urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
204.2.133.97  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cosmeticscriminals.ca/
Effective URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On November 16 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 75 IPs in 3 countries across 54 domains to perform 271 HTTP transactions. The main IP is 204.2.133.97, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 72365.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 11th 2024. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 165.254.198.225 393259 (YOTTAA-AS-1)
1 26 204.2.133.97 393259 (YOTTAA-AS-1)
1 4 151.101.2.133 54113 (FASTLY)
1 162.159.138.60 13335 (CLOUDFLAR...)
6 172.64.145.183 13335 (CLOUDFLAR...)
2 12 2606:4700:440... 13335 (CLOUDFLAR...)
2 2606:4700:440... 13335 (CLOUDFLAR...)
4 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42:400... 54113 (FASTLY)
1 162.159.128.61 13335 (CLOUDFLAR...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:221... 16509 (AMAZON-02)
6 2607:f8b0:400... 15169 (GOOGLE)
2 104.26.13.205 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
8 104.18.38.107 13335 (CLOUDFLAR...)
1 2600:9000:280... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 3 172.253.115.105 15169 (GOOGLE)
1 2600:9000:266... 16509 (AMAZON-02)
9 13.226.22.67 16509 (AMAZON-02)
2 2600:9000:23c... 16509 (AMAZON-02)
1 1 34.239.243.233 14618 (AMAZON-AES)
1 18.238.80.36 16509 (AMAZON-02)
2 4 68.67.160.76 29990 (ASN-APPNEX)
5 5 52.223.40.198 16509 (AMAZON-02)
2 2 172.253.115.156 15169 (GOOGLE)
1 1 69.173.146.5 26667 (RUBICONPR...)
1 2 104.18.26.193 13335 (CLOUDFLAR...)
1 99.83.184.193 16509 (AMAZON-02)
1 34.102.147.248 396982 (GOOGLE-CL...)
4 151.101.1.21 54113 (FASTLY)
1 23.47.22.7 16625 (AKAMAI-AS)
9 104.18.9.17 13335 (CLOUDFLAR...)
2 2a04:4e42:600... 54113 (FASTLY)
2 157.240.229.1 32934 (FACEBOOK)
2 2a04:4e42:200... 54113 (FASTLY)
3 2620:1ec:33::10 8075 (MICROSOFT...)
15 23.212.248.149 20940 (AKAMAI-AS...)
4 2600:9000:27d... 16509 (AMAZON-02)
2 34.120.253.250 396982 (GOOGLE-CL...)
1 13.226.94.108 16509 (AMAZON-02)
4 172.253.122.148 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
4 142.251.163.94 15169 (GOOGLE)
4 34.49.124.132 396982 (GOOGLE-CL...)
1 151.101.193.21 54113 (FASTLY)
2 4 172.253.63.149 15169 (GOOGLE)
2 4 142.250.31.149 15169 (GOOGLE)
1 172.253.115.94 15169 (GOOGLE)
2 34.98.67.3 396982 (GOOGLE-CL...)
8 23.220.128.196 16625 (AKAMAI-AS)
1 151.101.65.140 54113 (FASTLY)
2 151.101.193.140 54113 (FASTLY)
4 31.13.66.35 32934 (FACEBOOK)
1 3.232.50.39 14618 (AMAZON-AES)
2 151.101.67.1 54113 (FASTLY)
14 34.98.72.95 396982 (GOOGLE-CL...)
1 1 142.251.16.156 15169 (GOOGLE)
1 1 172.253.62.157 15169 (GOOGLE)
2 192.229.210.155 15133 (EDGECAST)
2 172.253.115.103 15169 (GOOGLE)
2 108.138.106.11 16509 (AMAZON-02)
1 34.98.88.136 396982 (GOOGLE-CL...)
1 34.149.44.52 396982 (GOOGLE-CL...)
1 35.241.17.112 396982 (GOOGLE-CL...)
6 44.217.190.26 14618 (AMAZON-AES)
6 52.21.71.129 14618 (AMAZON-AES)
2 34.149.130.207 396982 (GOOGLE-CL...)
8 34.111.8.32 396982 (GOOGLE-CL...)
1 2600:1901:0:5... 396982 (GOOGLE-CL...)
1 1 172.253.122.102 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 99.81.190.108 16509 (AMAZON-02)
2 108.138.106.22 16509 (AMAZON-02)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
13 192.225.157.157 30286 (THM)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
2 52.49.246.129 16509 (AMAZON-02)
1 172.253.63.93 15169 (GOOGLE)
1 35.211.202.130 15169 (GOOGLE)
271 75
1    165.254.198.225 (United States)

ASN393259 (YOTTAA-AS-1, US)
PTR: d3-12-0-1-25-0.a02.nycmny01.us.ra.verio.net
cosmeticscriminals.ca
26    204.2.133.97 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
4    151.101.2.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
1    162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
6    172.64.145.183 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
elfcosmetics.a.bigcontent.io
12    2606:4700:4400::ac40:9b23 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.media.amplience.net
2    2606:4700:4400::ac40:96d1 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.static.amplience.net
4    2607:f8b0:4004:c08::5b (Washington, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
1    2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    162.159.128.61 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
12    2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
3    2600:9000:2211:7000:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
6    2607:f8b0:4004:c0b::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
2    2606:4700:3037::ac43:8ef5 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
8    104.18.38.107 (None, )

ASN13335 (CLOUDFLARENET, US)
sdk.iad-05.braze.com
1    2600:9000:2807:e00:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
3    172.253.115.105 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f105.1e100.net
www.google.com
1    2600:9000:266a:3200:1c:df99:ffc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rcom.dynamicyield.com
9    13.226.22.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-22-67.ord51.r.cloudfront.net
async-px.dynamicyield.com
2    2600:9000:23cb:4000:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
1    34.239.243.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-239-243-233.compute-1.amazonaws.com
pixel.pointmediatracker.com
1    18.238.80.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-36.jfk52.r.cloudfront.net
cdn.blisspointmedia.com
4    68.67.160.76 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
ib.adnxs.com
5    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
2    172.253.115.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f156.1e100.net
cm.g.doubleclick.net
1    69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    104.18.26.193 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    99.83.184.193 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0540a066b92ce4ca.awsglobalaccelerator.com
qoe-1.yottaa.net
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
4    151.101.1.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    23.47.22.7 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-22-7.deploy.static.akamaitechnologies.com
static.ordergroove.com
9    104.18.9.17 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn8.eu.inside.chat
www8.eu.inside.chat
2    2a04:4e42:600::84 (United States)

ASN54113 (FASTLY, US)
s.pinimg.com
2    157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net
connect.facebook.net
2    2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
15    23.212.248.149 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-212-248-149.deploy.static.akamaitechnologies.com
analytics.tiktok.com
4    2600:9000:27d4:d800:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
2    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
1    13.226.94.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-94-108.jfk52.r.cloudfront.net
t.contentsquare.net
4    172.253.122.148 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f148.1e100.net
ad.doubleclick.net
2    2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
2    2607:f8b0:4004:c17::9b (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
4    142.251.163.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f94.1e100.net
www.google.ca
4    34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com
sgtm.elfcosmetics.com
1    151.101.193.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
4    172.253.63.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f149.1e100.net
10742279.fls.doubleclick.net
4    142.250.31.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f149.1e100.net
9231397.fls.doubleclick.net
1    172.253.115.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f94.1e100.net
www.gstatic.com
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
8    23.220.128.196 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-128-196.deploy.static.akamaitechnologies.com
ct.pinterest.com
1    151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
2    151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
alb.reddit.com
4    31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com
www.facebook.com
1    3.232.50.39 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-50-39.compute-1.amazonaws.com
external-api.jebbit.com
2    151.101.67.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
t.paypal.com
14    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
1    142.251.16.156 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f156.1e100.net
www.googleadservices.com
1    172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net
googleads.g.doubleclick.net
2    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
2    172.253.115.103 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f103.1e100.net
www.google.com
2    108.138.106.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-11.jfk50.r.cloudfront.net
cdn.us.heap-api.com
1    34.98.88.136 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 136.88.98.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.149.44.52 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 52.44.149.34.bc.googleusercontent.com
page.cdnbasket.net
1    35.241.17.112 (Mountain View, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 112.17.241.35.bc.googleusercontent.com
view.cdnbasket.net
6    44.217.190.26 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-217-190-26.compute-1.amazonaws.com
c.contentsquare.net
6    52.21.71.129 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-71-129.compute-1.amazonaws.com
c.us.heap-api.com
2    34.149.130.207 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
8    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
ids.cdnwidget.com
1    172.253.122.102 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f102.1e100.net
analytics.google.com
1    2607:f8b0:4004:c1d::65 (Washington, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    99.81.190.108 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-190-108.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
2    108.138.106.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-22.jfk50.r.cloudfront.net
cdn-scripts.signifyd.com
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
13    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
2    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
h64.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aahgbwyrdmvlqxabx7lv2tvpq2246tc7qo06f00df92caef9dcsac.d.aa.online-metrix.net
2    52.49.246.129 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-246-129.eu-west-1.compute.amazonaws.com
k-aeu1.contentsquare.net
1    172.253.63.93 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f93.1e100.net
www.youtube.com
1    35.211.202.130 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 130.202.211.35.bc.googleusercontent.com
x.bidswitch.net
Apex Domain
Subdomains		 Transfer
30 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 72365
sgtm.elfcosmetics.com — Cisco Umbrella Rank: 164582
1 MB
17 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 284
ad.doubleclick.net — Cisco Umbrella Rank: 145
stats.g.doubleclick.net — Cisco Umbrella Rank: 135
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 228413
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 228654
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
4 KB
15 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8305
imgs.signifyd.com — Cisco Umbrella Rank: 6976
78 KB
15 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 2528
api.bounceexchange.com — Cisco Umbrella Rank: 2892
395 KB
15 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 799
243 KB
14 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 8471
st.dynamicyield.com — Cisco Umbrella Rank: 7736
rcom.dynamicyield.com — Cisco Umbrella Rank: 8193
async-px.dynamicyield.com — Cisco Umbrella Rank: 8200
260 KB
14 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 12022
cdn.static.amplience.net — Cisco Umbrella Rank: 44218
6 MB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 329
188 KB
10 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 3248
c.contentsquare.net — Cisco Umbrella Rank: 4183
srm.ba.contentsquare.net — Cisco Umbrella Rank: 17164
k-aeu1.contentsquare.net — Cisco Umbrella Rank: 13461
91 KB
9 inside.chat
cdn8.eu.inside.chat — Cisco Umbrella Rank: 169444
www8.eu.inside.chat — Cisco Umbrella Rank: 219679
119 KB
8 heap-api.com
cdn.us.heap-api.com — Cisco Umbrella Rank: 13696
c.us.heap-api.com — Cisco Umbrella Rank: 11180
77 KB
8 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 953
4 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 142
1 KB
8 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 2839
2 KB
7 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 2435
715 B
7 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3003
t.paypal.com — Cisco Umbrella Rank: 3701
127 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
547 KB
6 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 142112
11 KB
5 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 43163
external-api.jebbit.com — Cisco Umbrella Rank: 43760
61 KB
5 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 960
match.adsrvr.org — Cisco Umbrella Rank: 377
4 KB
5 youtube.com
www.youtube.com — Cisco Umbrella Rank: 79
13 KB
5 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 36667 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 11187
1 MB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
424 B
4 google.ca
www.google.ca — Cisco Umbrella Rank: 11557
253 B
4 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 495
ib.adnxs.com — Cisco Umbrella Rank: 281
4 KB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 2565
h64.online-metrix.net — Cisco Umbrella Rank: 2033
w2txo5aahgbwyrdmvlqxabx7lv2tvpq2246tc7qo06f00df92caef9dcsac.d.aa.online-metrix.net
837 B
3 cdnwidget.com
pd.cdnwidget.com — Cisco Umbrella Rank: 3926
ids.cdnwidget.com — Cisco Umbrella Rank: 4081
idr.cdnwidget.com — Cisco Umbrella Rank: 6194
1 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 5144
page.cdnbasket.net — Cisco Umbrella Rank: 5151
view.cdnbasket.net — Cisco Umbrella Rank: 5149
1014 B
3 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 2010
alb.reddit.com — Cisco Umbrella Rank: 1418
859 B
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 359
15 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 476
835 B
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2811
16 KB
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 9852
tags.rd.linksynergy.com — Cisco Umbrella Rank: 5905
698 B
2 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 3897
6 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1095
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
77 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 1065
25 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 607
2 KB
2 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 9678
1 KB
2 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1331
8 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2001
508 B
2 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 2102
12 KB
1 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 393
183 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 96
23 B
1 gstatic.com
www.gstatic.com
215 KB
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 26396
52 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 8119
15 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 419
2 KB
1 blisspointmedia.com
cdn.blisspointmedia.com — Cisco Umbrella Rank: 7547
1 KB
1 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 13817
451 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 514
295 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 847
24 KB
1 cosmeticscriminals.ca
cosmeticscriminals.ca
2 KB
271 54
Domain Requested by
26 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
t.contentsquare.net
15 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
14 assets.bounceexchange.com www.elfcosmetics.com
13 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
12 cdn.media.amplience.net 2 redirects www.elfcosmetics.com
9 async-px.dynamicyield.com cdn.dynamicyield.com
t.contentsquare.net
8 ct.pinterest.com s.pinimg.com
www.elfcosmetics.com
t.contentsquare.net
8 sdk.iad-05.braze.com cdn-fsly.yottaa.net
7 events.bouncex.net
6 c.us.heap-api.com cdn.us.heap-api.com
t.contentsquare.net
6 c.contentsquare.net t.contentsquare.net
6 www.googletagmanager.com www.elfcosmetics.com
www.googletagmanager.com
6 elfcosmetics.a.bigcontent.io www.elfcosmetics.com
5 cdn8.eu.inside.chat www.elfcosmetics.com
5 www.paypal.com www.elfcosmetics.com
www.paypal.com
5 www.google.com 1 redirects www.googletagmanager.com
www.elfcosmetics.com
cdn-fsly.yottaa.net
www.gstatic.com
5 www.youtube.com www.elfcosmetics.com
4 www8.eu.inside.chat cdn8.eu.inside.chat
t.contentsquare.net
4 www.facebook.com
4 9231397.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 10742279.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 sgtm.elfcosmetics.com www.googletagmanager.com
t.contentsquare.net
4 www.google.ca
4 ad.doubleclick.net
4 js.jebbit.com www.elfcosmetics.com
4 cdn-fsly.yottaa.net www.elfcosmetics.com
3 analytics.google.com 1 redirects www.googletagmanager.com
3 bat.bing.com www.elfcosmetics.com
3 match.adsrvr.org 3 redirects
3 secure.adnxs.com 1 redirects
3 cdn.dynamicyield.com www.elfcosmetics.com
2 k-aeu1.contentsquare.net t.contentsquare.net
2 idsync.rlcdn.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 cdn.us.heap-api.com www.elfcosmetics.com
2 www.paypalobjects.com www.elfcosmetics.com
2 t.paypal.com
2 alb.reddit.com
2 stats.g.doubleclick.net www.googletagmanager.com
2 tag.wknd.ai www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 dsum-sec.casalemedia.com 1 redirects
2 cm.g.doubleclick.net 2 redirects
2 insight.adsrvr.org 2 redirects
2 js.cnnx.link www.googletagmanager.com
2 use.fontawesome.com www.elfcosmetics.com
use.fontawesome.com
2 api.ipify.org cdn-fsly.yottaa.net
2 cdn.static.amplience.net www.elfcosmetics.com
2 player.vimeo.com www.elfcosmetics.com
1 x.bidswitch.net
1 w2txo5aahgbwyrdmvlqxabx7lv2tvpq2246tc7qo06f00df92caef9dcsac.d.aa.online-metrix.net
1 h64.online-metrix.net imgs.signifyd.com
1 h.online-metrix.net imgs.signifyd.com
1 tags.rd.linksynergy.com
1 idr.cdnwidget.com
1 srm.ba.contentsquare.net t.contentsquare.net
1 www.google-analytics.com
1 ids.cdnwidget.com t.contentsquare.net
1 api.bounceexchange.com www.elfcosmetics.com
1 pd.cdnwidget.com t.contentsquare.net
1 view.cdnbasket.net assets.bounceexchange.com
1 page.cdnbasket.net assets.bounceexchange.com
1 data.cdnbasket.net assets.bounceexchange.com
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 external-api.jebbit.com js.jebbit.com
1 pixel-config.reddit.com www.redditstatic.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 www.gstatic.com www.elfcosmetics.com
1 t.contentsquare.net www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 ib.adnxs.com 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 cdn.blisspointmedia.com
1 pixel.pointmediatracker.com 1 redirects
1 rcom.dynamicyield.com cdn.dynamicyield.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 st.dynamicyield.com www.elfcosmetics.com
1 code.jquery.com www.elfcosmetics.com
1 cosmeticscriminals.ca 1 redirects
271 85
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2024-10-11 -
2025-11-11		 a year crt.sh
player.vimeo.com
WE1		 2024-09-22 -
2024-12-21		 3 months crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2024-04-02 -
2025-05-03		 a year crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-05 -
2025-08-14		 a year crt.sh
*.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2024-09-05 -
2025-10-07		 a year crt.sh
cookielaw.org
WE1		 2024-10-11 -
2025-01-09		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M03		 2024-08-18 -
2025-09-16		 a year crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
ipify.org
WE1		 2024-11-13 -
2025-02-11		 3 months crt.sh
use.fontawesome.com
WE1		 2024-11-07 -
2025-02-06		 3 months crt.sh
sdk.iad-05.braze.com
WE1		 2024-10-13 -
2025-01-11		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-10-11 -
2025-01-09		 3 months crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2024-06-09 -
2025-07-08		 a year crt.sh
tag.rmp.rakuten.com
WR3		 2024-09-26 -
2024-12-25		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2024-08-09 -
2025-08-20		 a year crt.sh
eu.inside.chat
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-05 -
2025-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-08-25 -
2024-11-23		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-10-06 -
2025-04-03		 6 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-09-16 -
2025-03-15		 6 months crt.sh
*.tiktok.com
RapidSSL TLS ECC CA G1		 2024-07-15 -
2025-07-15		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M02		 2024-04-23 -
2025-05-21		 a year crt.sh
tag.wknd.ai
R10		 2024-11-14 -
2025-02-12		 3 months crt.sh
t.contentsquare.net
Amazon RSA 2048 M03		 2024-08-13 -
2025-09-10		 a year crt.sh
*.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.google.ca
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
sgtm.elfcosmetics.com
WR3		 2024-11-05 -
2025-02-03		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2024-01-23 -
2025-01-22		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-10-13 -
2025-04-11		 6 months crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2025-06-20		 a year crt.sh
assets.bounceexchange.com
WR3		 2024-11-10 -
2025-02-08		 3 months crt.sh
cdn.us.heap-api.com
Amazon RSA 2048 M02		 2024-10-10 -
2025-11-08		 a year crt.sh
data.cdnbasket.net
WR3		 2024-10-28 -
2025-01-26		 3 months crt.sh
page.cdnbasket.net
WR3		 2024-11-06 -
2025-02-04		 3 months crt.sh
view.cdnbasket.net
WR3		 2024-11-05 -
2025-02-03		 3 months crt.sh
dep.bf.contentsquare.net
R11		 2024-10-30 -
2025-01-28		 3 months crt.sh
c.us.heap-api.com
Amazon RSA 2048 M03		 2024-02-01 -
2025-03-02		 a year crt.sh
pd.cdnwidget.com
R11		 2024-11-07 -
2025-02-05		 3 months crt.sh
*.wunderkind.co
R10		 2024-10-01 -
2024-12-30		 3 months crt.sh
ids.cdnwidget.com
R10		 2024-11-07 -
2025-02-05		 3 months crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M03		 2024-10-08 -
2025-11-07		 a year crt.sh
idr.cdnwidget.com
R11		 2024-11-07 -
2025-02-05		 3 months crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M02		 2024-06-02 -
2025-06-30		 a year crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-09-19 -
2025-10-20		 a year crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-09-19 -
2025-10-20		 a year crt.sh
dep-malka.ba.contentsquare.net
R10		 2024-10-29 -
2025-01-27		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2024-02-14 -
2025-03-16		 a year crt.sh

