt=1704415298317&flash=0&frm=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1005 B
917 B 137ms
136ms XHR
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

32c06eae7764adb8ef97eeca52c6546737a1b150947f0232169b5704feaed752

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS, MISS, MISS
paypal-debug-id: f559246d8dbd9
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-bur-kbur8200179-BUR, cache-yyz4577-YYZ, cache-yyz4577-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f559246d8dbd9-afd3c9bc5469abc4-01
x-timer: S1704415302.732571,VS0,VE118
etag: W/"3ed-Tajot36cbbrlgkk/n4DuN88Q5Y4"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.co.uk
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: none
x-cache-hits: 0, 0, 0

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 466E 406 KB
112 KB 24ms
23ms Script
application/javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=GBP&vault=true&components=buttons,messages

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6e848d0b492539df00f84e58a63d237c58fbab26b7c07243795bb0d10f2428f2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-c1ytdAj3h9KrW2aNxOy8kw/abItOFl67whF5kzhNyFWhIM7W' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-c1ytdAj3h9KrW2aNxOy8kw/abItOFl67whF5kzhNyFWhIM7W' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-c1ytdAj3h9KrW2aNxOy8kw/abItOFl67whF5kzhNyFWhIM7W' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-c1ytdAj3h9KrW2aNxOy8kw/abItOFl67whF5kzhNyFWhIM7W' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
disable-set-cookie: true
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 05 Jan 2024 00:41:41 GMT
age: 5877
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT, HIT, MISS
p3p: true
paypal-debug-id: f9902594fd9d1
server-timing: "traceparent;desc="00-0000000000000000000f9902594fd9d1-97213c54f18c7b99-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 113567
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200134-BUR, cache-yyz4528-YYZ, cache-yyz4528-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f9902594fd9d1-ffaca4e52285e7bd-01
x-timer: S1704415302.607918,VS0,VE5
etag: W/"1bb9f-ZMg8mgqn9dqIPJn7MnQi0sUzvhY"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 12, 2, 0

GET
H2 200 ts
t.paypal.com/ 42 B
544 B 724ms
144ms Image
image/gif 151.101.193.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=95c92811-df2a-4f29-8e3f-9af8b4e63cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704415301614&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Fri, 05 Jan 2024 00:41:42 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 9588f0da874be
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200047-BUR, cache-yyz4560-YYZ
pragma: no-cache
correlation-id: 9588f0da874be
traceparent: 00-00000000000000000009588f0da874be-803912a15360d473-01
x-timer: S1704415302.237044,VS0,VE94
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jan 2024 00:41:42 GMT

GET
H2 200 script-tag.js Show response
cdn-scripts.signifyd.com/api/ 11 KB
4 KB 570ms
29ms Script
application/javascript 108.138.106.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.106.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-106-128.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ca67abd72277ede1c07eeb903847d902d19ec6e30fb5780a24ddff9d788bb300

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:20:03 GMT
content-encoding: gzip
via: 1.1 eb4c39562c3ea08ed99a3ec30c18db3c.cloudfront.net (CloudFront)
last-modified: Thu, 04 Jan 2024 17:50:03 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P3
age: 1299
x-amz-server-side-encryption: AES256
etag: W/"103f216174ff59c350586365462053e4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: PZmhNeh123JjRo9hiFKhvLVr0cJNr6GeytiWCeM0DNI3achP18xlFQ==

POST
H2 200 collector Show response
collector-pxxt4gy2ig.px-cloud.net/api/v2/ 600 B
655 B 80ms
79ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxt4gy2ig.px-cloud.net/api/v2/collector
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/XT4Gy2ig/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 8001e4219c7a2fbcbdbffdb8bd080bf49d35824d9a5a4bf12343402b92efeff6

Request headers

Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 05 Jan 2024 00:41:41 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfcosmetics.co.uk
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 454ms
40ms Script
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/79B8) /

Resource Hash

20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: bb612b715effa
dc: ccg11-origin-www-1.paypal.com
content-length: 16355
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
server: ECAcc (nya/79B8)
traceparent: 00-0000000000000000000bb612b715effa-fabdeb41e59ea4a4-01
etag: "64f25363-daa8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 05 Jan 2024 01:41:42 GMT

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 168ms
132ms Preflight 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.elfcosmetics.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.elfcosmetics.co.uk
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 0
date: Fri, 05 Jan 2024 00:41:41 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f559246d8e46e
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f559246d8e46e-5b157a39567f3a9c-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-content-type-options: nosniff
x-served-by: cache-bur-kbur8200168-BUR, cache-yyz4577-YYZ, cache-yyz4577-YYZ
x-timer: S1704415302.598896,VS0,VE114

GET
H2 200 hash Show response
www.paypal.com/credit-presentment/experiments/ Frame 466E 40 B
2 KB 147ms
147ms Fetch
text/html 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/credit-presentment/experiments/hash?device_id=uid_6fa9a1a39b_mda6nde6ndi&disableSetCookie=true&features=disable-set-cookie

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com https:; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=disable-set-cookie&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1HQlAmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.53.0&integrationType=SDK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 05 Jan 2024 00:41:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 0
edge-cache-tag: up-treatments-hash
x-cache: MISS, MISS, MISS
paypal-debug-id: f559246653830
server-timing: "traceparent;desc="00-0000000000000000000f559246653830-73941300a5198aab-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 56
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200110-BUR, cache-yyz4528-YYZ, cache-yyz4528-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f559246653830-0923594b644b8048-01
x-timer: S1704415302.306843,VS0,VE127
etag: W/"28-xz7oeWVj/8B52QKKulWR9ZDQlKU"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: s-maxage=86400, max-age=0
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

GET
H2 200 company_toolkit.js Show response
cdn-scripts.signifyd.com/api/ 4 KB
2 KB 30ms
29ms Script
application/javascript 108.138.106.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by: Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.106.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-106-128.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:14:56 GMT
content-encoding: gzip
via: 1.1 eb4c39562c3ea08ed99a3ec30c18db3c.cloudfront.net (CloudFront)
last-modified: Tue, 30 May 2023 10:18:44 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P3
age: 1606
x-amz-server-side-encryption: AES256
etag: W/"2c3950f122b3977df61b0e077aaa92c8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1800
x-amz-cf-id: yk2VCVzrRXuPNjqGWWXq5MDoh58jvIwVvJj_VUoz6Qil6v40ECLP6Q==

GET
H2 200 gb.svg
www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/ 717 B
1 KB 30ms
30ms Image
image/svg+xml 204.2.48.22
YOTTAA-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elfcosmetics.co.uk/mobify/bundle/10312/static/img/flag-icons/gb.svg
Requested by: Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/mobify/bundle/10312/vendor.js?yocs=o_q_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.2.48.22 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software: /
Resource Hash: 6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/cosmetic-criminals
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:42 GMT
x-amz-version-id: 399O12CNwjV32R0kL7ZWcO8hfjZkbpmy
via: 1.1 b285fdc0da95c54b3ea5b2d16104bc8c.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: ORD52-C2
age: 2611284
x-amz-server-side-encryption: AES256
x-yottaa-optimizations: ob/1001 si/26D1cc023016-1701807751-6065845274 tts/1701368386279 ti/5dbb1b444f1bbf5af87e1179 ai/5dbb1b444f1bbf5af87e1113 tm/0
x-cache: Hit from cloudfront
x-amz-meta-deploy: 621188
content-length: 431
x-amz-meta-bundle: 10312
x-yottaa-forcecache: true
last-modified: Tue, 05 Dec 2023 19:01:17 GMT
etag: "09d729feb9edb852ea0daca331a9b058"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31104000
x-yottaa-os: 200
x-yottaa-metrics: 2621cc023043/[13,5,-] 26D1cc023016/[hit]
x-amz-cf-id: xz_nNGhUfgOFk-VkjHfDUcWQU_rHJN0ixu3WkkENII1sXyiAwJ63xg==

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame 1B91 55 KB
17 KB 35ms
35ms Document
text/html 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nya/78F4) /

Resource Hash

7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16892
content-type: text/html
date: Fri, 05 Jan 2024 00:41:42 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "64f25363-dacc"
expires: Fri, 05 Jan 2024 01:41:42 GMT
last-modified: Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id: 6a244898dfca5
server: ECAcc (nya/78F4)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000006a244898dfca5-3676ecc28503d2fd-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff

POST logger
www.paypal.com/xoplatform/logger/api/ Frame 466E 0
0

GET
H/1.1 200
OK b3dgat5op8ai4uq9.js Show response
imgs.signifyd.com/ 95 KB
13 KB 428ms
90ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/b3dgat5op8ai4uq9.js?1ixvnoq9t8jnrmae=w2txo5aa&p4g8e2r6nyl4pf7l=L2RkODhiMjQ1NjZiYmQ0ZTkwZDQ0ZTRlYTFh

Requested by

Host: www.elfcosmetics.co.uk
URL: https://www.elfcosmetics.co.uk/cosmetic-criminals

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

da6c45acb0bbde84fa84ba5bfa467d11108c0782620de5b158b0eedd957cac51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Fri, 05 Jan 2024 00:41:42 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame 1B91 18 B
211 B 127ms
127ms Fetch
application/javascript 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (daa/7D8C) /

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.paypalobjects.com/muse/analytics/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 00:41:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
paypal-debug-id: a3b7505c1d347
dc: ccg11-origin-www-1.paypal.com
content-length: 18
last-modified: Sat, 13 Feb 2021 00:26:56 GMT
server: ECAcc (daa/7D8C)
traceparent: 00-0000000000000000000a3b7505c1d347-597343d328d21971-01
etag: "60271cd0-12"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Fri, 05 Jan 2024 00:41:41 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
225 B 122ms
122ms Image
image/gif 151.101.193.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=95c92811-df2a-4f29-8e3f-9af8b4e63cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1704415302911&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Fri, 05 Jan 2024 00:41:43 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 6348af4817fdd
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200123-BUR, cache-yyz4560-YYZ
pragma: no-cache
correlation-id: 6348af4817fdd
traceparent: 00-00000000000000000006348af4817fdd-9e85997a65306f70-01
x-timer: S1704415303.923128,VS0,VE91
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jan 2024 00:41:42 GMT

GET
H/1.1 200
OK e3Ff9hZBYFXOixiv Show response
imgs.signifyd.com/ Frame 98B3 272 KB
46 KB 97ms
96ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/e3Ff9hZBYFXOixiv?387c24070224faaf=j-GI_FdF2u3E2HM1qqGE_e5EQKf7jUQoGaD97hJDKiRNxhwqUldiSaWA7gIwaJQGgRnq47l2OnybR5nyTp_CUMb3zC_Fhsfk0FWQNBFSz_EGlV17dljS9_uWlmRuC5QeemuEuBSiML94H369LosR5XeW-zdC4khvBzY9KxoFPdNZNyYv77xLF4vIV-eseAEnyzlIZT9KHIDMbyHu&jb=3d3b242c6073677d355d696e6e657d7b2e62736f3757636c6e6f77732f3232393926687b6a773f49627267656d2c6a73683749607a676d652f323a333830

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/b3dgat5op8ai4uq9.js?1ixvnoq9t8jnrmae=w2txo5aa&p4g8e2r6nyl4pf7l=L2RkODhiMjQ1NjZiYmQ0ZTkwZDQ0ZTRlYTFh