This page contains 18 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: 6E0DBE83A6A244F2B31394957612DA78
Requests: 238 HTTP requests in this frame

Frame: https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Frame ID: C4645008FDFF9F5829F76AC80C44498B
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: A459FCD2C0F64FF7D3806B2627905706
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.elfcosmetics.com
Frame ID: 5AC5B3D845DEDB9EA6D1B456815953BA
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.65.2&integrationType=SDK
Frame ID: 8B63D34CE701526424FB6F89540F0B37
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CJOip53F4IkDFZIKiAkd3Zs25A;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1679210757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 7080534AEB33ED89A89C2C6ADA4DFD0F
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=COyqqJ3F4IkDFXMqiAkdzUEBMg;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1230820373;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 1496C56D9F1C7465385252F464478E69
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu&co=aHR0cHM6Ly93d3cuZWxmY29zbWV0aWNzLmNvbTo0NDM.&hl=en&type=image&v=-ZG7BC9TxCVEbzIO2m429usb&theme=light&size=invisible&badge=bottomright&cb=5jik6r8r8sdp
Frame ID: 08EAD506C8DCC60283E2EA408BA3C992
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 53FAB597F4067E68DE63AAB6BEA55853
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 501C1FF383C3FE18D53BE9F0B2383D39
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 9D529E2DB38F4F32B5E584BF09B10E28
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu
Frame ID: 9B3DE561763E79B054550B3A740C5655
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Frame ID: F553E1FBA1A933B14F464A22FD8318B9
Requests: 12 HTTP requests in this frame

Frame: https://imgs.signifyd.com/uT-vJDEOfI8eEjqF?64fec855c165b24d=2aIVQ8KngD88GyigVIQ46Pv8Db792mrFTC9G6F4Pn0Tp6OtHHQ5S9B_Bds9ypi8oEJxj5dEBoK21IKrjs_U4D_g3rwnTG0pqgIKHAKcFh6cMur9ga_QLmhcbjD8rLb-VI2OtF12ZsT2tFey4ZW7XShCoZAGKP9NWKCkQcduvxh8Vi9X_9mESdsgTV4B0P3HKknoeGSRfg0rm28JZhKmBMqY5eQHGQA
Frame ID: CA8588EEF1B1667DBF4AA682E76D4174
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/Tz-Gig4fixbvoNjP?69e69da43159251c=rcaJks5iYpGjmjXxSlndHUMbYBcKzXKQhuzsaekzXMop07KWC2QyMBECDyLuTDw1FIZToDirEX9UqrSBI4kzZuaqJ-O21VgiNbr2HUu9N0WpGMhhkAmMCg1xEo5HM7Q8BeBNbJnkzDaFl796qlvYmQ30I8ZDJZ0Yqwoy3ULqjoSczNzjDbl0u8TaLO6iidScDscRGZvOhJ8bD8Osloh7ZR-BFLKyaTE
Frame ID: 0E131B11CDB99CF5FFB46A3166DB5E23
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/OQFqaEDY_BS7MEiF?c617011391099601=fdozmWPi4AWMmXFRIGeWSmAKtO6csV445TWex7umsDF6X0VlFXuB06dHG6qeAoTdAjGmxW1W0xmg8dV3MS-0J4MATF7CkXJUnNXUAcrZeosxWwrNZ70xAAsmVIHCMtMLujvhrjTn-P3qScrO2KVSdUctvn7wYX4mEMuK7xRyPgQ1tIqJ8agZ6Z0BiP9rnowQ2QewxJ9k2BF7EAsYVpb9ZcwlUCXaQ2k
Frame ID: EDA6797E891EB3E7E3B2BC70AE535304
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CPrfi6HF4IkDFaIjiAkdCFMclQ;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=297791405;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: BD46D7E09313991EAF117B5CD080468C
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CKT_iqHF4IkDFfAkiAkdP2cxpw;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1594443019;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 6A30A1ABCCA623FCBC45B852D848F63D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

  1. https://cosmeticscriminals.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /demandware\.static/
Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

271
Requests

94 %
HTTPS

24 %
IPv6

54
Domains

85
Subdomains

75
IPs

3
Countries

11648 kB
Transfer

24330 kB
Size

93
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticscriminals.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ HTTP 301
  • https://www.elfcosmetics.com/en_CA
Request Chain 17
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 18
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 40
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=8hMPLaz8RipWtr7aLK9FjZUAmuvsYtItj78qslGjm7A HTTP 303
  • https://www.elfcosmetics.com/callback?usid=b1401059-7f8a-4b96-82a8-2b66a993a7c4&code=ndLswRMzgMjcYjJYeXKeegLurzifJbfnf_pKnmwt9GQ
Request Chain 63
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=3de91131-deaf-4282-aa92-8971a282e7f4&user_id=undefined&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=954748729 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 64
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 65
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ODQ2NGU5MTktMzhjZi00ZWE2LTkwN2EtZTc5MmZiMDE0MmMy&gdpr=0&gdpr_consent=&ttd_tdid=8464e919-38cf-4ea6-907a-e792fb0142c2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&google_hm=ODQ2NGU5MTktMzhjZi00ZWE2LTkwN2EtZTc5MmZiMDE0MmMy&gdpr=0&gdpr_consent=&ttd_tdid=8464e919-38cf-4ea6-907a-e792fb0142c2&google_tc= HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=8464e919-38cf-4ea6-907a-e792fb0142c2&google_gid=CAESEPeaA3krMF4xQ6SOupOq2UU&google_cver=1 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8464e919-38cf-4ea6-907a-e792fb0142c2&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=8464e919-38cf-4ea6-907a-e792fb0142c2 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1710665979220969974&ttd_tdid=8464e919-38cf-4ea6-907a-e792fb0142c2 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expiration=1734341397&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expiration=1734341397&gdpr=0&gdpr_consent=&C=1
Request Chain 119
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1679210757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJOip53F4IkDFZIKiAkd3Zs25A;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1679210757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 120
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1230820373;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=COyqqJ3F4IkDFXMqiAkdzUEBMg;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1230820373;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 148
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=1105721981&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=88868488.1731749395&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067554~102067808~102077855&s3p=1 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1118738942&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=88868488.1731749395&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067554~102067808~102077855&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&eitems=ChAIgKLhuQYQ8re0vpXytqIHEh0A-j83lvIU_K8MnDVvr8k5pSGKvTeinwuu2bFKuw&pscrd=IhMIscDmncXgiQMV1BGICR06XCSUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JWQ2hBSWdLTGh1UVlRcEpfVnhlcWZzS2Q5RWl3QUZOWVdQQ2szbEtsYXhlcTQ3SG80WkkwWW5zS1N4Zlh2Z2N4d1NlSTlDNS1wMHhBNENnSVpNRlFSZGc HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1118738942&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=88868488.1731749395&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067554~102067808~102077855&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIscDmncXgiQMV1BGICR06XCSUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JWQ2hBSWdLTGh1UVlRcEpfVnhlcWZzS2Q5RWl3QUZOWVdQQ2szbEtsYXhlcTQ3SG80WkkwWW5zS1N4Zlh2Z2N4d1NlSTlDNS1wMHhBNENnSVpNRlFSZGc&is_vtc=1&cid=CAQSKQCa7L7dGwt2P5PiB7o1l2QbnZImjPgvxvus7ca1HUSI92erFVQygi9n&eitems=ChAIgKLhuQYQ8re0vpXytqIHEh0A-j83ltosreNmWXnKPoR6sQOvTRGxKG7KxDF0zw&random=1191854749 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1118738942&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=88868488.1731749395&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067554~102067808~102077855&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIscDmncXgiQMV1BGICR06XCSUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JWQ2hBSWdLTGh1UVlRcEpfVnhlcWZzS2Q5RWl3QUZOWVdQQ2szbEtsYXhlcTQ3SG80WkkwWW5zS1N4Zlh2Z2N4d1NlSTlDNS1wMHhBNENnSVpNRlFSZGc&is_vtc=1&cid=CAQSKQCa7L7dGwt2P5PiB7o1l2QbnZImjPgvxvus7ca1HUSI92erFVQygi9n&eitems=ChAIgKLhuQYQ8re0vpXytqIHEh0A-j83ltosreNmWXnKPoR6sQOvTRGxKG7KxDF0zw&random=1191854749&ipr=y
Request Chain 202
  • https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4bc0v879088318z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067554~102067808~102077855&cid=161341692.1731749397&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=MA&_s=2&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sid=1731749396&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&en=view_item_list&_c=1&pr1=id57586~nmHoly%20Hydration!%20Thirst%20Burst%20Drops~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp0~brELF%20Cosmetics~caskin~lnProduct%20Carousel~va~pr16~qt1&pr2=id300222~nmSqueeze%20Me%20Lip%20Balm~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp1~brELF%20Cosmetics~calips~c2lips-lip-balms-treatments~lnProduct%20Carousel~va~pr6~qt1&pr3=id300230~nmCream%20Glide%20Lip%20Liner~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp2~brELF%20Cosmetics~calips~c2lips-lip-liner~lnProduct%20Carousel~va~pr3~qt1&pr4=id300234~nmCamo%20Liquid%20Blush~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp3~brELF%20Cosmetics~caface~c2face-blush~lnProduct%20Carousel~va~pr9~qt1&pr5=id300241~nmCamo%20Liquid%20Blush~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp4~brELF%20Cosmetics~caface~c2face-bronzer~lnProduct%20Carousel~va~pr9~qt1&pr6=id400030~nmLip%20Lacquer~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp5~brELF%20Cosmetics~calips~c2lips-lip-gloss~lnProduct%20Carousel~va~pr4~qt1&ep.page_type=content&ep.page_environment=production&ep.page_country=CA&ep.page_language=EN&ep.item_list_name=Product%20Carousel&_et=3477&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=10381 HTTP 302
  • https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=161341692.1731749397&dbk=13523955579288907963&dma=0&en=view_item_list&gcs=G111&gtm=45je4bc0v879088318z8896608294za200zb896608294&npa=1&tid=G-ZLYXLXNDL8&dl=https%3A%2F%2Fwww.elfcosmetics.com%3F
Request Chain 221
  • https://idsync.rlcdn.com/458359.gif?partner_uid=76121f44-33c6-4fcf-88c1-1ec12c634d5f HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDc2MTIxZjQ0LTMzYzYtNGZjZi04OGMxLTFlYzEyYzYzNGQ1ZhAAGg0ImczhuQYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=6efa484ffb56b71f7882dfddd189d917ea89cb0c02a77d65d071a20fda4ad1d36ac34734d8e453ee
Request Chain 259
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
Request Chain 266
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=297791405;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CPrfi6HF4IkDFaIjiAkdCFMclQ;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=297791405;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 267
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1594443019;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CKT_iqHF4IkDFfAkiAkdP2cxpw;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1594443019;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

271 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/en_CA/
Redirect Chain
  • https://cosmeticscriminals.ca/
  • https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
1 MB
267 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
bc7d55efb29058bd29d42a38d2a8f5fe19599455dcb31df5f2e69345c2c8197c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
271929
content-type
text/html; charset=utf-8
date
Sat, 16 Nov 2024 09:29:52 GMT
etag
W/"105ac2-r7BCmAvSQe/cBu1gIdR9FgNe3BQ"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 968842023e92f9868a60ec906f146c2c.cloudfront.net (CloudFront)
x-amz-apigw-id
BVTiXEM1iYcErRw=
x-amz-cf-id
XN2zYuMTf7DHLLcCIEc3hZXvPEvg1Qvc65cL8l9k5z2rrpppq7_Rpw==
x-amz-cf-pop
SFO53-P2
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
1071810
x-amzn-remapped-date
Sat, 16 Nov 2024 09:29:51 GMT
x-amzn-requestid
1ab42b0a-9ebd-43e7-8aea-1ec941716d59
x-amzn-trace-id
Root=1-6738660e-3e093cbf2f90d6d70d50b3b3;Parent=43ee4875c1fd8d18;Sampled=0;Lineage=1:2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
2521cc028524/[1381,1309,-] 25D1cc028561/[-,1437.923]
x-yottaa-optimizations
ob/1000000100001000 si/25D1cc028561-1730834774-9719440514 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Sat, 16 Nov 2024 09:29:50 GMT
location
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658f1e35d931403bb4ae4376 rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
32D1a5fec6e1/[-,0.398]
x-yottaa-optimizations
ob/0 si/32D1a5fec6e1-1730834775-2133144839 tts/1731749390284 ti/0 ai/658f1e35d931403bb4ae4376
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ 		0
0
en_CA
www.elfcosmetics.com/
Redirect Chain
  • https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/
  • https://www.elfcosmetics.com/en_CA
1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/en_CA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amzn-remapped-content-length
1086579
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"109473-2cw8GoRiySWwTRUcUmgR3qtRzvw"
age
731, 731
x-amzn-requestid
450f9e99-5e2b-46a1-8263-0af290d983a9
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
zuufRc6-7nQy7bSQ8HFAqdo4Gu4Vl5OxQuz7ZETUngR_NqQGRuxpqA==
date
Sat, 16 Nov 2024 09:29:53 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000000100001000 si/25D1cc028561-1730834774-9719440520 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
cache-control
public, must-revalidate, s-maxage=900
x-amz-apigw-id
BVRwLGBxiYcEXrA=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:17:41 GMT
x-amzn-trace-id
Root=1-67386333-7158e1141d7cbc6860949a50;Parent=55e968c1f076108d;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 099189655b83d166e49fb0d4f2925b9c.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc02852b/[188,90,-] 25D1cc028561/[-,245.419]
access-control-allow-origin
*
content-length
268735
x-amz-cf-pop
SFO53-P2

Redirect headers

x-amzn-remapped-content-length
0
x-amzn-remapped-connection
close
age
3475
x-amzn-requestid
2579c2b3-5800-4f59-a9b0-f83fb1ed6e07
x-cache
Miss from cloudfront, HIT
x-amz-cf-id
Rl1dV-HOF5p9JjP0NdOnaQbXCAA51YaYi5Ud3UnbV9wUH4V0UYLVeA==
date
Sat, 16 Nov 2024 09:29:52 GMT
content-type
application/json
x-served-by
cache-yul1970046-YUL
x-cache-hits
0
x-yottaa-optimizations
ob/1000 si/3211a5fec641-1730389938-1519683542 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
location
https://www.elfcosmetics.com/en_CA
x-amz-apigw-id
BVLDqGOciYcENXw=
x-amzn-remapped-date
Sat, 16 Nov 2024 08:31:57 GMT
x-timer
S1731749393.541656,VS0,VE29
x-amzn-trace-id
Root=1-6738587d-1ccb98ae7756aa9d71e15046;Parent=0d70ec99c60d0dd3;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront), 1.1 varnish
x-yottaa-metrics
3221a5fec634/[223,218,-] 3211a5fec641/[-,226.146]
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-amz-cf-pop
DFW57-P1
server
CloudFront
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ 		0
0
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ 		0
0
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.elfcosmetics.com
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.elfcosmetics.com
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
985935623
player.vimeo.com/video/ Frame C464 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm.vhx.com/v2/fairplay/cert https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