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

595a072433f810e4ee7ab5122966779818b79583f5ea842de69b39d19846c6d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
tmx-nonce: 3bbf40168fcbde45
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK IWypo1sZdT1lxxgu
imgs.signifyd.com/ Frame 98B3 81 B
475 B 263ms
88ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/IWypo1sZdT1lxxgu?ea5400b2b0d8796d=JF0vXuHajvBhFOod2BubGvyTqp_kF4WgCCsa-aQdO5ZoELBKTzyDrhXGUt3_BaMihGqBXD-eojiPhyBhlbMoBHLsa7-jAAkvq9j71vK78tbekHk7qaZtNH3V6qVKLQ1FDRryjaxHxbWLaomJQPJ8Ko8TONWsQWkrDgvY6rQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK rNC8DIkeG2uHi3i3
imgs.signifyd.com/ Frame 98B3 81 B
475 B 262ms
87ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/rNC8DIkeG2uHi3i3?73c5f9d9161de00f=u0dSh_Hp3LMoLZE3ozWc9J4IGm5I4Vy1v6QX-VhRjOgoYGYaxoZWeV0eambppMP_Q2lZSS67m_ag3AQDxkZCjV0nWiBpg9VIFcM6pLSQmSIYl0HxyejP4irfi2xevQz2_NeaOi2aMjaei76_XlfznHUVinr8myQsEZ27oXQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame 1B91 446 B
1 KB 309ms
309ms Fetch
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql?disableSetCookie=true

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b1af56f3a3435d2bbc804c3ceb3849fd6bca150f3c92203ed4732c9ca12e2dd1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-R8ZY4VhkrSwcu2t7JnuNLX9cGeGS2+XSFOM3ryl4xHWSl1K+' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
disable-set-cookie: true
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-R8ZY4VhkrSwcu2t7JnuNLX9cGeGS2+XSFOM3ryl4xHWSl1K+' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
disable-set-cookie: true
date: Fri, 05 Jan 2024 00:41:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS, MISS
paypal-debug-id: f6116173f898e
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-bur-kbur8200050-BUR, cache-yyz4528-YYZ, cache-yyz4528-YYZ
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent: 00-0000000000000000000f6116173f898e-87357a95c4f44f1a-01
x-timer: S1704415303.197092,VS0,VE291
etag: W/"1be-zOoHYl6kGzSuFEPCER/lajSJ9Ac"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
x-cache-hits: 0, 0, 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 144ms
144ms Preflight 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql?disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,disable-set-cookie
Access-Control-Request-Method: POST
Origin: https://www.paypalobjects.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,disable-set-cookie
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Fri, 05 Jan 2024 00:41:43 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f611617911483
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f611617911483-31d55fb3a8387edd-01
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-served-by: cache-bur-kbur8200066-BUR, cache-yyz4577-YYZ, cache-yyz4577-YYZ
x-timer: S1704415303.052272,VS0,VE123

GET
H/1.1 200
OK clear.png Show response
imgs.signifyd.com/fp/ Frame 98B3 81 B
538 B 266ms
87ms XHR
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/fp/clear.png

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/e3Ff9hZBYFXOixiv?387c24070224faaf=j-GI_FdF2u3E2HM1qqGE_e5EQKf7jUQoGaD97hJDKiRNxhwqUldiSaWA7gIwaJQGgRnq47l2OnybR5nyTp_CUMb3zC_Fhsfk0FWQNBFSz_EGlV17dljS9_uWlmRuC5QeemuEuBSiML94H369LosR5XeW-zdC4khvBzY9KxoFPdNZNyYv77xLF4vIV-eseAEnyzlIZT9KHIDMbyHu&jb=3d3b242c6073677d355d696e6e657d7b2e62736f3757636c6e6f77732f3232393926687b6a773f49627267656d2c6a73683749607a676d652f323a333830

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, w2txo5aa/3bbf40168fcbde45l2rkodhimjq1njziymq0ztkwzdq0ztrlytfh
Referer: https://www.elfcosmetics.co.uk/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Fri, 05 Jan 2024 00:41:43 GMT
Server: Apache
Etag: 98ab441f890d44f0acda0e7b2d555537
Content-Type: image/png
Access-Control-Allow-Origin: https://www.elfcosmetics.co.uk
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Wed, 03 Jan 2029 00:41:43 GMT

GET
H/1.1 200
OK T7CJJgznsP-m6x11 Show response
imgs.signifyd.com/ Frame 22F9 90 KB
13 KB 91ms
90ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/T7CJJgznsP-m6x11?f554e79646fefc72=qp8FTZUuGxiUsL6hIqrMgJkMHCiy7AEf3b7KI0rDhp83bDQnSAjdLMAXhoq6C7JceU8x8R0b7ZVJPPWn4EVINNTb70l6OcfuxdAADx1Rg6FuzswOd9rhquN_5-Gcignz138csi-u23oFHyQXWfdtC8jk7uzjxGEdeSkgZ33WKcgOCzU2Y9KbCMuQ5Wl4VQu5pcOhMOXZ3z5ofrRSFNM

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

c256d8ebf61c95b31654c88331422ea7e3f09c8fc6a514dc8a74b73f005a05eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Fri, 05 Jan 2024 00:41:43 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=97
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content rTi-dPMjCNmS26YA Show response
imgs.signifyd.com/ Frame 98B3 0
387 B 88ms
87ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK Tq9qBqOBppRjOBMW Show response
h.online-metrix.net/ Frame DF7E 103 KB
15 KB 262ms
83ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/Tq9qBqOBppRjOBMW?e56e95d19b3f44d0=Bnp_vQyrYq1EA_GXiHuNy5m4r19XBnOlVGajTOeSiXZwhsRUPuGK_8jQKyxCPTwSlUq9nwN0ddPzUn8eO__LTLgK6cwEuIG8T_v9oZNxKhXEpwJvWrvTm-4DDtGwJF1DtnP4gmq1h7c2m5iTyp1XedU7DSMX8kx3QkrcXnimImGUppN3ZJ1g_RXNVu1A2yRT8oWQhWTBCufZ5hqGYFLc

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

a-sac.h.online-metrix.net

Software

Apache /

Resource Hash

28fe6aeccc27aed6c99de7ee42a0bb99818c49301d607118d1a0c4f932ce5054

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Fri, 05 Jan 2024 00:41:43 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK KaMHAqWBDBm3Fbo9 Show response
imgs.signifyd.com/ Frame EAA4 90 KB
13 KB 94ms
94ms Document
text/html 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/KaMHAqWBDBm3Fbo9?629faaa69e5ac612=O0h1-7K3gbcCrSxF6c3iyyv4PX8BiNUJMnCHa2Y0U0tHsUPb3aSKvxqNsGk8QZr7fxYQ3NnFIoZPhSz23MbMp7lZwA4HAl-n20l0bBHK4koFvZafUBgbVl-bEQf2LXpzvHGjNP8XqJe_Ax4i-uAqf_82To4cfiUl4Ko5KHqATo8vtbdAl1bpOwQO_a9HyC1SCP3_TPAQfSGfO-iq53kF

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

5320131a713d1f720cdee9aa1644b3939ada8999b875a77a961c81eb299a5c70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.elfcosmetics.co.uk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Fri, 05 Jan 2024 00:41:43 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
204 rTi-dPMjCNmS26YA Show response
imgs.signifyd.com/ Frame 98B3 0
218 B 103ms
92ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/rTi-dPMjCNmS26YA?6cc3a5993d0ee002=dSeKKVIG-mFE33eWrDLzIGvBXftxEtHghRSzYrdgflH5Hll0s7QIuQfllP-wtTvDpO53Es04iCjTEz1AYxgFcipXHT7JRC3MEAbAXyxPzzlryeRTaqtUPMjpi_F3eV6x2RW353exw73Nz4Io5rsS7e_uytA&ja=393a37382c266b35253c30302c7037382e6e3d313c303a7a3b3230302c616435393632387033303a3a267b70713730783a2c6e787a35312c3b363a32263132303a2c333e38302e393a3232263b363838243b32303a263b3e38382c3138303a2e3a2c302667743f69303830696a6166693d376c6c6e6e66396f6b323c393934373a36683b6b376126676e3f3c2e73616c3530362c666835607c7e70732f394b2d3a4e25324c777d7524656c66696f71656d746b6b7b2c61652475632d3a4c636f79676f7c616b2d637869676b64616c732c706e353b26726035353a6c383869693e686366686f3b393b6a373332376b673a6433626e62306c3c266a603561326c3f386d6b3c3c36326f3c3a30386962396866326769343165383961383126687b673f55636464677f7b2f32303b3b2c627b6a3d436272656f6f2532303b32322e62736d7d35556b646e6f7f7b2e6073627f3749607a676d652c6e62613734266e6e6d3f302e6e6f7c783f322c7e7a6c35586b63696c63692d3a4e486f646f66776675266d6b746a7a353432383b66336938626d6b3838653669693f3e383838326b643b373f3430316c64363d3038333c3966346f6b613a3c6c6939346b6c686c3f3a3331393133346b2664723768767c7873273b4927304c2f324e7f7f7d2e65666c69677b6565746363792c696f2e756125304e6b6f71656d766b6927637a6165636e6166792c7835786c756d69645d6c6c61736225374d6e616e7b6d2372667f676166577d696e6e657d7b5765656463615572666179657825374d6e616e7b6d2372667f676166576b646f686f55696b7a6f626b742f374f66616c7965237864756561665d737f6363637c616765253f4f6c69647b65217a6c7f65636e5f73626f61637f61746d2d37476c6b6c7b6d297a6c756d6364577a6d616c7a6c6b7b6f7225354f6663647b65237864776563645f7e646b55706c6b736f7a2d3d45666b6c79672b706c756d696c576c6574696474702f3f456e69647965217a667f6f61665f737c675574636577657825374d6e616e7b6d2372667f676166576061766b2f3f4d6e696c736f266d6e55633d776f6265645f65604f4427303a3b2e382d3a3a284f7a6f644f442d32304f532f303a322e302f32324b60726d6561776f235d656a4f442f32304d4659442d3a3045592538323b2e302538302a4778656c4f4427303a4f532d3a384d4c53462f38384d5b25323a3124322f32304362726d6561756f215f67604163745f6d6a4169742f383a5f6d6a474c4b4e4d4e4f5f696e797463666b6566576970706b73732d3b4a2f32304f525e576a64656e6e5f676b646d61782f33402d3a3047505c5d6165666f7a576a7f66666f7855606964665f6c6c65637e2533422f32324d50545d6e646d637e5562646d666e2533482f38384d50545f6c726b65556465707e68273b4a2530384d5a56557968696c6d785f746f727e7d7a6d5f6c65642f31482532304f5856577c657a7c7d706755696f65787a6f7373636564576a7874632f334827383045585e5f766d7074777a6d5d616567707a6d7b79696f6455786f7c6b2533482538324f58545f7e657a7c7d7267576e6b6e7e6f7257696663736f7e786578616b2533482538324f58545f7952454a2d33402d3a324d4f595f6d646d67656e7e5563666c6d785f7f6964762f33422538304d4d5b5f646a675d706f64646d7a57676970676b7a2d3b4a25323a4f4f51557374616464637a6c5f666d7a6b746b7e697e6d7b2f33422f383a474d5b5f746f787e7778655f66666f637c2d33402d3a324d4f595f7c6d707e75726f556c646769745f666964676b72253348253038474551577c677a7e7f726d57606b6c66556c6667697c2533482538324545535f7e657a7c7d72675760636e6c55666467697e5f6c63646f697a2d33422f323a4d4f535f766f72766d705f637a7a637b556562626d6b7e2533482f38385f4d4247465f696d666f725f6875646e6d725d6e646d637e2f334a2d3a3a5745484d46576b676d70786579716f645f746f78767d7a655d697b76612f39422d3a385d45424d46556b676570726f7379676e5f74657274777a6d5f677c6b2731482f32385f4d48474c55696565787a657379656e5d7e6578747f7267576d7461392d31402f38305f4d4a4d4c5f696567787a6d73736f6455766f78747578655d7b3b74612d3b4027383a574d4a4f465f6365677a7a6d7b73656e5f7e67727475726f5f713b7c635d7b7a65602f39422d3a385d45424d46556c6d6a756755726f6c6e657265785f6b666e6f273b4a27303a5d454a4f445564657a7e62577c6d78747f726f27394225323a57474a4f4c5d6c7a63755568756e6e6d78732539482f3a385f45424d4c556e6573655f696f6c7c6d78762d3b4027383a574d4a4f465f6d7f667e61576c72617d313c246d6c5f683733646e3d64646e3c35363a6e646b3c383d653638686f386d3f346438353f363c3130346e34303d3126756f64743f4364746d642d3830496469242e7f6f6c72374964766f6c25323a4970617b253038477267644d4c2d3a384f6e6763646f2e6b6b643d38&jb=3937372c667135456770696c666b2f3a4e3d2e302f323a2a5d696e646577712d3a304c5c2d30323b3a2e382d3b4825323a5d63663e3c253348253832723634292f32324978706e6d5f67604163742d3a4e3f333724393c2d3a38284b4254474e2f32432538306e616365273a38456769616f212d3a3a43687865676d2d3a46313830243224363039332e333a312530385b63646b78692d3a4e3f333724393c