CF-Cache-Status
DYNAMIC
CF-Ray
8e3675881cf936fa-YYZ
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Nov 2024 09:29:52 GMT
Expires
Fri, 15 Dec 1985 19:30:00 GMT
Link
<https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin, <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin
Server
cloudflare
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Origin, Referer, Accept-Encoding
Via
1.1 varnish
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm.vhx.com/v2/fairplay/cert https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*
x-backend-server
player-backend-edge-entry
x-bapp-server
player-backend-74bb94fb4d-jp8rm
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-host
player-backend-74bb94fb4d-jp8rm
x-player-backend
g
x-served-by
cache-yyz4557-YYZ
x-timer
S1731749393.675772,VS0,VE222
x-xss-protection
1; mode=block
Icon-BeautySquad-Logo-png
elfcosmetics.a.bigcontent.io/v1/static/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/Icon-BeautySquad-Logo-png?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
359722b660d0b4a5afb34561728a3918b96bdccf3a3cddc4291ee4cd15f65c3f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amz-version-id
null
age
79441
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Fri, 15 Nov 2024 07:02:44 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8e3675890e74542b-YYZ
accept-ranges
bytes
access-control-allow-origin
*
content-length
6783
server
cloudflare
x-amz-server-side-encryption
AES256
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
null
age
34121
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/svg+xml
last-modified
Fri, 15 Nov 2024 06:09:55 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8e3675890e73542b-YYZ
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
icon-noun-family-7026571-min
elfcosmetics.a.bigcontent.io/v1/static/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-family-7026571-min?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c31826b9b61e051e0f0c582d9963e9f7835ec7249ed88cc651ce10b349496b8c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
null
age
12687
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/svg+xml
last-modified
Fri, 15 Nov 2024 21:34:47 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8e3675890e72542b-YYZ
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
3199
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/jpeg
last-modified
Fri, 15 Nov 2024 11:35:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
LJct4fdO0,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
cache-control
s-maxage=86400, max-age=1800
x-req-id
5cZEiW2ioA
x-amp-source-height
1249
x-amp-cf-worker
true
cf-ray
8e3675885e1fa284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
644728
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
800
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Fri, 15 Nov 2024 11:35:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
aUkPtEKh3,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
cache-control
s-maxage=86400, max-age=1800
x-req-id
llQU9CfWuw
x-amp-source-height
340
x-amp-cf-worker
true
cf-ray
8e3675885e1da284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
209440
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
EXPIRED
x-amp-source-width
3080
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Sat, 16 Nov 2024 09:29:52 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
gYLi4FFLS,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
cache-control
s-maxage=86400, max-age=1800
x-req-id
T_GFlex9IT
x-amp-source-height
1484
x-amp-cf-worker
true
cf-ray
8e3675885e21a284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
2085695
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
2806
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/jpeg
last-modified
Fri, 15 Nov 2024 11:35:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
vVZLgITWq,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
cache-control
s-maxage=86400, max-age=1800
x-req-id
O8Eeh2KlQ6
x-amp-source-height
1062
x-amp-cf-worker
true
cf-ray
8e3675885e23a284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
338113
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
1952
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/jpeg
last-modified
Fri, 15 Nov 2024 11:35:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
l5rY1iL8l,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
cache-control
s-maxage=86400, max-age=1800
x-req-id
G-S9QGl_oU
x-amp-source-height
1108
x-amp-cf-worker
true
cf-ray
8e3675885e22a284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
184181
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
EXPIRED
x-amp-source-width
3200
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Sat, 16 Nov 2024 09:29:52 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
uki8apxlY,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
cache-control
s-maxage=86400, max-age=1800
x-req-id
mcGND3vGkR
x-amp-source-height
525
x-amp-cf-worker
true
cf-ray
8e3675885e20a284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
628288
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:96d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
x-amz-version-id
null
etag
"dd3676819bd88a250c875a11e38c307d"
access-control-allow-methods
GET, HEAD
date
Sat, 16 Nov 2024 09:29:53 GMT
content-type
video/mp4
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
x-amz-id-2
CGgi+Az3nl8JBKiAx/vKdPWz0SOurCnD8u9bG6r8Z5vM172gLwYMIQniakibMIUsyCExN0/k16s=
Content-Range
bytes 0-1060947/1060948
x-amz-request-id
HZ5HPD2FQYWFZFAC
cf-ray
8e36758a1834a2f9-YUL
access-control-allow-origin
*
Content-Length
1060948
server
cloudflare

Redirect headers

cf-cache-status
HIT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
ZcT_Da_NP,l4p5bDg2e,bgWw7nQ29
cache-control
s-maxage=86400, max-age=1800
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
x-amp-cf-worker
true
cf-ray
8e3675886e27a284-YUL
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
x-amp-srv
CF
server
cloudflare
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700:4400::ac40:96d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
x-amz-version-id
null
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
access-control-allow-methods
GET, HEAD
date
Sat, 16 Nov 2024 09:29:53 GMT
content-type
video/mp4
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
x-amz-id-2
iVMDTkB1Rwg87EzYf8UqlkHu2ZqTYJ8tb9sw276IGfnAyrKTcOvKnhrX9OrFBcVz+eHvqlO5IKA=
Content-Range
bytes 0-1262366/1262367
x-amz-request-id
WQ4FHQDV1WMGKB5M
cf-ray
8e36758a1833a2f9-YUL
access-control-allow-origin
*
Content-Length
1262367
server
cloudflare

Redirect headers

cf-cache-status
HIT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
hINEJkYNf,l4p5bDg2e,fH6Lo3_5e
cache-control
s-maxage=86400, max-age=1800
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
x-amp-cf-worker
true
cf-ray
8e3675886e29a284-YUL
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
x-amp-srv
CF
server
cloudflare
rZPCKoUReO0
www.youtube.com/embed/ Frame A459 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::5b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:29:52 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
W/"28feccc0-11278"
age
2683846
x-cache
HIT, HIT
date
Sat, 16 Nov 2024 09:29:52 GMT
content-type
application/javascript; charset=utf-8
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits
9, 18017
x-served-by
cache-lga21987-LGA, cache-yul1970048-YUL
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=604800
x-timer
S1731749393.677716,VS0,VE0
cross-origin-resource-policy
cross-origin
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
24036
server
nginx
player.js
player.vimeo.com/api/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.61 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
498a41eab15456686643b139ae2c289c961bb02da852aaad698540831d0e9bb5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Age
0
x-backend-server
player-backend-edge-entry
expires
Sat, 16 Nov 2024 04:59:52 GMT
x-player-backend
g
x-cache
MISS
Date
Sat, 16 Nov 2024 09:29:52 GMT
Content-Type
application/javascript;charset=utf-8
x-bapp-server
x-served-by
cache-yyz4525-YYZ
x-cache-hits
0
vary
Origin, Referer, Accept-Encoding
content-security-policy
default-src 'none'; style-src 'unsafe-inline'
Cache-Control
max-age=1800
x-timer
S1731749393.774088,VS0,VE87
Connection
keep-alive
via
1.1 varnish
CF-RAY
8e367588b8fb3703-YYZ
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
11437
Server
cloudflare
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::5b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4ded1be65e7802d42d9d88aba8b134f9bd4a03cf737284fc397c26a14b10d1cc
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
x-content-type-options
nosniff
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires
Sat, 16 Nov 2024 09:29:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
date
Sat, 16 Nov 2024 09:29:52 GMT
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
require-trusted-types-for 'script'
cache-control
private, max-age=0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
x-xss-protection
0
server
ESF
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/ 		2 MB
643 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
99245d294adef742fb20f1c7bbb85e6875eb9c4fbbf8679d27ae3077c36ec49b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
926797
content-encoding
gzip
age
47254
x-cache
Hit from cloudfront, HIT
x-amz-cf-id
gz8PpsFZhpZZ9-8Uqp-4sxOU1GP9MAigeMEd9nQODNSAow_a7MX2Ww==
date
Sat, 16 Nov 2024 09:29:52 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970051-YUL
x-cache-hits
1476
x-yottaa-optimizations
ob/1001 si/23114047a14c-1730225857-453415807 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1731749393.697577,VS0,VE0
via
1.1 aed3f8ed29085c056c75452d71b07f7e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12681
x-yottaa-metrics
2321cc8d59d7/[129,50,-] 23114047a14c/[hit]
accept-ranges
bytes
access-control-allow-origin
*
content-length
657734
x-amz-cf-pop
PHL50-C1
server
AmazonS3
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/ 		2 MB
564 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/main.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e63ad56cb0ac356f19b952fdbccf7f3e96db14322a84628ee907835b8a144c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
926797
content-encoding
gzip
age
47254
x-cache
Hit from cloudfront, HIT
x-amz-cf-id
7bDnQYKL5AdAU1VElje_hMOKamQTs4wKH8n-mwqzzmcq8zdRu3AriA==
date
Sat, 16 Nov 2024 09:29:52 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970051-YUL
x-cache-hits
1481
x-yottaa-optimizations
ob/1001 si/23114047a14c-1730225857-453415808 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1731749393.697706,VS0,VE0
via
1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12681
x-yottaa-metrics
2321cc8d59d8/[122,51,-] 23114047a14c/[hit]
accept-ranges
bytes
access-control-allow-origin
*
content-length
577092
x-amz-cf-pop
PHL50-C1
server
AmazonS3
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/ 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/pages-product-list-product-list-page.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a80b10ec0c44ff82a283f3d78f81623e15d8381656a111ad9211878700f89c2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
926797
content-encoding
gzip
age
47254
x-cache
Miss from cloudfront, HIT
x-amz-cf-id
-LhuhyunoP_Hlc3St8yfw5lIJRmD4iOxnumT6Otv7fIJNDoydQWgtg==
date
Sat, 16 Nov 2024 09:29:52 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970051-YUL
x-cache-hits
15
x-yottaa-optimizations
ob/1101 si/23114047a14b-1730225859-518235384 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1731749393.697791,VS0,VE0
via
1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12681
x-yottaa-metrics
23214047a15f/[5,-,1731702138667] 23114047a14b/[hit]
accept-ranges
bytes
access-control-allow-origin
*
content-length
14522
x-amz-cf-pop
PHL50-C1
server
AmazonS3
Icon-BeautySquad-Logo-png
elfcosmetics.a.bigcontent.io/v1/static/ 		7 KB
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/Icon-BeautySquad-Logo-png?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
359722b660d0b4a5afb34561728a3918b96bdccf3a3cddc4291ee4cd15f65c3f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amz-version-id
null
age
79441
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
last-modified
Fri, 15 Nov 2024 07:02:44 GMT
vary
Accept-Encoding
priority
u=3,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-type
image/png
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8e367589fec9542b-YYZ
accept-ranges
bytes
access-control-allow-origin
*
content-length
6783
server
cloudflare
x-amz-server-side-encryption
AES256
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
null
age
34121
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
last-modified
Fri, 15 Nov 2024 06:09:55 GMT
vary
Accept-Encoding
priority
u=3,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-type
image/svg+xml
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8e367589fecb542b-YYZ
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
icon-noun-family-7026571-min
elfcosmetics.a.bigcontent.io/v1/static/ 		3 KB
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-family-7026571-min?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.145.183 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c31826b9b61e051e0f0c582d9963e9f7835ec7249ed88cc651ce10b349496b8c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
null
age
12687
access-control-allow-methods
POST, GET, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
last-modified
Fri, 15 Nov 2024 21:34:47 GMT
vary
Accept-Encoding
priority
u=3,i
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-type
image/svg+xml
cache-control
s-maxage=86400, max-age=1800
x-amp-cf-worker
true
cf-ray
8e367589fecc542b-YYZ
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
3199
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/jpeg
last-modified
Fri, 15 Nov 2024 11:35:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
LJct4fdO0,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
cache-control
s-maxage=86400, max-age=1800
x-req-id
5cZEiW2ioA
x-amp-source-height
1249
x-amp-cf-worker
true
cf-ray
8e3675885e1fa284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
644728
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
x-amp-source-width
800
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:52 GMT
edge-control
max-age=86400
content-type
image/png
last-modified
Fri, 15 Nov 2024 11:35:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
aUkPtEKh3,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
cache-control
s-maxage=86400, max-age=1800
x-req-id
llQU9CfWuw
x-amp-source-height
340
x-amp-cf-worker
true
cf-ray
8e3675885e1da284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
209440
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
Vo/d0f3ZefkwyML/PnJnjg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD04E9B806368E
x-ms-lease-status
unlocked
age
77191
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Sat, 16 Nov 2024 12:03:23 GMT
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
application/javascript
last-modified
Thu, 14 Nov 2024 20:20:01 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
ea6aeb6f-401e-00e5-1231-37817d000000
cf-ray
8e367591f94da2b2-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
7212
x-ms-blob-type
BlockBlob
server
cloudflare
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		573 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2211:7000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
7f5996c22fc09bf3ef02e07473b5677fe8fcc436caffacd309cb9ce46224a9e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=30
content-encoding
gzip
etag
W/"52317057a3ce9e1b508156333a1a75d2"
age
7
via
1.1 77a626e3ea8d4b2aae01de87c12da04e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
mOkW6J01SiJrOfa512t3R5vxAvW4VFlnG2z4iAMZviMzgZoUO-fjAg==
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 09 Nov 2024 19:11:13 GMT
server
DYCDN
x-amz-cf-pop
ORD51-C4
x-amz-server-side-encryption
AES256
api_static.js
cdn.dynamicyield.com/api/8772046/ 		395 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2211:7000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
72ff5a1f7f8d2a84d8976552d8a42bb69c9ff70656b0c902af9c57902de5b3c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=28800
content-encoding
gzip
etag
W/"15bb49298c3e6444486bceb2176f1eaa"
age
26027
via
1.1 77a626e3ea8d4b2aae01de87c12da04e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
DeNITN-MS-cw_y7N8Q8pua57E7M5jLJS3K5MA0Cx1USSFkXj0M7W0Q==
date
Sat, 16 Nov 2024 02:16:08 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 09 Nov 2024 19:11:14 GMT
server
DYCDN
x-amz-cf-pop
ORD51-C4
x-amz-server-side-encryption
AES256
gtm.js
www.googletagmanager.com/ 		556 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b7a844157618dbe790cbedcccdff04d38e10fdbdd18121628786a1bec190cc2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Sat, 16 Nov 2024 09:29:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sat, 16 Nov 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
146982
x-xss-protection
0
server
Google Tag Manager
/
api.ipify.org/ 		24 B
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
DYNAMIC
cf-ray
8e3675929911a241-YYZ
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=21943&sent=8&recv=11&lost=0&retrans=0&sent_bytes=4025&recv_bytes=2304&delivery_rate=178439&cwnd=250&unsent_bytes=0&cid=3f88a11336d4e423&ts=61&x=0"
content-length
24
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
application/json
vary
Origin
server
cloudflare
/
api.ipify.org/ 		24 B
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
DYNAMIC
cf-ray
8e367592f93ba241-YYZ
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=22210&sent=11&recv=13&lost=0&retrans=0&sent_bytes=4389&recv_bytes=2365&delivery_rate=178439&cwnd=253&unsent_bytes=0&cid=3f88a11336d4e423&ts=104&x=0"
content-length
24
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
application/json
vary
Origin
server
cloudflare
searchsession
www.elfcosmetics.com/api/en-ca/v2.0/ 		105 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-ca/v2.0/searchsession?locale=en-ca&profile_id=&session_id=
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
65b40adf03fa7120c5c34468d4e4da1f71e44d1a8f535f9da326c358bddee59c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-9bcmo9keXHoczKvgoH2qxvz6hKs"
age
0
x-content-type-options
nosniff
x-amzn-requestid
df8b4c1a-d1af-486e-a091-6df16d459741
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440524 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
BVTi6EVXPHcEXrQ=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:29:54 GMT
x-yottaa-metrics
2521cc028520/[175,173,-] 25D1cc028561/[-,175.926]
access-control-allow-origin
*
content-length
111
x-powered-by
Express
7f85a56ba4.css
use.fontawesome.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/7f85a56ba4.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92913c2b11fc1e9e7c4f84628362d1c9660e7f7e88904d124c9ebbbef9d4e48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=1800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"8360eb270b919a1fb4776bc448d9ed14"
age
2529
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RsPBQW8mhOfpfE%2BSQHRxoiz459VlHmmP5k37quOe2vEPQhqBsE0CrSw7Af8Jd9Yc76hThTiWKzm0u9RQzEspc6FPgH4mB5vb6vycqPSHWwKquP7WHhPfa6XwB2FO0tG0PNYTIXxMuhfsRSnwsfQjzaL5"}],"group":"cf-nel","max_age":604800}
cf-ray
8e367592af456e06-YUL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=15675&sent=7&recv=10&lost=0&retrans=0&sent_bytes=4012&recv_bytes=2266&delivery_rate=245892&cwnd=252&unsent_bytes=0&cid=76c6766731cc012e&ts=31&x=0"
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
text/css
last-modified
Fri, 22 Sep 2023 00:57:51 GMT
vary
Accept-Encoding
server
cloudflare
font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/7f85a56ba4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://use.fontawesome.com/7f85a56ba4.css

Response headers

cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"36082410df2ef7f83932219089dc1443"
age
785086
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jsymxUBiu1AXRclHN9B4st3X1yvnMptFWihb%2Fl2%2FqJZNtiwcOVwrafTAQ1SyCipZqTcFWptTrRrZhVMjpXqN7%2F5ZoIPJypTpqRiySTlirp4w%2BdbffkURqqh8b4HUtGW7ubG6uI00nQthQBgp4OBxf0RX"}],"group":"cf-nel","max_age":604800}
cf-ray
8e3675933f6e6e06-YUL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=21100&sent=12&recv=14&lost=0&retrans=0&sent_bytes=5107&recv_bytes=2409&delivery_rate=245892&cwnd=256&unsent_bytes=0&cid=76c6766731cc012e&ts=121&x=0"
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
text/css
last-modified
Fri, 22 Sep 2023 01:44:05 GMT
vary
Accept-Encoding
server
cloudflare
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=b1401059-7f8a-4b96-82a8-2b66a993a7c4&code=ndLswRMzgMjcYjJYeXKeegLurzifJbfnf_pKnmwt9GQ
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=b1401059-7f8a-4b96-82a8-2b66a993a7c4&code=ndLswRMzgMjcYjJYeXKeegLurzifJbfnf_pKnmwt9GQ
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

x-amzn-remapped-content-length
0
x-amzn-remapped-connection
close
age
0
x-amzn-requestid
cd03bb81-7fbb-474f-8590-b47292be2415
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
SwaNP8ZRg5NjQcUzoiWFNyLiv-rg37-VDT6xSqiif04NTIbdFKEt4w==
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440530 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-yottaa-forcecache
true
cache-control
public, max-age=604800
x-amz-apigw-id
BVTjEE0iCYcEQqQ=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:29:55 GMT
x-amzn-trace-id
Root=1-67386613-31ff04f545204e132b811bd3;Parent=758b7463aec388e3;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 bfad77da64cd65a36fcbbe44acb655e8.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028521/[289,286,-] 25D1cc028561/[-,290.525]
access-control-allow-origin
*
content-length
0
x-amz-cf-pop
SFO53-P2

Redirect headers

x-correlation-id
8e3675946b81efa0
cf-cache-status
DYNAMIC
age
0
x-ratelimit-1m-limit
24000, 2000000
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
7_ksyjjAVQcfX0WZlT07kKbKnIBtFD9D5iF4Ipdvt8OEI9ZOFp5w7w==
date
Sat, 16 Nov 2024 09:29:54 GMT
vary
Accept-Encoding
x-yottaa-optimizations
ob/0 si/25D1cc028561-1730834774-9719440526 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
x-yottaa-os
303
cache-control
no-store
location
https://www.elfcosmetics.com/callback?usid=b1401059-7f8a-4b96-82a8-2b66a993a7c4&code=ndLswRMzgMjcYjJYeXKeegLurzifJbfnf_pKnmwt9GQ
pragma
no-cache
via
1.1 68a8bf1c51ac47222204adb56c4024ac.cloudfront.net (CloudFront)
cf-ray
8e3675946b81efa0-PDX
x-yottaa-metrics
2521cc02851b/[166,163,-] 25D1cc028561/[-,166.681]
access-control-allow-origin
*
x-ratelimit-1m-remaining
23010, 1949290
content-length
0
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=8hMPLaz8RipWtr7aLK9FjZUAmuvsYtItj78qslGjm7A
x-amz-cf-pop
SFO53-P2
x-ratelimit-1m-reset
5314, 5314
/
sdk.iad-05.braze.com/api/v3/data/ 		709 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3458b578161bba8266bd62ab348626abf4640d0695fdb363670d2efe3376ab68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
X-Braze-TriggersRequest
true
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-DataRequest
true
X-Braze-Req-Attempt
1
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
082f9b1e-6a27-4031-b721-98cbe539e0fb
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"3458b578161bba8266bd62ab348626ab"
access-control-allow-methods
POST, GET
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.137282
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1731749397
cf-ray
8e36759548cb38e1-YYZ
x-ratelimit-remaining
496.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8e367594e8a338e1-YYZ
content-encoding
gzip
date
Sat, 16 Nov 2024 09:29:54 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
aY7kJA0jlzEL9QWHODNZDw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCA5D566A7B63C
age
49060
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Sun, 17 Nov 2024 09:29:54 GMT
date
Sat, 16 Nov 2024 09:29:54 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 20:25:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
b5f0efaf-a01e-006c-744c-263859000000
cf-ray
8e367594cb6aa2e4-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
1832
x-ms-blob-type
BlockBlob
server
cloudflare
st
st.dynamicyield.com/ 		160 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=wx3804dswxyqvjh8uh5dgkjcw34ommer&ref=&scriptVersion=2.44.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2807:e00:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e7c8e3f79bd1538a46192ed7d9ca48dce346fa123a5d2afcf0a89360d6ff7fa9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
content-encoding
gzip
via
1.1 08628e3e8683f02c3ad737047c4c8fde.cloudfront.net (CloudFront)
expires
Sat, 16 Nov 2024 09:29:54 GMT
access-control-allow-origin
*
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-amz-cf-id
2W1QhUx6UWx4dbJYiAJ2DwhdPaNrDl0imPENkmKtaTu_mGIkXFhMGA==
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P6
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8e367598186ea2f0-YUL
access-control-allow-origin
*
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&scrsrc=www.googletagmanager.com&frm=0&rnd=121143378.1731749395&auid=88868488.1731749395&npa=0&gtm=45He4bc0v896608294za200&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067554~102067808~102077855&tft=1731749395204&tfd=5384&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.105 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f105.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
163ef25029a223ecbd9d19a8a76c4b5e54e2375dbca862fb73213a3ce2f9efc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
29
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
caa1bc31-4724-4c6c-838c-6f8f48851d1b
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"163ef25029a223ecbd9d19a8a76c4b5e"
access-control-allow-methods
POST, GET
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.052757
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1731749397
cf-ray
8e367598fa2e38e1-YYZ
x-ratelimit-remaining
492.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ 		20 B
180 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-DataRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
28
X-Braze-FeatureFlagsRequest
true
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
fa0126d2-de30-4791-9ed8-350380c1be66
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"e92f434a50c76d6e52d0d3cc91cdf185"
access-control-allow-methods
POST, GET
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.031143
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1731749397
cf-ray
8e367598ea2638e1-YYZ
x-ratelimit-remaining
494.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8e36759879e838e1-YYZ
content-encoding
gzip
date
Sat, 16 Nov 2024 09:29:55 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8e36759889eb38e1-YYZ
content-encoding
gzip
date
Sat, 16 Nov 2024 09:29:55 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 5AC5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.elfcosmetics.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
109818
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Fri, 15 Nov 2024 02:59:37 GMT
expires
Sat, 15 Nov 2025 02:59:37 GMT
last-modified
Mon, 21 Oct 2024 16:58:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202406.1.0/ 		451 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee66778dba8431b64c285bbfcc94d437a298b46e129512f2371e3c7d13a2bcd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
7I5y/rp4ODu7ul89ty+epQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
86027
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=461723
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/javascript
last-modified
Tue, 16 Jul 2024 22:20:01 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
7f3bb671-201e-0010-1b70-25a56c000000
cf-ray
8e367598abeda2b2-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/ 		227 KB
39 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
8kCXQkwViL618LYUH092ww==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCA5D56AD873B6
age
83606
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Sun, 17 Nov 2024 09:29:55 GMT
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 20:25:21 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
bd10f3a4-801e-0095-474c-26f2b9000000
cf-ray
8e3675991d36a2e4-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
39839
x-ms-blob-type
BlockBlob
server
cloudflare
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.44.0/ 		196 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2211:7000:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
2ec6c83ec1824898d15400462916551bf6761d2772bc3baec5b8fba523e03eb7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
Accept-Encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=31536000
content-encoding
gzip
etag
W/"90e4adaea90c4ceca44f62f926a57eab"
age
2255320
via
1.1 77a626e3ea8d4b2aae01de87c12da04e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
vwjbGbVpH8pgaAV-1Q7AuHHV4xagyzPAeljc3sF5LD31r8D747PcdQ==
date
Mon, 21 Oct 2024 07:01:16 GMT
content-type
text/javascript
last-modified
Sun, 13 Oct 2024 09:14:17 GMT
server
DYCDN
x-amz-cf-pop
ORD51-C4
x-amz-server-side-encryption
AES256
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
915892286261cfb27f96e384465af2d7d3228755edc40f905e24bd7e863f1914
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Authorization
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-correlation-id
8e36759a9caeefb8
age
0
x-ratelimit-1m-limit
24000, 2000000
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS,PATCH
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
uIx3DCdHZTOSrwDp31MKASme0D48M6tseef26Zi-G_aC0NT8EQ6gkQ==
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440531 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
x-yottaa-os
200
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 23e0198e3ba45afaefc61c0d0fc4eacc.cloudfront.net (CloudFront)
cf-ray
8e36759a9caeefb8-PDX
x-yottaa-metrics
2521cc028528/[198,196,-] 25D1cc028561/[-,199.067]
access-control-allow-origin
*
x-ratelimit-1m-remaining
22996, 1948284
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-amz-cf-pop
SFO53-P2
x-ratelimit-1m-reset
4309, 4309
otFlat.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
sHJXWIgDpMKY35PyRRy4zQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56B3084E2
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
7085
x-content-type-options
nosniff
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:54 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
296f5804-e01e-0024-0a05-f40ac4000000
cf-ray
8e36759b8e2ba2e4-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
3003
x-ms-blob-type
BlockBlob
server
cloudflare
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
LtDYZmcfPNW39lMw/Yu0RQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56C7CC8BB
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
70501
x-content-type-options
nosniff
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
125efa87-d01e-00e0-3577-d87502000000
cf-ray
8e36759b8e2ca2e4-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
12723
x-ms-blob-type
BlockBlob
server
cloudflare
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
QnaHNt7KvNcyo6Q1ZDZObg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56C38B888
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
78046
x-content-type-options
nosniff
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
21a48b36-f01e-0091-3444-26073b000000
cf-ray
8e36759b8e2da2e4-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
1738
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c496fcbe60fec78dc1b86a9136644d9a97cae20df32be3e9a4a62ce7bd0e6a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
82976
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=24745
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
text/css
last-modified
Tue, 16 Jul 2024 22:20:07 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
c2721718-001e-00c0-0f77-d819ce000000
cf-ray
8e36759b8e2fa2e4-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
8772046
rcom.dynamicyield.com/v3/recommend/ 		6 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rcom.dynamicyield.com/v3/recommend/8772046
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:3200:1c:df99:ffc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6595b286ac718c159a3691b9c6cdd875d5ee75db1eab07830cca9b6bed9ce5ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

timing-allow-origin
*
content-encoding
gzip
access-control-allow-methods
GET, POST
via
1.1 44bf771f8484aeae8f408da7ade14f32.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
1079
x-amz-cf-id
cNEsNRUjPv53-7cJjtznM5sm4Enn_mPy1UUcN0Rx3Ri92iAlMSHNYg==
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P5
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
uia
async-px.dynamicyield.com/ 		0
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1731749395878
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 b3dcbb5db65271a2024ef727d001a4e2.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
RBxoVgqNPKq9yBPz5-8vJAo0VrmwDhGvLI5-Qtahx6XCiBZVU_w-VA==
date
Sat, 16 Nov 2024 09:29:56 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:4000:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=600
content-encoding
gzip
age
370
via
1.1 google, 1.1 e2d34a357aab1d6cff5cce981d09ebba.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
H0wzruMrUDt0064784DXFtdJl4MnoryWFYsKD251mCqWY2eS5u991Q==
date
Sat, 16 Nov 2024 09:23:46 GMT
content-type
text/javascript;charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P1
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=3de91131-deaf-4282-aa92-8971a282e7f4&user_id=undefined&utm_source=undefined&utm_medium=undefined&utm_campaign=undefin...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
18.238.80.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-36.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
null
etag
"18b3e43abad26bdac6f4cea944777b62"
age
69164
via
1.1 a422a2e7c5cee555310dfa3dcc07c402.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
807
x-amz-cf-id
aeuDMN_NF41PWz6o6SrdhBEGB4OPj3N1xwxjGETlnoGG7p3W06nKSg==
date
Fri, 15 Nov 2024 14:17:13 GMT
content-type
image/gif
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P5

Redirect headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
x-amz-apigw-id
BVTjNE58oAMEgOA=
x-amzn-trace-id
Root=1-67386614-7566cec85d471efb04b91b46;Parent=7344be6d337fc2ca;Sampled=0;Lineage=1:07bbc27a:0
x-amzn-requestid
d2ba90d6-c731-4882-b8c4-7ec13c8abb84
access-control-allow-origin
*
content-length
2
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.160.76 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
167.114.209.103; 167.114.209.103; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
3263de96-a975-4d0e-b394-e34ae06e3902
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Sat, 16 Nov 2024 09:29:56 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
167.114.209.103; 167.114.209.103; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
37f1b0ae-35a4-48a6-82f0-093f79143ee1
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Sat, 16 Nov 2024 09:29:56 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ODQ2NGU5MTktMzhjZi00ZWE2LTkwN2EtZTc5MmZiMDE0MmMy&gdpr=0&gdpr_consent=&ttd_tdid=8464e919-38cf-4ea6-907a-e792f...
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&google_hm=ODQ2NGU5MTktMzhjZi00ZWE2LTkwN2EtZTc5MmZiMDE0MmMy&gdpr=0&gdpr_consent=&ttd_tdid=8464e919-38cf-4ea6-907a-e79...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=8464e919-38cf-4ea6-907a-e792fb0142c2&google_gid=CAESEPeaA3krMF4xQ6SOupOq2UU&google_cver=1
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8464e919-38cf-4ea6-907a-e792fb0142c2&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=8464e919-38cf-4ea6-907a-e792fb0142c2
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1710665979220969974&ttd_tdid=8464e919-38cf-4ea6-907a-e792fb0142c2
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expiration=1734341397&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expiration=1734341397&gdpr=0&gdpr_consent=&C=1
43 B
824 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expiration=1734341397&gdpr=0&gdpr_consent=&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sTBlY16ltC95J2hRUS8D9Td6qNz0VQeQBb%2BhNDEKx%2FRm8ejRb8I1Mw6LpT9zpEt1PCKd5HKjsyzzoQWWpRmXSkXZCpCJLA4lv1wdd4ec9e7JKbQOtLrOcCCcS2OIFu1RrFOSX7zu5rUgFw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e3675a91a08b404-YYZ
expires
0
alt-svc
h3=":443"; ma=86400
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
image/gif
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
no-cache
location
/rum?cm_dsp_id=39&external_user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expiration=1734341397&gdpr=0&gdpr_consent=&C=1
cf-cache-status
DYNAMIC
pragma
no-cache
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l5md1OnkUL%2BAvRPExyH4h7k%2BLegJDG3XULMaDPcEQGDVSjowa9xYqgAy5bpdNVpDZAwVYyloADlynXVJSp9m5pvnk6Y8lrYgPf8I42d0Sv0CSRCcITRZt2%2FopMHeyVUl054XAU9U9xjGpA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e3675a79999b404-YYZ
expires
0
alt-svc
h3=":443"; ma=86400
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Sat, 16 Nov 2024 09:29:57 GMT
vary
Accept-Encoding
server
cloudflare
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
625 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
81226
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
image/svg+xml
last-modified
Thu, 14 Nov 2024 20:20:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
264b949d-801e-00bc-094a-3784fb000000
cf-ray
8e36759d2dd7a2b2-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
572 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
39600
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
image/svg+xml
last-modified
Thu, 14 Nov 2024 20:20:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
85dfcc80-e01e-0102-4e11-37d725000000
cf-ray
8e36759d3f3da2e4-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
E8+sk/ECzKgTUVtDLikiIA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DD04E9B945DA9C
age
3846
cf-cache-status
HIT
x-content-type-options
nosniff
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
image/png
last-modified
Thu, 14 Nov 2024 20:20:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
590207a8-101e-003a-1f91-37d029000000
cf-ray
8e36759d5df0a2b2-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
4036
x-ms-blob-type
BlockBlob
server
cloudflare
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
81226
content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 16 Nov 2024 10:56:10 GMT
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
image/svg+xml
last-modified
Thu, 14 Nov 2024 20:20:04 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
73a8f2e6-f01e-003b-5eea-36d1d4000000
cf-ray
8e36759d5df1a2b2-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJiMDdlNmQ4Ny1jN2U5LTQ4ZGItOWJjZS1hNTMwMDhjNzM3MTgiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmIxNDAxMDU5LTdmOGEtNGI5Ni04MmE4LTJiNjZhOTkzYTdjNCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzE3NDkzNjUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid0hjWWtiY1VscklSbDB3MndxWVl3SEkwOjpjaGlkOmVsZi11cyIsImV4cCI6MTczMTc1MTE5NSwiaWF0IjoxNzMxNzQ5Mzk1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMDQyNDE3MjQ1NjQ1OTEwMyJ9.chAgTfWsPkDSXHKPPbMw3fA-Azj2Mz0YBjEPisTXOhKIHm71XNp8jnoPMzIcQDih-V3GfblIkNADHbqPQrJLKg
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-dw-request-base-id
h0qvGRRmOGcBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
VD2wisic1mmkRofE-GLcFdoNTGa9LortlDj_GtefpLl2CAcCVYUuaQ==
date
Sat, 16 Nov 2024 09:29:56 GMT
x-yottaa-optimizations
ob/0 si/25D1cc028561-1730834774-9719440534 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
204
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
allow
OPTIONS,POST
cf-ray
8e36759dbda869d5-PDX
x-yottaa-metrics
2521cc028a77/[162,161,-] 25D1cc028561/[-,164.198]
via
1.1 33296fd8128d04868ae5ae8907ff3c6c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
x-amz-cf-pop
SFO53-P2
shoppercontext
www.elfcosmetics.com/api/v1/ 		155 B
921 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJiMDdlNmQ4Ny1jN2U5LTQ4ZGItOWJjZS1hNTMwMDhjNzM3MTgiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmIxNDAxMDU5LTdmOGEtNGI5Ni04MmE4LTJiNjZhOTkzYTdjNCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzE3NDkzNjUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid0hjWWtiY1VscklSbDB3MndxWVl3SEkwOjpjaGlkOmVsZi11cyIsImV4cCI6MTczMTc1MTE5NSwiaWF0IjoxNzMxNzQ5Mzk1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMDQyNDE3MjQ1NjQ1OTEwMyJ9.chAgTfWsPkDSXHKPPbMw3fA-Azj2Mz0YBjEPisTXOhKIHm71XNp8jnoPMzIcQDih-V3GfblIkNADHbqPQrJLKg
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
155
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"9b-kxf9yVg30tXuCGFtxK1Gzr92WYg"
age
0
x-amzn-requestid
0d49a610-d308-4002-b839-bd71c9eba86d
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
4R53yo9QXNEqL73O4G8_SkQWRdPjC8JEuc8r63LsgtZk2HeX1F_GbQ==
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440535 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
BVTjNGUNCYcETOg=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:29:56 GMT
x-amzn-trace-id
Root=1-67386614-1cd4cdeb423a097e68e96ffa;Parent=0f21e5fe3d086fbc;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 33296fd8128d04868ae5ae8907ff3c6c.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028a78/[615,613,-] 25D1cc028561/[-,616.419]
access-control-allow-origin
*
content-length
131
x-amz-cf-pop
SFO53-P2
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
252 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
308c6802f9ebbbbac0992cddcbca0837a19ac24f19c7e87c060fa43b09e3bc41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
784
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
27
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
d44de914-7dbf-448c-bfa5-a78cf83334b7
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"308c6802f9ebbbbac0992cddcbca0837"
access-control-allow-methods
POST, GET
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.036952
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1731749397
cf-ray
8e36759d6bc238e1-YYZ
x-ratelimit-remaining
488.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
shoppercontext
www.elfcosmetics.com/api/v1/ 		155 B
921 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJiMDdlNmQ4Ny1jN2U5LTQ4ZGItOWJjZS1hNTMwMDhjNzM3MTgiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmIxNDAxMDU5LTdmOGEtNGI5Ni04MmE4LTJiNjZhOTkzYTdjNCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzE3NDkzNjUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid0hjWWtiY1VscklSbDB3MndxWVl3SEkwOjpjaGlkOmVsZi11cyIsImV4cCI6MTczMTc1MTE5NSwiaWF0IjoxNzMxNzQ5Mzk1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMDQyNDE3MjQ1NjQ1OTEwMyJ9.chAgTfWsPkDSXHKPPbMw3fA-Azj2Mz0YBjEPisTXOhKIHm71XNp8jnoPMzIcQDih-V3GfblIkNADHbqPQrJLKg
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
155
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"9b-kxf9yVg30tXuCGFtxK1Gzr92WYg"
age
0
x-amzn-requestid
7dd49c3a-46ff-44bc-bbde-de9611a9d09b
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
mOE9ZcZaSsVSuFeJtHLQHRGjm6p5H6uRrDzr3kM-4HJtexgrRE4TnQ==
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440536 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
BVTjNHGNiYcEDug=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:29:56 GMT
x-amzn-trace-id
Root=1-67386614-728f5379169276932abe122f;Parent=33738a6b3bcd1f8c;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 bcbc5b46216015493e082cfbcf77ef10.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028a7a/[793,792,-] 25D1cc028561/[-,794.436]
access-control-allow-origin
*
content-length
131
x-amz-cf-pop
SFO53-P2
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
308c6802f9ebbbbac0992cddcbca0837a19ac24f19c7e87c060fa43b09e3bc41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
1
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
26
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
61f13283-6e95-47cf-a1c7-ee10fdfe6391
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"308c6802f9ebbbbac0992cddcbca0837"
access-control-allow-methods
POST, GET
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.061744
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1731749397
cf-ray
8e36759d7bc338e1-YYZ
x-ratelimit-remaining
487.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
923 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type
application/json