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK CSghXXEi-yMRHGUd
w2txo5aaa27ic2cz2vozrfne677ss46h7bnbri7e3bbf40168fcbde45sac.d.aa.online-metrix.net/ Frame 98B3 81 B
438 B 1018ms
79ms Image
image/png 192.225.158.3
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w2txo5aaa27ic2cz2vozrfne677ss46h7bnbri7e3bbf40168fcbde45sac.d.aa.online-metrix.net/CSghXXEi-yMRHGUd?a5e01ec4041f350e=ee5nK0ws1j27YW7cTPUE_OnvjRDZ1Pw7YGj3qKRnSqikrN10HEo5Hz6by3I_VqCMc-90oj5ZpBvBJfZa5ORLEyYulJhwL9rspXrrZfoAiIvUY9GLx2FGk__K1afV8ZA5Tfjc70LqQNW24snGj4GOQLWY1uxIR4PtfUb7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.3 , United States, ASN30286 (THM, US),

Reverse DNS

d.aa.online-metrix.net

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 00:41:44 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 l3y8I4uFf2Jn8yi9
imgs.signifyd.com/ Frame 98B3 0
400 B 93ms
93ms Image
image/png 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgs.signifyd.com/l3y8I4uFf2Jn8yi9?548090333300c51c=iLkGVYrkI4G2UoMTKs7DVl5FUmWlIgahktn8iTtpq_CV4MRz3bjNIYHYPPKXFRLrq7FxVXJZVrCyvqhSJV4jexHMNpywos9iw2vVzDE9CGJROY21xW2eNhrzqQCSpL8CL3AXTRR7gMX-dSsF5Yf6sY4gXbYseWFU5iG-tDIGFnVmVqDL1Av8lEW1lHKFRJ9MRwyo418t9KTwPGemYqk&jf=3c33342c79696c577a64643d7e6e78575e5f785245726c6e3c6f41723e71455d2e736b6c5766637e6f3d393f383e34313f393a3b2e7b6964557473726f3d7765683a676b6c73632e7b6b6655616571353b3a3539393a3b3b383e3037386132343e3863653964323a3831323e383a306b32363c306b6f33643a393a39383f30333e323a323a3438316c37673a3d64333c6a3b613f3863386a6d3f32316f3e3930393d36323e3639376c3739346e373b6d3b32336b69353b3c6e646c6a6d6e65366f333e3a306e31636b323b34323234663c62633d6963373e3d60336f38376b3a6e6e633232683f393b3e36653b6238313b6135646939303e3a653a6e3934363a3a666b39693f2673636e557b616f3d333a343f32383231303a653238393036383c33323a3d37313b303d6436693e6c3f313936343b343e33336431653f3061393f353238393a636c3d35306d3c6c3962323969316e3a3761393038303a3062316b6537393e6363303c63303c6e666b3f3b333533683d6e6b6d3f383438323332386638653363346d3161676a6c3b316833626c6e6c6835663a6c6f6c6c2e73696c723732

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content Tv_rX-8UsBWR2EjV Show response
imgs.signifyd.com/ Frame 22F9 0
387 B 87ms
87ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.signifyd.com/Tv_rX-8UsBWR2EjV?c0bc89b4d1b5c655=cKaTQ-0se_U-OEjhWrHXAk_051bfBBIwuvk7WBAunHNogvEHXg8zjG_t3wfieiaxMFhY0U0iZAJCI6yZz5Q8z8MTHvpaL9t0luBPR5qMjRgm5RceX6a9CaZdrKgghehD211uVY9nzVOzGh6FjPM3hqGOipc&jf=3b342466796235306a3d66343d68393c6b3d35346e643360336133303a65353c3f34613f693263

Requested by

Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T7CJJgznsP-m6x11?f554e79646fefc72=qp8FTZUuGxiUsL6hIqrMgJkMHCiy7AEf3b7KI0rDhp83bDQnSAjdLMAXhoq6C7JceU8x8R0b7ZVJPPWn4EVINNTb70l6OcfuxdAADx1Rg6FuzswOd9rhquN_5-Gcignz138csi-u23oFHyQXWfdtC8jk7uzjxGEdeSkgZ33WKcgOCzU2Y9KbCMuQ5Wl4VQu5pcOhMOXZ3z5ofrRSFNM

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://imgs.signifyd.com/T7CJJgznsP-m6x11?f554e79646fefc72=qp8FTZUuGxiUsL6hIqrMgJkMHCiy7AEf3b7KI0rDhp83bDQnSAjdLMAXhoq6C7JceU8x8R0b7ZVJPPWn4EVINNTb70l6OcfuxdAADx1Rg6FuzswOd9rhquN_5-Gcignz138csi-u23oFHyQXWfdtC8jk7uzjxGEdeSkgZ33WKcgOCzU2Y9KbCMuQ5Wl4VQu5pcOhMOXZ3z5ofrRSFNM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
225 B 110ms
109ms Image
image/gif 151.101.193.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=95c92811-df2a-4f29-8e3f-9af8b4e63cc5&es=visitorInfo&cust=3FHL4H238L68A&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=e.l.f.%20Cosmetics%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=8&identifier_used=DFP&e=im&t=1704415303500&g=600&completeurl=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcosmetic-criminals&disableSetCookie=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Fri, 05 Jan 2024 00:41:43 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 3faeb99828b64
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-bur-kbur8200075-BUR, cache-yyz4560-YYZ
pragma: no-cache
correlation-id: 3faeb99828b64
traceparent: 00-00000000000000000003faeb99828b64-78f7fbf2c569c257-01
x-timer: S1704415304.511608,VS0,VE91
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jan 2024 00:41:43 GMT