Response headers

content-encoding
gzip
x-dw-request-base-id
fsgEMRRmOGcBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
gMRq1oeU7Vqa89WF7QPpljE8ngyfrPgVDy1LqowBkwLkbr6mpDcaKg==
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440537 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
max-age=0,no-cache,no-store,must-revalidate
allow
GET,HEAD,OPTIONS
cf-ray
8e36759ddac1ef6b-PDX
x-yottaa-metrics
2521cc028a79/[224,222,-] 25D1cc028561/[-,225.333]
via
1.1 98a26a76cd909035ece99f3a1d211a2c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-amz-cf-pop
SFO53-P2
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
922 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type
application/json

Response headers

content-encoding
gzip
x-dw-request-base-id
lUoXixRmOGcBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
tff0XC2vOCcKp1Ah-xGu84bKwVQd14Ycts_OXKoroaLTvpkjRY4Lzw==
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440543 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
max-age=0,no-cache,no-store,must-revalidate
allow
GET,HEAD,OPTIONS
cf-ray
8e36759fda96efde-PDX
x-yottaa-metrics
2521cc028a80/[268,266,-] 25D1cc028561/[-,268.928]
via
1.1 700aa70ccd1c08dc97b84e1db700ae96.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-amz-cf-pop
SFO53-P2
event
www.elfcosmetics.com/api/en-ca/v2.0/ 		105 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-ca/v2.0/event?locale=en-CA
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
65b40adf03fa7120c5c34468d4e4da1f71e44d1a8f535f9da326c358bddee59c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-9bcmo9keXHoczKvgoH2qxvz6hKs"
age
0
x-content-type-options
nosniff
x-amzn-requestid
34f46ee0-12cc-4eb5-8d81-9d5d99b2d568
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440538 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
BVTjNHRUPHcEviA=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:29:56 GMT
x-yottaa-metrics
2521cc028a7b/[161,159,-] 25D1cc028561/[-,162.156]
access-control-allow-origin
*
content-length
111
x-powered-by
Express
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwHcYkbcUlrIRl0w2wqYYwHI0/ 		11 B
983 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwHcYkbcUlrIRl0w2wqYYwHI0/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJiMDdlNmQ4Ny1jN2U5LTQ4ZGItOWJjZS1hNTMwMDhjNzM3MTgiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmIxNDAxMDU5LTdmOGEtNGI5Ni04MmE4LTJiNjZhOTkzYTdjNCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzE3NDkzNjUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid0hjWWtiY1VscklSbDB3MndxWVl3SEkwOjpjaGlkOmVsZi11cyIsImV4cCI6MTczMTc1MTE5NSwiaWF0IjoxNzMxNzQ5Mzk1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMDQyNDE3MjQ1NjQ1OTEwMyJ9.chAgTfWsPkDSXHKPPbMw3fA-Azj2Mz0YBjEPisTXOhKIHm71XNp8jnoPMzIcQDih-V3GfblIkNADHbqPQrJLKg
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

x-yottaa-metrics
2521cc028a7d/[195,193,-] 25D1cc028561/[-,196.450]
x-correlation-id
8e36759f1cf1ef14
cf-cache-status
DYNAMIC
content-encoding
gzip
age
0
x-content-type-options
nosniff
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
DIwKNNY0tYhdVaNKab3xtuGdt7H1GvRzbt-3mP4E804MGEnF2Y1cvQ==
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440541 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
no-cache, no-store
pragma
no-cache
via
1.1 b9123be426d0e732cf10eff602d871c8.cloudfront.net (CloudFront)
sfdc_cache_status
MISS [0/1]
cf-ray
8e36759f1cf1ef14-PDX
accept-ranges
bytes
access-control-allow-origin
*
sfdc_load
1
content-length
37
dnt
0
x-ratelimit-limit
99999
x-ratelimit-remaining
999
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwHcYkbcUlrIRl0w2wqYYwHI0/baskets?siteId=elf-us
x-amz-cf-pop
SFO53-P2
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=147775&uid=-3247095080494275053&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=de575dcbdc06115b926c7a36feb6185b&expSes=1338&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-7369206471408486656&cgtgDecisionId=-7369206469629440127&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1731749396275&rri=466687
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 b3dcbb5db65271a2024ef727d001a4e2.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
3mCGzpzwhs_Cig4RK89Xdtk8KoKWstLwzGI8jfLNBmDa_Tb9qhnFbA==
date
Sat, 16 Nov 2024 09:29:56 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=90901&uid=-3247095080494275053&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=de575dcbdc06115b926c7a36feb6185b&expSes=1338&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-7369206470431701217&cgtgDecisionId=-7369206469709691407&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1731749396276&rri=6607809
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 b3dcbb5db65271a2024ef727d001a4e2.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
jTU4r6B1nyuXxZHjivAwdTX55952tlWKXk0SMhEgy8b6GK3O8Hu3Fw==
date
Sat, 16 Nov 2024 09:29:56 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=739631&uid=-3247095080494275053&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=de575dcbdc06115b926c7a36feb6185b&expSes=1338&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-7369206468766106974&cgtgDecisionId=-7369206471437011856&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1731749396277&rri=8737196
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 b3dcbb5db65271a2024ef727d001a4e2.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
oegI_AIrIr07PHfRtqSRVRkjhwKP599AJoHnrUK5voyC4aBxz35Tqw==
date
Sat, 16 Nov 2024 09:29:56 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1731749396279_335667
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 807adc5f317528439570900eb8e6c384.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
S4f8CZYLxjNiDbJ2tdhRJ4Lo0jzMPL9MVzLIP2AAtDYUorq9fPb73g==
date
Sat, 16 Nov 2024 09:29:56 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
favicon.ico
www.elfcosmetics.com/ 		34 KB
35 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

x-amzn-remapped-content-length
34494
x-amzn-remapped-connection
close
etag
W/"86be-193317d3f00"
age
262, 262
x-amzn-requestid
2ca00b5e-28cd-488c-927a-618b4302be6d
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Zvh2Tmrih92pNMPCCJJ2XNKhBEi48pj01ofV9xJm_uEnw8v8TEKr3w==
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
image/x-icon
last-modified
Fri, 15 Nov 2024 20:21:52 GMT
vary
Accept-Encoding
x-yottaa-optimizations
ob/100 si/25D1cc028561-1730834774-9719440542 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
cache-control
max-age=600, s-maxage=600
x-amz-apigw-id
BVAeMHLriYcEOZw=
x-amzn-remapped-date
Sat, 16 Nov 2024 07:19:41 GMT
x-amzn-trace-id
Root=1-6738478d-56cecc5a50f946a8765ef7e0;Parent=56f5695611b48500;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 aca99b28083d8a34e20c40dbd89ecfce.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028a7f/[4,-,1731749184964] 25D1cc028561/[-,4.924]
accept-ranges
bytes
access-control-allow-origin
*
content-length
34494
x-amz-cf-pop
SFO53-P2
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.184.193 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0540a066b92ce4ca.awsglobalaccelerator.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
*
access-control-expose-headers
X-Results-Data-Source
timing-allow-origin
*
cache-control
no-cache
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
text/json
access-control-allow-credentials
true
www-widgetapi.js
www.youtube.com/s/player/0ccfa671/www-widgetapi.vflset/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/0ccfa671/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::5b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14939503c8a97bef459ce94218f0e65933ab569f7b1d726bcb0b3c1031ebccf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
age
1867
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
x-content-type-options
nosniff
expires
Sun, 16 Nov 2025 08:58:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 08:58:49 GMT
last-modified
Tue, 12 Nov 2024 05:17:52 GMT
content-type
text/javascript
vary
Accept-Encoding, Origin
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
content-length
10165
x-xss-protection
0
server
sffe
api.js
www.google.com/recaptcha/ 		1 KB
990 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.105 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f105.1e100.net
Software
ESF /
Resource Hash
74e50ec3a3c5025c49d2d4f373d67b71dd8eb694cc816dc68b21f1cdad7f05d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Sat, 16 Nov 2024 09:29:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Sat, 16 Nov 2024 09:29:56 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=86400
content-encoding
gzip
x-samesite
secure
via
1.1 google
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cache
hit
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
text/javascript
last-modified
Sat, 16 Nov 2024 09:29:56 GMT
js
www.paypal.com/sdk/ 		425 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1d79675679418e15443e5acee824d85aee85834ebbb42676e300e14d3c2195a0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-bkbJNLg1FXwF9utLO5t+MwG12G9AAbwYuteMwHHha4mjj6I1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-bkbJNLg1FXwF9utLO5t+MwG12G9AAbwYuteMwHHha4mjj6I1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
f390390da6984
content-encoding
gzip
etag
W/"1d8c8-A3zcpAvE+xM/S5Ujgbp1JqZrppU"
age
1241
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
disable-set-cookie
true
traceparent
00-0000000000000000000f390390da6984-9157d7aed7a045c0-01
server-timing
"traceparent;desc="00-0000000000000000000f390390da6984-3a45591137a74a86-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
p3p
true
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-bur-kbur8200163-BUR, cache-yul1970020-YUL, cache-yul1970020-YUL
x-cache-hits
0, 0, 0
x-frame-options
SAMEORIGIN
x-cache
MISS, HIT, MISS
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-bkbJNLg1FXwF9utLO5t+MwG12G9AAbwYuteMwHHha4mjj6I1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-bkbJNLg1FXwF9utLO5t+MwG12G9AAbwYuteMwHHha4mjj6I1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
cache-control
public, max-age=3600, s-maxage=10800
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1731749396.480909,VS0,VE4
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
access-control-allow-origin
*
content-length
121032
x-xss-protection
1; mode=block
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		150 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.22.7 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-22-7.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
0c22692fd69ca82d18566270bcbf1bd4c8b2f53fcc163cbd2dbffd6dfd0f8c5e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=15768000
Cache-Control
must-revalidate, max-age=900
Content-Encoding
gzip
Connection
keep-alive
Expires
Sat, 16 Nov 2024 09:44:56 GMT
Access-Control-Allow-Origin
*
Content-Length
53116
Date
Sat, 16 Nov 2024 09:29:56 GMT
Content-Type
application/javascript;charset=UTF-8
Vary
Accept-Encoding
X-Powered-By
Express
Server
nginx
X-Frame-Options
SAMEORIGIN
js
www.googletagmanager.com/gtag/ 		317 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e9114bcdf58288f505b10d8be4724e263c87aaa20209e60ba634596c11532bb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sat, 16 Nov 2024 09:29:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
108194
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		404 KB
130 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fcd4a4b678043c52039f029de8f292610e4e96da12c1d8e38f5482eee9a6dbb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sat, 16 Nov 2024 09:29:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
132820
x-xss-protection
0
server
Google Tag Manager
iframe_api
www.youtube.com/ 		993 B
591 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::5b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4ded1be65e7802d42d9d88aba8b134f9bd4a03cf737284fc397c26a14b10d1cc
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
x-content-type-options
nosniff
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires
Sat, 16 Nov 2024 09:29:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
require-trusted-types-for 'script'
cache-control
private, max-age=0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
x-xss-protection
0
server
ESF
include.js
cdn8.eu.inside.chat/gtm/IN-1011171-EC/ 		24 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat/gtm/IN-1011171-EC/include.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08e5f2fdc1f7a9d0de8db23174e037c1510a852b514811807b4e3f89307486d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
cf-bgj
minify
etag
W/"01e251ada13db1:0"
age
576
cf-cache-status
HIT
expires
Sat, 16 Nov 2024 10:29:56 GMT
cf-polished
origSize=38567
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript
last-modified
Tue, 01 Oct 2024 08:15:40 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=3600
cf-ray
8e36759fb9ceabf1-YYZ
server
cloudflare
destination
www.googletagmanager.com/gtag/ 		230 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3a59d44a2d31e92af61684f38edf53948979b926ac6766bb4c1a0dedef9ee625
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Sat, 16 Nov 2024 09:29:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sat, 16 Nov 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
84271
x-xss-protection
0
server
Google Tag Manager
destination
www.googletagmanager.com/gtag/ 		236 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6ec4bd33290aa912d09572f5937bcedb1aca9461cc2d45b72db4799c170ed865
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Sat, 16 Nov 2024 09:29:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sat, 16 Nov 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
85683
x-xss-protection
0
server
Google Tag Manager
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0c28a3b893740df4c1372e6321ce52981e0f77543c6fc8384af2deab941773c2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
86400
access-control-expose-headers
X-CDN
cache-control
max-age=7200
content-encoding
br
etag
"e5ea31abd058f03a816c43871945979e"
x-cdn
fastly
access-control-allow-methods
GET
alt-svc
h3=":443";ma=600
access-control-allow-origin
*
content-length
1879
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript
vary
Accept-Encoding, Origin
x-amz-server-side-encryption
AES256
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-iad3.fbcdn.net
Software
/
Resource Hash
43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-TDntLiMi' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-TDntLiMi' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=30, rtx=0, c=23, mss=1232, tbw=4449, tp=9, tpl=0, uplat=2, ullat=-1
pragma
public
x-fb-debug
9bQLu7uo41B0WXEUQMfyqJHmNqPeyDXAYh5TMlQ94ge2iiKC5IwZYJ/xoQdBZghcpjsedNIupsmhcs4NNvwIZQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62152
x-xss-protection
0
origin-agent-cluster
?1
pixel.js
www.redditstatic.com/ads/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
public, max-age=60
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
etag
"5e9ac3a42b557bf8ca38cf2e8baba70b"
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12126
date
Sat, 16 Nov 2024 09:29:56 GMT
last-modified
Tue, 15 Oct 2024 19:34:59 GMT
content-type
application/javascript
vary
Accept-Encoding,Origin
server
snooserv
x-amz-server-side-encryption
AES256
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=975160&uid=-3247095080494275053&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28646951%5D&ses=de575dcbdc06115b926c7a36feb6185b&expSes=1338&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=-7369206470315779355&cgtgDecisionId=-7369206467740751610&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1731749396536&rri=5271142
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 b3dcbb5db65271a2024ef727d001a4e2.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
qGUY3lOrwoAuo7fo_nCH0pHCjWHrNWsSXe_eFGh1T-yRds14z_l48A==
date
Sat, 16 Nov 2024 09:29:56 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
bat.js
bat.bing.com/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9E56EEE0761447A1AFE1773A2D739A45 Ref B: YMQ01EDGE0521 Ref C: 2024-11-16T09:29:56Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Sat, 16 Nov 2024 09:29:55 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
events.js
analytics.tiktok.com/i18n/pixel/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BRR4GA0I9JJBU29G8GF0&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
551e481191ade781873b0d50652fb8373a9a05463cdacb5e0cbb1f8c7d035ec6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
expires
Sat, 16 Nov 2024 09:29:56 GMT
server-timing
inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=7
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-akamai-request-id
10b669f5
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde0889f5821c2864586fff9f85a285053f1b1b6430b78a41d94d7dae3675c630ac55fa3d80ef9b6d181298c59407ff1ca23aa90cf9b5ecc786e9938e9426032371
x-origin-response-time
7,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24111609295610D73026F609D8A233BC-1F425FC1402F5450-00
content-length
2393
x-tt-logid
2024111609295610D73026F609D8A233BC
server
nginx
events.js
analytics.tiktok.com/i18n/pixel/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
106ca63496a79c5531c0e7c25aad5dda4b011c5e33cf7e007be0f06c9572ec4f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
expires
Sat, 16 Nov 2024 09:29:56 GMT
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=7
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-akamai-request-id
10b669f4
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde7c4cfb572cbeca462d335ddd47346cb2471ee716be1322ba77ebd8ebc0298a00b9a42c9fecdc2c40de52b60dac0f6f3c8872321a4612ce255af604cf14313368
x-origin-response-time
7,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2411160929563239342C3B1743A9A1E2-06C0334C146DCFAD-00
content-length
2368
x-tt-logid
202411160929563239342C3B1743A9A1E2
server
nginx
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27d4:d800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
226049a96ceaa190e0dd45980c8fba9367127b7c2b19b635ee30bb7f4fa17e52