GET
H/1.1 204
204 0Oky6vOxSiKHg5ag
h.online-metrix.net/ Frame DF7E 0
400 B 84ms
83ms Image
image/png 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/0Oky6vOxSiKHg5ag?566e8b05060fda49=qoNLPO_GVOsqfpt7iEJuNpeyVqWnZtcB3-e-zp9R-Lb8kxLHfp1KK-gU8GUjYD_qvchCJV8o93ACZhDez0-HMH-4WtbwSm5wka9ATN3fP-eLGWs7GzUVKgRI7NqkRtP0b4ogjS9oQflPwE8uCbGn74JKJ_N330XkqW4NEuYR4ihaj0an8_Em4QyFRYzRKCaJTvYdvYkRrbVmegNxWAo&jf=3c33342c79696c577a64643d7e6e7857403d5931434d4b453e5a487272306c302e736b6c5766637e6f3d393f383e34313f393a3b2e7b6964557473726f3d7765683a676b6c73632e7b6b6655616571353b3a3539393a3b3b383e3037386132343e3863653964323a3831323e383a306b32363c306b6f33643a393a39383f30333e323a323a3433386831343a6961673d393a616b69393a396c6f36663b6c336e316d36633d646c363f3961323d3631316d6533693f6732683f32386a693a30316868393d3c3f39363939383a6f3535336931676e6e64373d6b33353a39373c693e3361623f6e6c3b303e3136393733646c6532326834353f6c65676a3e32343f6b37316b6e322673636e557b616f3d333a343f32383231303a6166313e653a3c6d67363b38326b6c3168663039386c693d3f63653f393e343e3965333835303a6e30643b3030636c3f3169303e6c6434333d3e396c693032683038303a3434656b65373f3b3960383961616868376d6a693e65653b3f3a693b3f36353d363a613b353838683060393b393a303061303f3e616c6e6a396564323c6c3c392e73696c723733

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

a-sac.h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://h.online-metrix.net/Tq9qBqOBppRjOBMW?e56e95d19b3f44d0=Bnp_vQyrYq1EA_GXiHuNy5m4r19XBnOlVGajTOeSiXZwhsRUPuGK_8jQKyxCPTwSlUq9nwN0ddPzUn8eO__LTLgK6cwEuIG8T_v9oZNxKhXEpwJvWrvTm-4DDtGwJF1DtnP4gmq1h7c2m5iTyp1XedU7DSMX8kx3QkrcXnimImGUppN3ZJ1g_RXNVu1A2yRT8oWQhWTBCufZ5hqGYFLc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content rTi-dPMjCNmS26YA Show response
imgs.signifyd.com/ Frame 98B3 0
387 B 93ms
93ms Script
text/javascript 192.225.157.157
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.225.157.157 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.elfcosmetics.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jan 2024 00:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/

Domain: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/

Domain: www.paypal.com
URL: https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.elfcosmetics.co.uk/	1970-01-21 02:12:31	Name: _pxhd Value: t3QZb7M1ivVls-ioiBFo1Ea0-FY5fCAzSgk3kXSSFJfs6vzW5WPtMA4bwJWloPpTbo343w4TOTdE/wVG2Nnlrw==:aFqf1w0qzKBJhY6cQukBRFQRidHq2vlG0CSwCHXg2F6M48GRoi7CqlIQu7Ck9-PmAMPW4oq9jSjfhTDAZznkNyON9HPiRgl31A73solsKEI=
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: oIfPfVDI0Eo
.youtube.com/	1970-01-20 21:46:07	Name: VISITOR_INFO1_LIVE Value: FSD2l8yjzv8
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: initAuthComplete Value: true
.elfcosmetics.co.uk/	1970-01-21 03:02:55	Name: ab.storage.sessionId.ee22cddf-904f-484e-a004-0181ff9a3268 Value: %7B%22g%22%3A%2218d52ab9-805a-c724-48a4-2ba0f3f83276%22%2C%22e%22%3A1704417097585%2C%22c%22%3A1704415297585%2C%22l%22%3A1704415297585%7D
.elfcosmetics.co.uk/	1970-01-21 03:02:55	Name: ab.storage.deviceId.ee22cddf-904f-484e-a004-0181ff9a3268 Value: %7B%22g%22%3A%224c11e3ee-ce9b-30e2-7802-f3f585688867%22%2C%22c%22%3A1704415297588%2C%22l%22%3A1704415297588%7D
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: scapi Value: prd:210907cb-ec25-4da3-9b62-14606fd39323:eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI0MzcyMTkyOS1iNDdiLTQ2OTUtYmQzOC0yNzdiMmJkNzY5ZjAiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOjIxMDkwN2NiLWVjMjUtNGRhMy05YjYyLTE0NjA2ZmQzOTMyMyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC9iYnhjX3ByZCIsIm5iZiI6MTcwNDQxNTI2OSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86c2xhczo6dXBuOkd1ZXN0Ojp1aWRuOkd1ZXN0IFVzZXI6OmdjaWQ6YmNrSGNVbXJhMXcwZ1J4dWtXbHFZWXhlY1g6OmNoaWQ6ICIsImV4cCI6MTcwNDQxNzA5OSwiaWF0IjoxNzA0NDE1Mjk5LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDM2MDgwMjE1Mzk2NjgwNTk5In0.DJBD9QQpjh03F1Ct2vnjk7J-yIKciBp09iVENiXE4qX3FEwR-94HSLdbmHU49Q4AZ6SBv28QbfrPfYaJwXQxJA
www.elfcosmetics.co.uk/	1970-01-20 21:46:07	Name: dwanonymous_d0d57f92086b8d4216742497990aeda2 Value: bckHcUmra1w0gRxukWlqYYxecX
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: dwsid Value: eZnr5KOcG8CCvp0OaQ7Ku72IgQqlS_GrHKiS0xzsWPSyYujLGqi7L3OfCrF_5gI3R7SwlAfiunc1wpgM2B_RTg==
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: __cq_dnt Value: 1
www.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: dw_dnt Value: 1
.elfcosmetics.co.uk/	1970-01-21 02:12:31	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Jan+04+2024+14%3A41%3A40+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202211.2.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.elfcosmetics.co.uk%2Fcosmetic-criminals&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0%2CSTACK42%3A0
.elfcosmetics.co.uk/	1970-01-21 02:12:31	Name: _pxvid Value: 2bc8d28d-ab63-11ee-b13c-ac75ec5e4170
.elfcosmetics.co.uk/	1969-12-31 23:59:59	Name: pxcts Value: 310158d5-ab63-11ee-bc5b-923aae4a46e9
.elfcosmetics.co.uk/	1970-01-20 17:26:55	Name: _px3 Value: 8cf70872e474b008ed03339ea92510662aa74bb7db2af80c52403f568249967f:UExEITpkCCUzUMFcjubIM7zfb8ssvpGaCnmTdQcdRG+wgwoyHtgfE5ilEeULU/cTwx0zvGy8orf8XNWo4yaXIw==:1000:iJQBf7sYFpvXE0V8OO4Iq1uS+P/j5GjY4VnQBF2dJc9n/LL7F1EmYmJsUadgl2FlRESPy4IqObIyO8xItBdOuNFRWsOg4Vv12rOjCKxItIEllo0AlSxp/wSr+DwaMW0bVdVaY6rLnAIcjhZILm6vT4cNCqhmn/JgOM2WuIIDmNfX0zjOrGz9g3hfr1QP7xAsK+CSA9Tm25Nt9o/ter9DYWheyTX2E4tDrtBQffLsRJg=
imgs.signifyd.com/	1970-01-21 03:02:55	Name: thx_guid Value: b77be611d31c9b7acdcf5dea3eb49e73