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
M.fQKrXkVHcvymDK9D8bU4BvoS660wdj
etag
"9ee6264c1a592ca4976fb94c91ef8c87"
age
3192
via
1.1 e16efc71e79c35b916d39ffacf1425d6.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
45384
x-amz-cf-id
2Y4TNxJ5VOAquaulpgB71eNxFjYSZ4hdBPGcNPBNasoe92PCx2z1Iw==
date
Sat, 16 Nov 2024 08:36:44 GMT
content-type
text/javascript
last-modified
Mon, 07 Oct 2024 17:19:22 GMT
server
AmazonS3
x-amz-cf-pop
ORD51-P1
x-amz-server-side-encryption
AES256
i.js
tag.wknd.ai/6664/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
a687e75c399fb4ce1187ebf92ab22e67e92a7e7a04d0a7b60cca3ff783253494

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
cf08ca714b6433
age
2885
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 08:41:51 GMT
content-type
text/plain; charset=utf-8
vary
Accept-Encoding
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
cache-control
public,max-age=60
timing-allow-origin
*
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
tag-router.tag-router.svc.cluster.local:80/*
via
1.1 google
access-control-allow-origin
*
content-length
5686
server
istio-envoy
x-region
us-central1
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1731749396549_839888
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.44.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 807adc5f317528439570900eb8e6c384.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
IxMpY90KaBDp7S9M10O8m3PGgQBf6dTxXGlLZb6RT8ixEzpqBhez5w==
date
Sat, 16 Nov 2024 09:29:56 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		382 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-108.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4bef3d0bd705d1159b1a3a179655afd097f8da9fb9ea8249139b6c17b5b4fe8c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
etag
"2d1d1fc4423c8a6cd50ede50e6b51f62"
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
86LSMud4mmc7gyXpxdIRfMSIS4zm-5lPvpwCltsfX-tIfE5QONRTqQ==
date
Wed, 13 Nov 2024 19:40:55 GMT
content-type
application/javascript;charset=utf-8
last-modified
Wed, 13 Nov 2024 19:40:48 GMT
vary
Origin
cache-control
max-age=900
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
via
1.1 8ca035400a84b098a1e3d94d81359de8.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
91889
x-amz-cf-pop
JFK52-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
main.5aecc8b1.js
s.pinimg.com/ct/lib/ 		82 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.5aecc8b1.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
19576a00ececd1add5cecaa486d9f1f224597e55442a826c77d6ad17f8c11e07

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
86400
access-control-expose-headers
X-CDN
cache-control
max-age=1209600
content-encoding
br
etag
"f1f002e8782a3d0f44fde21e97f61203"
x-cdn
fastly
access-control-allow-methods
GET
alt-svc
h3=":443";ma=600
access-control-allow-origin
*
content-length
23676
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript
vary
Accept-Encoding, Origin
x-amz-server-side-encryption
AES256
ig.js
cdn8.eu.inside.chat/ 		167 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat/ig.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf055e03c860dd88d9d4017203050548dc930d6b78749b07320c9b08f3625071
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=3600
content-encoding
gzip
cf-cache-status
HIT
etag
75fd15fd6fcf6083994b9a43ad8e8323
age
146
cf-ray
8e3675a0aa8cabf1-YYZ
expires
Sat, 16 Nov 2024 10:29:56 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
59762
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;p...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1679210757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f148.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Sat, 16 Nov 2024 09:29:56 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"1491795226292713435"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0x9ab5086fe7f2e12d","source_keys":["12","13","14","15","16","17","18","19","20","21","22981708","22981709","22981710","22981711","24748276","24748277","24748278","24748279","27138660","27138661","27138662","27138663","628477676","628477677","628477678","628477679","628627208","628627209","628627210","628627211","642003348","642003349","642003350","642003351","642003440","642003441","642003442","642003443","642887056","642887057","642887058","642887059"]},{"key_piece":"0x6b44b81f3d5668b1","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","22981708","22981709","22981710","22981711","24748276","24748277","24748278","24748279","27138660","27138661","27138662","27138663","628477676","628477677","628477678","628477679","628627208","628627209","628627210","628627211","642003348","642003349","642003350","642003351","642003440","642003441","642003442","642003443","642887056","642887057","642887058","642887059"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"22981708":131,"22981709":131,"22981710":131,"22981711":12713,"24748276":32,"24748277":32,"24748278":32,"24748279":3177,"27138660":34,"27138661":34,"27138662":34,"27138663":3345,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"642003348":32,"642003349":32,"642003350":32,"642003351":3177,"642003440":32,"642003441":32,"642003442":32,"642003443":3177,"642887056":65,"642887057":65,"642887058":65,"642887059":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"12804361484754963227","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"1491795226292713435","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"1491795226292713435","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"1491795226292713435","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"1491795226292713435","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
content-type
image/png
x-xss-protection
0
server
cafe
1638306756445368
connect.facebook.net/signals/config/ 		81 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.177&r=stable&domain=www.elfcosmetics.com&hme=c3e4904c1dde42d643265ef909b9e193c41cedcd6f559a3ff5e1b178e36647fa&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-iad3.fbcdn.net
Software
/
Resource Hash
f954e6a3c784eed56f87f44a068e3755d1848a03a3e3739e95b14e771b0e6d6c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-rVbdALTl' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-rVbdALTl' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=29, rtx=0, c=73, mss=1232, tbw=70417, tp=66, tpl=0, uplat=66, ullat=0
pragma
public
x-fb-debug
1wyBnyM/Qxc/prrpoKrcyWskUWm+Px3ACq0WGW9QXLsC2E0XXO+3DQEj+7TQIWjXBK/MLvW0MLyKSUblKhtw/w==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4bc0v879088318z8896608294za200zb896608294&_gaz=1&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067554~102067808~102077855&cid=161341692.1731749397&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1731749396&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_nsi=1&_ss=2&tfd=6886
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
557 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=161341692.1731749397&gtm=45je4bc0v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=101925629~102067554~102067808~102077855
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=161341692.1731749397&gtm=45je4bc0v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=101925629~102067554~102067808~102077855&tag_exp=101925629~102067554~102067808~102077855&z=185750260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 16 Nov 2024 09:29:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1230820373;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f148.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Sat, 16 Nov 2024 09:29:56 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"17944273074702417927"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0xdbbef7ef1717f9a5","source_keys":["12","13","14","15","16","17","18","19","20","21","22938932","22938933","22938934","22938935","27161852","27161853","27161854","27161855","628473576","628473577","628473578","628473579","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","641998712","641998713","641998714","641998715","642025028","642025029","642025030","642025031","643969340","643969341","643969342","643969343"]},{"key_piece":"0x5d2c788f9c2ffc54","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","22938932","22938933","22938934","22938935","27161852","27161853","27161854","27161855","628473576","628473577","628473578","628473579","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","641998712","641998713","641998714","641998715","642025028","642025029","642025030","642025031","643969340","643969341","643969342","643969343"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"22938932":34,"22938933":34,"22938934":34,"22938935":3345,"27161852":32,"27161853":32,"27161854":32,"27161855":3177,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"641998712":32,"641998713":32,"641998714":32,"641998715":3177,"642025028":34,"642025029":34,"642025030":34,"642025031":3345,"643969340":32,"643969341":32,"643969342":32,"643969343":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"7744338594879082056","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"17944273074702417927","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"17944273074702417927","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"17944273074702417927","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"17944273074702417927","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
content-type
image/png
x-xss-protection
0
server
cafe
collect
sgtm.elfcosmetics.com/g/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4bc0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067554~102067808~102077855&cid=161341692.1731749397&ecid=977587072&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=121143378.1731749395&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=1&sid=1731749396&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=1&tfd=7010&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
7b72e1d9e65564ea13890071486e5c74677b9a838c27145ffbd5eee96d2a381d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
text/plain
server
Google Frontend
collect
sgtm.elfcosmetics.com/g/ 		65 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4bc0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067554~102067808~102077855&cid=161341692.1731749397&ecid=977587072&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=121143378.1731749395&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=2&sid=1731749396&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1731750053898_173175025128320&ep.facebook_pixel_id=1638306756445368&_et=7&tfd=7029&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
text/plain
server
Google Frontend
local
www.paypal.com/credit-presentment/experiments/ Frame 8B63 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.65.2&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
59700
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1523
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
correlation-id
f383757d546a0
date
Sat, 16 Nov 2024 09:29:57 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-rcjjDmCYbnZKEiOs2pd/xEvI80U"
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f383757d546a0
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f383757d546a0-6d19f764e50c42d2-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f383757d546a0-645b8ddfab841cf6-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
1, 3678, 0
x-served-by
cache-bur-kbur8200087-BUR, cache-yul1970045-YUL, cache-yul1970045-YUL
x-timer
S1731749397.105318,VS0,VE6
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.465&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
19308d1d6253bdf22053ef9727f6efd8e2a87e426fd4347bac94c17c8aba2d52
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-3+80YEKN7rELUddqQQ33S4QErC29+Lh5ENsPZk0goJJMKdKq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

paypal-debug-id
f404490c08c2a
content-encoding
gzip
etag
W/"368c-ZwSOJbnzw2fKCwHH9dFM+cQ1psk"
age
59326
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
traceparent
00-0000000000000000000f404490c08c2a-c2ae0a513ba6366f-01
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT, MISS
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/x-javascript; charset=utf-8
x-served-by
cache-bur-kbur8200077-BUR, cache-yul1970020-YUL, cache-yul1970020-YUL
x-cache-hits
88, 39, 0
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-3+80YEKN7rELUddqQQ33S4QErC29+Lh5ENsPZk0goJJMKdKq' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
cache-control
public, max-age=3600
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1731749397.070193,VS0,VE4
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
content-length
4802
x-xss-protection
1; mode=block
activityi;dc_pre=CJOip53F4IkDFZIKiAkd3Zs25A;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-cri...
10742279.fls.doubleclick.net/ Frame 7080
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJOip53F4IkDFZIKiAkd3Zs25A;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcos...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJOip53F4IkDFZIKiAkd3Zs25A;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1679210757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.63.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:29:57 GMT
expires
Sat, 16 Nov 2024 09:29:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:29:57 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJOip53F4IkDFZIKiAkd3Zs25A;src=10742279;type=elf8j0;cat=glo_flap;ord=5186156484204;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1679210757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=COyqqJ3F4IkDFXMqiAkdzUEBMg;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;...
9231397.fls.doubleclick.net/ Frame 1496
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=COyqqJ3F4IkDFXMqiAkdzUEBMg;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-cr...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=COyqqJ3F4IkDFXMqiAkdzUEBMg;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1230820373;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
461
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:29:57 GMT
expires
Sat, 16 Nov 2024 09:29:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:29:57 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=COyqqJ3F4IkDFXMqiAkdzUEBMg;src=9231397;type=retarget;cat=globa0;ord=9856887859485;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=undefined;ps=1;pcor=1230820373;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/ 		546 KB
215 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__en.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f94.1e100.net
Software
sffe /
Resource Hash
f8e5f5ce9ff44073cff24bcd3d2b8aa4e67b67891b14ff929fe4743880fdf82e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.elfcosmetics.com
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
age
33277
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Sun, 16 Nov 2025 00:15:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 00:15:20 GMT
last-modified
Tue, 22 Oct 2024 00:01:33 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
220347
x-xss-protection
0
server
sffe
jsp
ut.rd.linksynergy.com/ 		148 B
405 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
6ee5be4b99c2ae73bc6fcd965ac26d9601fed3219b941448ddd1cf193cdd454a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
date
Sat, 16 Nov 2024 09:29:57 GMT
x-samesite
secure
content-type
text/plain; charset=utf-8
logger
www.paypal.com/xoplatform/logger/api/ 		966 B
887 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9c6e693f5a8ab14c75e1727f85f25d6f93ad8ee3f20ffd6ed8ce7dc59714d65b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
application/json
content-type
application/json

Response headers

paypal-debug-id
f70550983d006
content-encoding
br
etag
W/"3c6-Gkrm75etnPo94XXXzGgWK4kfhgg"
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
traceparent
00-0000000000000000000f70550983d006-05dd7aafe3f3596f-01
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-cache
MISS, MISS, MISS
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/json; charset=utf-8
x-served-by
cache-bur-kbur8200073-BUR, cache-yul1970073-YUL, cache-yul1970073-YUL
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1731749397.399329,VS0,VE131
access-control-allow-credentials
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
access-control-allow-origin
https://www.elfcosmetics.com
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Sat, 16 Nov 2024 09:29:57 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f7055094e8ae1
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f7055094e8ae1-ec0a36d53daac7dc-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-served-by
cache-bur-kbur8200148-BUR, cache-yul1970073-YUL, cache-yul1970073-YUL
x-timer
S1731749397.226475,VS0,VE131
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
d40187484a91e4994e80ab979ada052981a741330139099a74b5bb3fbda50068
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJiMDdlNmQ4Ny1jN2U5LTQ4ZGItOWJjZS1hNTMwMDhjNzM3MTgiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmIxNDAxMDU5LTdmOGEtNGI5Ni04MmE4LTJiNjZhOTkzYTdjNCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzE3NDkzNjUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid0hjWWtiY1VscklSbDB3MndxWVl3SEkwOjpjaGlkOmVsZi11cyIsImV4cCI6MTczMTc1MTE5NSwiaWF0IjoxNzMxNzQ5Mzk1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMDQyNDE3MjQ1NjQ1OTEwMyJ9.chAgTfWsPkDSXHKPPbMw3fA-Azj2Mz0YBjEPisTXOhKIHm71XNp8jnoPMzIcQDih-V3GfblIkNADHbqPQrJLKg
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type
application/json