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.elfcosmetics.co.uk/cosmetic-criminals(Line 359) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/cosmetic-criminals. Domains, protocols and ports must match.
security	error	URL: https://www.elfcosmetics.co.uk/cosmetic-criminals(Line 359) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/cosmetic-criminals. Domains, protocols and ports must match.
security	error	URL: https://www.elfcosmetics.co.uk/cosmetic-criminals(Line 359) Message: Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/ from frame with URL https://www.elfcosmetics.co.uk/cosmetic-criminals. Domains, protocols and ports must match.
javascript	error	URL: https://www.elfcosmetics.co.uk/cosmetic-criminals(Line 359) Message: Access to image at 'https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=o_' from origin 'https://www.elfcosmetics.co.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn-fsly.yottaa.net/5dbb1b434f1bbf5af87e10a5/www.elfcosmetics.co.uk/v~4b.6c/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=o_ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cdn.cookielaw.org/consent/25840211-e69f-428e-bb3b-0787cffdf0e8/OtAutoBlock.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.cookielaw.org
cdn.media.amplience.net
cdn.static.amplience.net
code.jquery.com
collector-pxxt4gy2ig.px-cloud.net
cosmeticcriminals.co.uk
elfcosmetics.a.bigcontent.io
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
i.ytimg.com
imgs.signifyd.com
jnn-pa.googleapis.com
qoe-1.yottaa.net
sdk.iad-05.braze.com
static.doubleclick.net
t.paypal.com
w2txo5aaa27ic2cz2vozrfne677ss46h7bnbri7e3bbf40168fcbde45sac.d.aa.online-metrix.net
www.elfcosmetics.co.uk
www.google.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.youtube.com
cdn-fsly.yottaa.net
www.paypal.com
108.138.106.128
151.101.193.35
151.101.2.133
151.101.65.21
151.101.66.133
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
204.2.133.237
204.2.48.22
204.2.49.48
2606:4700:4400::ac40:91b7
2606:4700:4400::ac40:952f
2606:4700:4400::ac40:9b77
2606:4700:4400::ac40:9ba6
2606:4700::6812:83ec
2607:f8b0:4006:806::2003
2607:f8b0:4006:808::200e
2607:f8b0:4006:80b::2003
2607:f8b0:4006:80d::2016
2607:f8b0:4006:80e::200a
2607:f8b0:4006:817::2006
2607:f8b0:4006:821::2002
2607:f8b0:4006:822::2004
2a04:4e42:400::649
35.190.10.96
64.185.227.156
0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
08be9f99365668d3d9b7a68cb33a1312d5ec06d670f6cc010140ec138738f8be
093e2808dc802407819bd1b5606167349bafacede8e500db07b21f448922a088
18e7e06fbc331afb794e9653df699f0054d4e522e302f844fbb1aa56bcb36b85
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
1f94185bf320b088eb3c40b75de95ac8516680f4036bd287131b34f9c058146a
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
234595572b74d58cd52917208142b3131ad7992126358ee0d917a40cd1240e83
28fe6aeccc27aed6c99de7ee42a0bb99818c49301d607118d1a0c4f932ce5054
2ad22b91587a2adec093dc2d911118cac6b363dcaed96b3aaaa3af80d58efa03
2b784ffdd264206d880386648d238c014c3bd886aeddb41026adedf65feb82fd
2d5ce843cf166fdb4108ebcfe16b22da332149e2bcb4b7d93b3abd0d93e2def8
30766af54516bbc623c690d7506f7d86b6c987acbcc1229debb7dff8f463459b
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
32c06eae7764adb8ef97eeca52c6546737a1b150947f0232169b5704feaed752
349a84fa24c5bda7424681c4ab9a0d265a0966a963f47e975dc5f7f347e3bb1d
35ae1f2d16f1e1f48e24ca207b24b4a6a19f7c22975da09e96c5fbd17eda3c79
3a2b3b5ecaa7d5c67e5e28f9712ebcf28a592c7191e24bcde25cc5bb374cbf7b
3bbfdb0daa5c8909e66d5588fcf711019d4739dc56b04e992212b443085af779
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fc6b6bcffd05473bac21ae5accce811325fefd1eed62722fef4ee1713802a3e
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
4973f562e7d8f8ad478be1fe1090639ca7b50af5f98c5c13efe61d22fb72665e
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4c1819fa895ca17b327d0237929e60ebe1f1318a243794f2545edd4a2c5e70f5
4ecc34627d4103fbb8d709b714d9489ee16f6f15a153fab36fca0df2dcaf2a77
4f770b32793546ad41060cc03c06e4a744b10e9ae4af0b2b0522cfcf1fb33285