Response headers

x-dw-resource-state
e53617748a01ca0b542ccac1b293c9d3d33855951fe6ccc391d24a89a5bb5d0c
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
content-encoding
gzip
x-dw-request-base-id
fsguMRVmOGcBAAB_
etag
e53617748a01ca0b542ccac1b293c9d3d33855951fe6ccc391d24a89a5bb5d0c
age
0
x-dw-version-status
obsolete
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
fvosXgQJspU3cSVzhxscpl-uA4h_AagEFwnSnM6NAciBtv76qRd3bA==
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440545 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
allow
OPTIONS,POST
cf-ray
8e3675a4ff9f5ebf-PDX
x-yottaa-metrics
2521cc028a82/[240,238,-] 25D1cc028561/[-,241.843]
via
1.1 98a26a76cd909035ece99f3a1d211a2c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
1107
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
x-amz-cf-pop
SFO53-P2
/
ct.pinterest.com/user/ 		321 B
748 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1731749397189&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.5aecc8b1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Epik,Pin-Unauth
content-encoding
gzip
x-pinterest-rid-128bit
59dffe6da400401acf34588a1825cb33
expires
Sat, 01 Jan 2000 00:00:00 GMT
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
0
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
pin-unauth
dWlkPVpEYzBNall6T0RrdE5EWmlaaTAwTmpZMkxUZ3hZbUV0WmpGbE1UTXlOV1ptT1RNMw
pinterest-version
fe8dde823c9d8ad4331a9352a6a28b5f1fb1cf4b
access-control-allow-origin
https://www.elfcosmetics.com
content-length
186
akamai-grn
0.15dfda17.1731749397.3c6e8087
x-pinterest-rid
1493065601477389
/
ct.pinterest.com/user/ 		321 B
771 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221731750053898_173175025128320%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1731749397190&dep=5%2CEVENT_TAGS_ABSENT
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.5aecc8b1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Epik,Pin-Unauth
content-encoding
gzip
x-pinterest-rid-128bit
2fdc28a689db7be0e58372a436b15322
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=600
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
0
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
pin-unauth
dWlkPVlUSXdZV0V4TjJZdFpURXpPUzAwWWpFeExUazRNRE10TldSaU1HTXdPVFZoTTJWag
pinterest-version
fe8dde823c9d8ad4331a9352a6a28b5f1fb1cf4b
access-control-allow-origin
https://www.elfcosmetics.com
content-length
186
akamai-grn
0.15dfda17.1731749397.3c6e8085
x-pinterest-rid
1653818830625238
config
pixel-config.reddit.com/pixels/t2_16331p/ 		3 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/t2_16331p/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=14400
content-encoding
gzip
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
27
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/json
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=300
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
98
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/json
vary
Accept-Encoding,Origin
server
snooserv
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1731749397203&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=360ac075ccbc20e623d854001c6ceb2d7f0d54cad73bd39635296e41df5d0daf&uuid=4723ca10-a637-448b-8a9f-f2e244618fcb&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_49267bce&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after
0
cross-origin-resource-policy
cross-origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
content-length
42
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
image/gif
server
Varnish
collect
analytics.google.com/g/s/ 		0
268 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.google.com/g/s/collect?dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067554~102067808~102077855&_gsid=5D80LRC85NXlFZcNhd9uXwrS_CRsxKSQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:194:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:194:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=JqsQr2tKz5IKiZkqQDLq2oW6axr6o9TqJzUpBFndkmg%3D.1731749397&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067554~102067808~102077855&aip=1&z=1937148749
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 16 Nov 2024 09:29:57 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
stats.g.doubleclick.net/g/ 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=JqsQr2tKz5IKiZkqQDLq2oW6axr6o9TqJzUpBFndkmg%3D.1731749397&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067554~102067808~102077855&aip=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
text/plain
server
Golfe2
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1731749397270&sw=1600&sh=1200&v=2.9.177&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=12318&fbp=fb.1.1731749397262.299593853531347623&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1731749396637&coo=false&eid=1731750053898_173175025128320&tm=1&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=31, rtx=0, c=23, mss=1232, tbw=4496, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1731749397270&sw=1600&sh=1200&v=2.9.177&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=12318&fbp=fb.1.1731749397262.299593853531347623&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1731749396637&coo=false&eid=1731750053898_173175025128320&tm=1&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7437807025629085941"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa230b3a6a6e8856b","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["1521466687872304"]},"debug_reporting":true,"debug_key":"4072076572473325761"}
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
+LW2bEMbonNV4VpidcFaMePeXaZnPUGscOu4trt72RJeOpXPGoVNRuo5OjG2UGq00LPUlvC2QMwiv+q+93u/qg==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7437807025629085941", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=33, rtx=0, c=23, mss=1232, tbw=4912, tp=14, tpl=0, uplat=80, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
main.MWFhYzI4NzhlMA.js
analytics.tiktok.com/i18n/pixel/static/ 		343 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7f112f4a2dab651ac0411c527e616a77b5cae236f200ba601d7b03672855e0cc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
x-tt-trace-id
00-24111505024602AAD6A26DFDDB09678C-0E86B5A73848AD82-00
content-length
96303
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
2024111505024602AAD6A26DFDDB09678C
server
nginx
x-akamai-request-id
10b67555
x-tt-trace-host
0110c150de4311e2fe677873f34dfe62e1616d4ef629de8a8ad81d70a8907fe8b97de79e53fb3bab816844f5c7268258e7f3b36cf526f772b64d8a26315939e141f6ae6a64701f71615e8ee3f871a58df7563d423ab6ec2aeaab02007528920bab
main.MWFhYzI4NzhlMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		349 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c19d35d3ab541478af2ee769d2a306f12cd47c94ecfb3dbc5c319218cf6d369b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=16
x-tt-trace-id
00-241115050237EBD75C0007AF691AE4B1-019FA15B489365FF-00
content-length
98218
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
20241115050237EBD75C0007AF691AE4B1
server
nginx
x-akamai-request-id
10b67556
x-tt-trace-host
01ee99a2591b26adbe1870f607ec5b3e96b87c0375ac84173432c14133a59efcd91cdba0a2e50ea44ce9db7c5e5516277705c8d629246ff48ff955121516d1f2cdb3ffd1cd671de0e7c6f2aa6f35804f70ce47b5b49949589e03d59b7ce7fece3a
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27d4:d800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
69beb39687e8656561a843b13137c292498648b7f1ae665214eb292527cd436b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
fgLtE0C.phC7FjS26Fxc9wt33wvWl9V5
etag
"c2b625a2843069c776e8a618c90b952a"
age
62047
via
1.1 e16efc71e79c35b916d39ffacf1425d6.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
15522
x-amz-cf-id
OgsH2nzkWqT_hD4lu-y5U_pccZE_y3L5HmI-19vrenmcFaHaRXR4gg==
date
Fri, 15 Nov 2024 16:15:51 GMT
content-type
text/css
last-modified
Mon, 07 Oct 2024 17:19:22 GMT
server
AmazonS3
x-amz-cf-pop
ORD51-P1
x-amz-server-side-encryption
AES256
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.232.50.39 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-232-50-39.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

surrogate-control
no-store
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-content-type-options
nosniff
expires
0
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
application/json; charset=utf-8
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-dns-prefetch-control
off
pragma
no-cache
access-control-allow-credentials
true
x-download-options
noopen
access-control-allow-origin
https://www.elfcosmetics.com
content-length
2
x-xss-protection
1; mode=block
ts
t.paypal.com/ 		42 B
633 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1731749397633&g=480&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
55d08f099d6f0
correlation-id
55d08f099d6f0
expires
Sat, 16 Nov 2024 09:29:57 GMT
traceparent
00-000000000000000000055d08f099d6f0-2a005bf7881093ec-01
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
server-timing
"traceparent;desc="00-000000000000000000055d08f099d6f0-b9c1427c1033f77b-01"";content-encoding;desc="",x-cdn;desc="fastly"
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
image/gif
x-served-by
cache-bur-kbur8200034-BUR, cache-yul1970021-YUL
x-cache-hits
0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-timer
S1731749398.724201,VS0,VE118
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
/
ct.pinterest.com/v3/ 		35 B
546 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%225aecc8b1%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1731749397634
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.5aecc8b1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-pinterest-rid-128bit
65211fac93cc4fd85905c6edbe07e1a7
expires
Sat, 01 Jan 2000 00:00:00 GMT
date
Sat, 16 Nov 2024 09:29:57 GMT
content-type
image/gif
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
0
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
pinterest-version
fe8dde823c9d8ad4331a9352a6a28b5f1fb1cf4b
access-control-allow-origin
https://www.elfcosmetics.com
content-length
35
akamai-grn
0.15dfda17.1731749397.3c6e8255
x-pinterest-rid
6414751968656875
config
www8.eu.inside.chat/ 		231 B
693 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/config?acc=IN-1011171&pid=&c1=OK&dev=1&url=https%3A%2F%2Fwww.elfcosmetics.com&sid=14&j=1
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68f38bac4859fbffd21448e052eb99ca911f8e2aa1f8f3709dee67a48b2196be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8e3675a7d9aaac2d-YYZ
expires
Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=86400
p3p
CP="insert_p3p_privacy_policy_here"
date
Sat, 16 Nov 2024 09:29:58 GMT
content-type
application/json; charset=UTF-8
last-modified
Sat, 01 Jan 2000 00:00:00 GMT
server
cloudflare
5013978.js
bat.bing.com/p/action/ 		363 B
422 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 8ED1AA5706574C759EAF9D450F18414C Ref B: YMQ01EDGE0521 Ref C: 2024-11-16T09:29:57Z
x-cache
CONFIG_NOCACHE
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
fb1c88d7-c2f5-447a-bf02-da4196cc7504
https://www.elfcosmetics.com/ Frame 		0
0
collect
sgtm.elfcosmetics.com/g/ 		901 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4bc0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067554~102067808~102077855&cid=161341692.1731749397&ecid=977587072&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=121143378.1731749395&sst.etld=google.ca&sst.adr=1&sst.ude=0&sid=1731749396&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=3&tfd=8141&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4bc0v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
96f725ed7fedea70ca3eab2240f3066a4c9e9a50c9bd64ed4e5bd44a15c26c88
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:58 GMT
content-type
text/plain
server
Google Frontend
runtime_c81e76ee00d795b1eebf8d27949f8dc5.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		908 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_c81e76ee00d795b1eebf8d27949f8dc5.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
546e554a3c51ce180d022de9ff5506f14603b38d40ece9f2be43c88328358a52

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=zwy9lg==, md5=HCxXU9+1dkCoulTxEZNLMA==
etag
"1c2c5753dfb57640a8ba54f111934b30"
age
27259
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
509
date
Sat, 16 Nov 2024 01:55:39 GMT
last-modified
Wed, 13 Nov 2024 17:32:49 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC72scIUIB1shNq7cZnpBwR5Q1l6upQJACMfhByUOpeNyFKoJdhoa2OrP6dWTXj8-2E-AZYrxHt2sg
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1731519169779954
content-length
509
server
UploadServer
/
ct.pinterest.com/v3/ 		35 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221731750053898_173175025128320%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1731749398201&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%225aecc8b1%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.5aecc8b1.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-pinterest-rid-128bit
443e2bc0acc160934c194deb2d18aa73
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=600
date
Sat, 16 Nov 2024 09:29:58 GMT
content-type
image/gif
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
1
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
quic-version
0x00000001
pinterest-version
fe8dde823c9d8ad4331a9352a6a28b5f1fb1cf4b
access-control-allow-origin
https://www.elfcosmetics.com
content-length
35
akamai-grn
0.11dfda17.1731749398.c688fdc
x-pinterest-rid
5483499693769534
/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=1105721981&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v912564011...
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1118738942&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1118738942&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v9125640115z88966...
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1118738942&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v9125640115z889660...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/698270988/?random=1118738942&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=88868488.1731749395&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067554~102067808~102077855&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIscDmncXgiQMV1BGICR06XCSUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JWQ2hBSWdLTGh1UVlRcEpfVnhlcWZzS2Q5RWl3QUZOWVdQQ2szbEtsYXhlcTQ3SG80WkkwWW5zS1N4Zlh2Z2N4d1NlSTlDNS1wMHhBNENnSVpNRlFSZGc&is_vtc=1&cid=CAQSKQCa7L7dGwt2P5PiB7o1l2QbnZImjPgvxvus7ca1HUSI92erFVQygi9n&eitems=ChAIgKLhuQYQ8re0vpXytqIHEh0A-j83ltosreNmWXnKPoR6sQOvTRGxKG7KxDF0zw&random=1191854749&ipr=y
Protocol
H3
Server
142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 16 Nov 2024 09:29:58 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.ca/pagead/1p-conversion/698270988/?random=1118738942&fst=1731749398096&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=88868488.1731749395&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067554~102067808~102077855&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbECSid0cmlnZ2VyO25hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIscDmncXgiQMV1BGICR06XCSUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JWQ2hBSWdLTGh1UVlRcEpfVnhlcWZzS2Q5RWl3QUZOWVdQQ2szbEtsYXhlcTQ3SG80WkkwWW5zS1N4Zlh2Z2N4d1NlSTlDNS1wMHhBNENnSVpNRlFSZGc&is_vtc=1&cid=CAQSKQCa7L7dGwt2P5PiB7o1l2QbnZImjPgvxvus7ca1HUSI92erFVQygi9n&eitems=ChAIgKLhuQYQ8re0vpXytqIHEh0A-j83ltosreNmWXnKPoR6sQOvTRGxKG7KxDF0zw&random=1191854749&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 16 Nov 2024 09:29:58 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
products
www.elfcosmetics.com/api/en-ca/v2.0/ 		765 KB
55 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-ca/v2.0/products?ids=300241%2C300234%2C300222%2C300230%2C400030%2C57586&phash=d698ede716cf2641&siteId=elf-us&locale=en-CA&currency=CAD
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
8e73254d45a18bc32ccda3defcb07cda6af6bea0c5e8ab47c731e40d75bd3540
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJiMDdlNmQ4Ny1jN2U5LTQ4ZGItOWJjZS1hNTMwMDhjNzM3MTgiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmIxNDAxMDU5LTdmOGEtNGI5Ni04MmE4LTJiNjZhOTkzYTdjNCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzE3NDkzNjUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid0hjWWtiY1VscklSbDB3MndxWVl3SEkwOjpjaGlkOmVsZi11cyIsImV4cCI6MTczMTc1MTE5NSwiaWF0IjoxNzMxNzQ5Mzk1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMDQyNDE3MjQ1NjQ1OTEwMyJ9.chAgTfWsPkDSXHKPPbMw3fA-Azj2Mz0YBjEPisTXOhKIHm71XNp8jnoPMzIcQDih-V3GfblIkNADHbqPQrJLKg
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
clientid
982499-0-40048abc

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"bf30e-DqXs49Bx4YCsxedTRKpUaAuldws"
age
0
x-content-type-options
nosniff
x-amzn-requestid
23a927e4-3a04-4139-a9ff-8bc7e807864e
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440547 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
BVTjkFf5vHcEoDQ=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:29:59 GMT
x-yottaa-metrics
2521cc028a83/[1014,1012,-] 25D1cc028561/[-,1015.402]
access-control-allow-origin
*
x-powered-by
Express
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D10C) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