5320131a713d1f720cdee9aa1644b3939ada8999b875a77a961c81eb299a5c70
57e461c9b78558e62478cca713658387eaf54afe6ae0a8128ee38e5846b4d6d8
595a072433f810e4ee7ab5122966779818b79583f5ea842de69b39d19846c6d0
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5eca572cd68aa4afde19d317daf93398ca142c3648214e16b37e054e15c3f9e1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
692db01eb703744d633776b15675c6b2c761732ca585236d376836bf6f04bc9e
6a36655e9de608636a4c3262639b79321a93bdd9ad275e4e130a07719094146f
6c10b21f86019422fa9555d9b0b9b6768bf7549730880571e057800a3068724e
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e848d0b492539df00f84e58a63d237c58fbab26b7c07243795bb0d10f2428f2
71bd66530457656271aa253073fb867cdc9068586f7af54e341667687162909e
720b2cd770797ab3eefd3192cb38cbd2cec573cef3380610ab30f3aac900f7cc
7247ab83a30fbd92bf8425aca87dbb9f3f44c1b7facc6f7fd80df157ea6b5e03
7251315a3d90101dc3001dd91b4006a3c1c93c02b3a9df9b1b5b255f0fa7c490
744f83518728b979fb7e008389501d1acaa5a3086284274c296f26c5d4cfc8e4
75310ba3b1d2c5abd40b81da11130cc6e0f5063d7df4a6f906b67ed2059c21ab
75584ae5b715a75b9b36b92d2e91afdf5e35a43b028cfaab1b86613074ac61b4
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7daaea0e23f1b46b8cee7ee002e8b5e16dcd602bae7990a073e6f77a40a33984
8001e4219c7a2fbcbdbffdb8bd080bf49d35824d9a5a4bf12343402b92efeff6
83f77701d6f8aa2b017e97775fc33276e34463fbe98df196a11d363bca8c3359
8b311b78042906393bf9c3cdc5bc8115b450b8b31905b1641dec7246fbd4cc85
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
949062629321267f5e4f5d183435ab758ad7898afe2b31dc262b6b164167ffa0
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
96b3271ea38c0a7c724c4d5e0682337176bfe05ba2284e521732a48e2bc15736
98bc0753b3f7392176a4af252bfae9bcd1f2804b73dee374119899d8f52ae3d2
a1bbbf39bfb5cb785d5e3517475d5d07e2d52f8c1a7444cbdc7554b84b4210eb
a33177a1b1a44698bc85bc710dfd4a6aba8bbe329db64dbb0622c894a1c05cbd
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a6cbc4c9c0b39f6d4edd8d4db4e73971e23c1e4b8b9b6ddd5956164b87fd3ebc
af17d4cff542b33c97ee3a95f82a21d8993c87fd3472dff534fa855828a3b615
b1af56f3a3435d2bbc804c3ceb3849fd6bca150f3c92203ed4732c9ca12e2dd1
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b74c7e9fe7acd67835663553d1d36d74167ac1dc36fa2436a07099da282fefd8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c256d8ebf61c95b31654c88331422ea7e3f09c8fc6a514dc8a74b73f005a05eb
c856ca647a5edf9ff56752649cd2bbd3d6d6fb2263d1b473a255534f5bf6f830
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca67abd72277ede1c07eeb903847d902d19ec6e30fb5780a24ddff9d788bb300
cd0b162bc6e5a1dfcdba80c8b12d3f2ec6ac423a1c1ed7d996779d9c6b81f346
d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d854531f9c3833536d6971b4fd7617dafe1a2c6fd0bbed9469122e73ff3b13a1
da6c45acb0bbde84fa84ba5bfa467d11108c0782620de5b158b0eedd957cac51
df28b04534ebeeeb0221cb7daf0de49a53b97aa8a6cfe668f2fd60aab1245f84
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e878848ad649d0b771d44453abd0ae8e4aa7a2b93298641ed0c26fff581dcb4f
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f1c842c98ad484abc1113fba5748e00e00dd8c29876dad521d4ce3051d5e3ff3
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
f850127ae998f314c46aceb0f826e81fe08f39f44168f4342db12bc406ca62e9
fc97bdae5bde02f21b184ca5851b8758baa0840d702d36bfcabd72523f298a7b
fd8d118fe8ac283b6e6ece58b4bcbbc06cd734f11761faa7c46ff08069f711f5

www.elfcosmetics.co.uk Open in urlscan Pro 204.2.48.22 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

138 Requests

91 %HTTPS

50 %IPv6

21 Domains

28 Subdomains

28 IPs

1 Countries

11395 kBTransfer

22308 kBSize

16 Cookies

17 Outgoing links

Page URL History

Redirected requests

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elfcosmetics.co.uk Open in urlscan Pro
204.2.48.22 Public Scan

Screenshot
Live screenshot

Full Image

138
Requests

91 %
HTTPS

50 %
IPv6

21
Domains

28
Subdomains

28
IPs

1
Countries

11395 kB
Transfer

22308 kB
Size

16
Cookies

138 HTTP transactions
3 data transactions