paypal-debug-id
0026119e10ee1
content-encoding
br
etag
"64f25363-daa8"
x-content-type-options
nosniff
expires
Sat, 16 Nov 2024 10:29:58 GMT
traceparent
00-00000000000000000000026119e10ee1-3bd3720dfb36842b-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT
date
Sat, 16 Nov 2024 09:29:58 GMT
content-type
application/javascript
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges
bytes
content-length
15742
server
ECAcc (nyd/D10C)
identify_45dd5971.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_45dd5971.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2adcf9fd70c1c834f4b13d732b66f4900cec9a6bbdc587b85dbc68cdd9a34be4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
x-tt-trace-id
00-2411150502397366B6D33FC20AF00152-4482C89C78A0B499-00
content-length
39240
date
Sat, 16 Nov 2024 09:29:58 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
202411150502397366B6D33FC20AF00152
server
nginx
x-akamai-request-id
10b689bd
x-tt-trace-host
010e9fd4bb5c089565c4ad7ecc18c02e64d6eb0f37673373e4d6c987350ed1c448fe05300c228c9a484f6aa32801a8e06740ea973a2884a3cecef42349714eb3d62c423892703eaab9e2ddef870416c82979dcddbbf536ff0e11fb4ed7916fe48e
performance_interaction
analytics.tiktok.com/api/v2/ 		0
716 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/performance_interaction
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=9, cdn-cache; desc=MISS, edge; dur=10, origin; dur=13
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68a17
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde2e887c1b4184cac59a18abb0e1ef2ddad955efaf5b371e51ee038e91364259417a2c797f9b4007b5a37d3b30585c271551d712292a8953985cffdecef92af68a
x-origin-response-time
13,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241116092958BE19616CB56375A8DB41-4671B8E54BC5C6A8-00
content-length
0
x-tt-logid
20241116092958BE19616CB56375A8DB41
server
nginx
pixel
analytics.tiktok.com/api/v2/ 		0
717 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=59, cdn-cache; desc=MISS, edge; dur=7, origin; dur=62
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68a26
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde6d80aebeb61faa2ccc9de46445b766ff4447c388b6dd952ba06f7ed569fac4d09df4b4ed5b8b605a301921e7f91905fc97db5f4e1e49380dddf8b8b1e54ce6aa
x-origin-response-time
62,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24111609295865160F9BD1EE8F9E9575-049C1D50719B6F80-00
content-length
0
x-tt-logid
2024111609295865160F9BD1EE8F9E9575
server
nginx
pixel
analytics.tiktok.com/api/v2/ 		0
715 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=16, cdn-cache; desc=MISS, edge; dur=8, origin; dur=19
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68a27
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde85a4ac0e1fbee5253c955e52c8dfc7881433f7ac648b34b7100bf526753152cde1e1e001a381b23309493063f3b617491840a75bcd4430ae16c0ee37f7c32366
x-origin-response-time
20,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24111609295891329E39758B01A680D7-6603751C69D5778D-00
content-length
0
x-tt-logid
2024111609295891329E39758B01A680D7
server
nginx
pixel
analytics.tiktok.com/api/v2/ 		0
717 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=17, cdn-cache; desc=MISS, edge; dur=7, origin; dur=25
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68a28
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde6068e12ea37ef7e5b79ab7b3db1e35cb03a212e03f3a8d2eab60424d016a369f8569897d475d549fca2a94403954bf69a800337bfa54620158cb89f1bcc67d80
x-origin-response-time
25,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2411160929587DE85007F45A8EB071B0-0913FD3F5C91A949-00
content-length
0
x-tt-logid
202411160929587DE85007F45A8EB071B0
server
nginx
anchor
www.google.com/recaptcha/api2/ Frame 08EA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu&co=aHR0cHM6Ly93d3cuZWxmY29zbWV0aWNzLmNvbTo0NDM.&hl=en&type=image&v=-ZG7BC9TxCVEbzIO2m429usb&theme=light&size=invisible&badge=bottomright&cb=5jik6r8r8sdp
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.103 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f103.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-WvMdRlcBK0YWG4eMG0-zLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-WvMdRlcBK0YWG4eMG0-zLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:29:58 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
0
bat.bing.com/action/ 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=5fa5d258-92d1-480c-a515-a6ec5065c3e1&bo=1&sid=58ffac40a3fd11ef80fad5c412e1172b&vid=58ff9e90a3fd11efb42b3d3a1d0b4a04&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=6088&evt=pageLoad&sv=1&cdb=AQET&rn=36903
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: A79DCDB308964134A5170256527DBBD3 Ref B: YMQ01EDGE0521 Ref C: 2024-11-16T09:29:58Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Sat, 16 Nov 2024 09:29:57 GMT
cf
www8.eu.inside.chat/page/ 		174 B
422 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/page/cf?_=1731749398205.3599
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43b23b13063ca915e738f4c77fc5be52b1f139b74088ba6f0b2e397dd5e6175e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8e3675adfd23ac2d-YYZ
expires
Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:58 GMT
content-type
application/json
last-modified
Sat, 01 Jan 2000 00:00:00 GMT
vary
Accept-Encoding
server
cloudflare
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=23, cdn-cache; desc=MISS, edge; dur=16, origin; dur=33
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68ee8
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde7c4cfb572cbeca462d335ddd47346cb2eb8b5e2dd3895754bc988cb738a0e72354f3b3e53cc186c2d49bb924e2fd00085b035fbc17bebc443f6f8c9682a0b2d3
x-origin-response-time
35,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2411160929583239342C3B1743A9A28A-72022B4B54975AA3-00
content-length
0
x-tt-logid
202411160929583239342C3B1743A9A28A
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=21, cdn-cache; desc=MISS, edge; dur=9, origin; dur=23
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68eec
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde6d80aebeb61faa2ccc9de46445b766ffd091adf105b765a61fe0dba14c687383b599fd38667e6a75770f93025925753d6d31ceadf9fbec64632caa6e163ad8d7
x-origin-response-time
24,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24111609295865160F9BD1EE8F9E958B-671924C46C9BBD15-00
content-length
0
x-tt-logid
2024111609295865160F9BD1EE8F9E958B
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=23, cdn-cache; desc=MISS, edge; dur=10, origin; dur=30
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68f5a
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde6068e12ea37ef7e5b79ab7b3db1e35cb31c5e8b1cced6cde42823b3b61175e11589d6a2aabf389360483227848b5987d662141e3d822e37f23fe230b50734e33
x-origin-response-time
30,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2411160929587DE85007F45A8EB071CE-22C62D6B4785EC7B-00
content-length
0
x-tt-logid
202411160929587DE85007F45A8EB071CE
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
715 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=39, cdn-cache; desc=MISS, edge; dur=9, origin; dur=41
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68f5c
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde85a4ac0e1fbee5253c955e52c8dfc788bbb1eeeb37ade64ab5510b87cc1f14864c245c6dfd93044d67a27bcafb4dfc8be640e5931a596c164fadae8206b10ddc
x-origin-response-time
42,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24111609295891329E39758B01A680EC-4896C8846767C0F2-00
content-length
0
x-tt-logid
2024111609295891329E39758B01A680EC
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
716 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=20, cdn-cache; desc=MISS, edge; dur=7, origin; dur=24
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68f5d
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde0889f5821c2864586fff9f85a285053f72ce9f726c7d9efde1dfcaae591f2761201e5628540691aac87d05534c832e8386d2ebb0ed8675b23a80a733e4e5238f
x-origin-response-time
24,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24111609295810D73026F609D8A234E1-29CB2C86185B5EC5-00
content-length
0
x-tt-logid
2024111609295810D73026F609D8A234E1
server
nginx
heap_config.js
cdn.us.heap-api.com/config/1042782804/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.us.heap-api.com/config/1042782804/heap_config.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-11.jfk50.r.cloudfront.net
Software
nginx / Express
Resource Hash
974f64bede7bfa0bbd7ebbeb0c6123ea1551023c2f01b3407bc6c24e542f8465
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
W/"4a1-khVWgibEFY+tOqwYBmK7vvo13QU"
age
18
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
z1sGbofgYyRFVHN6BNZff7N98k3yknyS0XLYIs-4AY_LRf9Z4Av-_Q==
date
Sat, 16 Nov 2024 09:29:58 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=120
cross-origin-resource-policy
cross-origin
via
1.1 6741f9acf28bc52b25f06e9986a71e26.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
x-powered-by
Express
server
nginx
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
max-age=7200
content-encoding
gzip
etag
"16d5d552603d86726ae439fc61299d42"
x-cdn
akamai
quic-version
0x00000001
alt-svc
h3=":443"; ma=600
content-length
2114
date
Sat, 16 Nov 2024 09:29:58 GMT
akamai-grn
0.11dfda17.1731749398.c68924f
content-type
application/javascript
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
ct.html
ct.pinterest.com/ Frame 53FA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

akamai-grn
0.15dfda17.1731749398.3c6e8978
alt-svc
h3=":443"; ma=600
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Sat, 16 Nov 2024 09:29:58 GMT
pinterest-version
fe8dde823c9d8ad4331a9352a6a28b5f1fb1cf4b
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-cdn
akamai
x-envoy-upstream-service-time
0
x-pinterest-rid
1699289231385505
x-pinterest-rid-128bit
174a6c13eb17eaf5ebd2e186f9cbd44d
act
analytics.tiktok.com/api/v2/pixel/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWFhYzI4NzhlMA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.248.149 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-248-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Sat, 16 Nov 2024 09:29:58 GMT
server-timing
inner; dur=36, cdn-cache; desc=MISS, edge; dur=13, origin; dur=39
x-cache
TCP_MISS from a23-220-104-133.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5d2a058efeda81c5505a169a6e16c38e) (-)
date
Sat, 16 Nov 2024 09:29:58 GMT
x-akamai-request-id
10b68f8c
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943866d20d9b306ca9f32c468811601fcfcde6d80aebeb61faa2ccc9de46445b766fffd8b3b43fe699ddf090a33b37a05d3db9b1d94f599ea8bcb2df25f58ee3f31e61cfe0d1e1151688007ca2f4582f2c476
x-origin-response-time
39,23.220.104.133
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24111609295865160F9BD1EE8F9E9590-2C47700576CFDC7C-00
content-length
0
x-tt-logid
2024111609295865160F9BD1EE8F9E9590
server
nginx
main-v2_4b048f3d0cfb1030f90fec02949d8c38.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		524 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_4b048f3d0cfb1030f90fec02949d8c38.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
8c3f75f1c8b6cfe144642e31e2d91c8533cd096c47acde5f008e23beb4309c82

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=+yOCZA==, md5=dOp7pPsCRV6+kPHxsRgV6w==
etag
"74ea7ba4fb02455ebe90f1f1b11815eb"
age
81813
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
116037
date
Fri, 15 Nov 2024 10:46:25 GMT
last-modified
Wed, 13 Nov 2024 17:32:36 GMT
content-type
text/javascript
x-guploader-uploadid
AHmUCY2WIl5KZDzlfZz1g3C-7hzAFe0XcJLCTBh0ymG8eIXRIkXtWhHPFbBJV5z_YwXYrnnVuz2KNxxCUw
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1731519156439815
content-length
116037
server
UploadServer
cjs_min_6ef1802500d8367a80105e664862d0d7.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
56aea4e78cf1538541603e3c8f14b15dfc9bfee27cadb946f8b3017ebe8abe3b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
gzip
x-goog-hash
crc32c=6P9MLA==, md5=6BERCLAZEJG3E4hTDg5sSQ==
etag
"e8111108b0191091b71388530e0e6c49"
age
33633
ad-auction-allowed
true
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
15758
date
Sat, 16 Nov 2024 00:09:25 GMT
last-modified
Wed, 06 Nov 2024 14:57:41 GMT
content-type
text/javascript; charset=utf-8
x-guploader-uploadid
AFiumC7IWmPMEjfCvoyjbheVmF33KCPHSGM3XXvvxmsLIAiKXHOXW3gn93uA6_U7PIBhB78vxaDvdh2mAg
cache-control
public,max-age=31536000,no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730905061873049
content-length
15758
server
UploadServer
index.html
www.paypalobjects.com/muse/analytics/ Frame 501C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D191) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
br
content-length
16057
content-type
text/html
date
Sat, 16 Nov 2024 09:29:58 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"671aa070-db19"
expires
Sat, 16 Nov 2024 10:29:58 GMT
last-modified
Thu, 24 Oct 2024 19:30:56 GMT
paypal-debug-id
9aa67c2085782
server
ECAcc (nyd/D191)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-00000000000000000009aa67c2085782-84d0063185b02f45-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12681/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-dw-request-base-id
h0rQGRZmOGcBAAB_
cf-cache-status
DYNAMIC
age
0
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
vmpGtSsQBpiNhcR--qoPetGTPynE-_q10BBfqVsMEjStw2UGaT6wlA==
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
application/json
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440549 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 060fd86e774e2e890f2f6a5bb72fc360.cloudfront.net (CloudFront)
cf-ray
8e3675aebe39ef2c-PDX
x-yottaa-metrics
2521cc028a85/[308,307,-] 25D1cc028561/[-,309.440]
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-amz-cf-pop
SFO53-P2
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.98.88.136 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.88.98.34.bc.googleusercontent.com
Software
/
Resource Hash
26e394c8bd847b5e9c4649a41eb1936db4fce85fbf462beed2a9a3f131bd761a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Sat, 16 Nov 2024 09:29:58 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.44.52 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
52.44.149.34.bc.googleusercontent.com
Software
/
Resource Hash
56a91178be19c73d3cd57f522c0c8dc23246780057acf2a768f0fd7b12bf492a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Sat, 16 Nov 2024 09:29:58 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.241.17.112 Mountain View, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
112.17.241.35.bc.googleusercontent.com
Software
/
Resource Hash
aaaab2d5cf4cdfc000b09bf6acf2c67c4cbfeb1e2340e813e4c3aa7d52a57d2b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Sat, 16 Nov 2024 09:29:58 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=df/Fww==, md5=CihY9k4bsokmzU8kBOwKQw==
etag
"0a2858f64e1bb28926cd4f2404ec0a43"
age
847558
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
5475
date
Wed, 06 Nov 2024 14:04:00 GMT
last-modified
Thu, 31 Oct 2024 19:40:17 GMT
content-type
text/javascript
x-guploader-uploadid
AHmUCY2wexrqB86mJv4t6MBGYRnnR8qlc3C4KrySVySQQ-Ma8iSWgEChRvlPzEKpK1C-zYbZg0Y
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730403617040771
content-length
5475
server
UploadServer
onsite-v2_abbdf7a49be9b52b097917b7b527b262.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_abbdf7a49be9b52b097917b7b527b262.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a8b68b46f44aac34f59d2926e8db6bdae4bc3b7fe3aad60948e97f428b087531

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=YWhgXQ==, md5=E+t6bCqMhb3KnLqECwDbLA==
etag
"13eb7a6c2a8c85bdca9cba840b00db2c"
age
246684
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
5039
date
Wed, 13 Nov 2024 12:58:34 GMT
last-modified
Tue, 12 Nov 2024 20:15:17 GMT
content-type
text/javascript
x-guploader-uploadid
AHmUCY25k0WxLsZfcN1IVVpLQgBQJ8Qzsf7nZ553ghs2TM5eej9eO3fDS-n4_0RaQIRZ6dV7qXHXhFHVYw
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1731442516945772
content-length
5039
server
UploadServer
ts
t.paypal.com/ 		42 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1731749398928&g=480&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
33e8b82ff10aa
correlation-id
33e8b82ff10aa
expires
Sat, 16 Nov 2024 09:29:59 GMT
traceparent
00-000000000000000000033e8b82ff10aa-19f5c267a6fc8517-01
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
server-timing
"traceparent;desc="00-000000000000000000033e8b82ff10aa-2e9cc6bfa2e9cfd0-01"";content-encoding;desc="",x-cdn;desc="fastly"
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
image/gif
x-served-by
cache-bur-kbur8200127-BUR, cache-yul1970021-YUL
x-cache-hits
0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-timer
S1731749399.939231,VS0,VE122
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
frontend-framework.js.bundle
cdn8.eu.inside.chat//js/ 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat//js/frontend-framework.js.bundle?v=a741df0-5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ada904b348f3aec8423f2b8a1335f55aa68d2d8d636da40fb02a2ac7cd4b193
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=691200
content-encoding
br
cf-bgj
minify
etag
W/"b3dc4c62828cfc4d4eb3792ee171d025"
age
748
cf-cache-status
HIT
cf-ray
8e3675af69c1abf1-YYZ
expires
Sun, 24 Nov 2024 09:29:58 GMT
cf-polished
origSize=317309
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:58 GMT
content-type
text/javascript
vary
Accept-Encoding
server
cloudflare
heap.js
cdn.us.heap-api.com/v5/heapjs-static/5.2.3/core/ 		300 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.us.heap-api.com/v5/heapjs-static/5.2.3/core/heap.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-11.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3e2be12954d30ece9147fb4d6d37c7d1e632138807880bdcd4cff7ad9768d11b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-cf-pop
JFK50-P3
content-encoding
gzip
etag
W/"80a44fa3f9e10ab0d98fb77704bc395a"
age
776
cross-origin-resource-policy
cross-origin
via
1.1 6741f9acf28bc52b25f06e9986a71e26.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
ckM79F-7ToqTqrEbvuiVjXVf814MXc1Ku2cX-RPxYFPpXKZsj6IktA==
date
Sat, 16 Nov 2024 09:17:04 GMT
content-type
application/javascript; charset=utf-8
vary
accept-encoding
server
AmazonS3
last-modified
Mon, 11 Nov 2024 17:52:43 GMT
x-amz-server-side-encryption
AES256
jquery-3.7.1.min.js
assets.bounceexchange.com/assets/bounce/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.7.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=fsBEgw==, md5=LIctvmD0unD7hTVhE9izXg==
content-encoding
br
etag
W/"2c872dbe60f4ba70fb85356113d8b35e"
age
842843
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
87533
date
Wed, 06 Nov 2024 15:22:36 GMT
last-modified
Thu, 31 Oct 2024 19:40:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY1NbbAeE_G0yQK_QGyDBxMOwZoColMIlM4HMas1PXNx4wVnczLwHhyOR3uDCoSE-Nk_2bps5EjEkA
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
none
access-control-allow-origin
*
x-goog-generation
1730403600522086
content-length
31011
server
UploadServer
negotiate
www8.eu.inside.chat/signalr/ 		391 B
547 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/signalr/negotiate?clientProtocol=2.1&k=IN-1011171%3A16948775-d855451cc4f43b0e41867443d75484105006f4759aa3076e32f44b0581bb3516-5-5%3A73651014%3A1082574&c=4bcd567be9e29d5b42bccb35b5b4c4a0&nc=0&connectionData=%5B%7B%22name%22%3A%22insidesocialhub%22%7D%5D&_=1731749397248
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b5ba7d8e597d6c25d0181c3abbaa12988396c6044e0e0a9837b306e1deb6f7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
text/plain, */*; q=0.01
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
no-cache
content-encoding
br
cf-cache-status
DYNAMIC
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
cf-ray
8e3675b05959369c-YYZ
expires
-1
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
application/json; charset=UTF-8
server
cloudflare
ig.css
cdn8.eu.inside.chat// 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat//ig.css?dev=1&_a741df0-5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a506503adb523ec7fd71e1cd5b953922dea386950cf0ea6355d1037bd7c6d1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=691200
content-encoding
br
cf-bgj
minify
etag
W/"467ac5f0ff9ddafc490fa480f5fdb10b"
age
658
cf-cache-status
HIT
cf-ray
8e3675b02a4babf1-YYZ
expires
Sun, 24 Nov 2024 09:29:59 GMT
cf-polished
origSize=12828
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
pageview
c.contentsquare.net/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&dt=193&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6759&ww=1600&wh=1200&sw=1600&sh=1200&uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&sn=1&hd=1731749399&v=15.33.7&pid=1926&pn=1&happid=1042782804&hsid=8101989692903038&huu=8503785899550927&r=859520
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Sat, 16 Nov 2024 09:29:59 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 9D52 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
ad-auction-allowed
true
age
912194
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Tue, 05 Nov 2024 20:06:45 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Thu, 31 Oct 2024 19:39:59 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1730403599174353
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
AHmUCY2bMB8Zc7s2yuHzne0Gi9JCQxvH9EDtesGAIFhI9eT0C0f0XH74rjV_Sf-TB5oUSe7naUc
bframe
www.google.com/recaptcha/api2/ Frame 9B3D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=-ZG7BC9TxCVEbzIO2m429usb&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.115.103 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f103.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-eC0ZZv3y9jrJ1jFzMpf6hQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-eC0ZZv3y9jrJ1jFzMpf6hQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:29:59 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
add_user_properties
c.us.heap-api.com/api/capture/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/add_user_properties
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.71.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-71-129.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
allow
POST
content-length
4
content-type
text/html; charset=utf-8
date
Sat, 16 Nov 2024 09:29:59 GMT
etag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
track
c.us.heap-api.com/api/capture/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.71.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-71-129.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
allow
POST
content-length
4
content-type
text/html; charset=utf-8
date
Sat, 16 Nov 2024 09:29:59 GMT
etag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
add_user_properties
c.us.heap-api.com/api/capture/v2/ 		2 B
286 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/add_user_properties
Requested by
Host: cdn.us.heap-api.com
URL: https://cdn.us.heap-api.com/v5/heapjs-static/5.2.3/core/heap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.71.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-71-129.compute-1.amazonaws.com
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/octet-stream
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
content-length
2
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
text/plain; charset=utf-8
server
nginx
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
track
c.us.heap-api.com/api/capture/v2/ 		2 B
286 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/track
Requested by
Host: cdn.us.heap-api.com
URL: https://cdn.us.heap-api.com/v5/heapjs-static/5.2.3/core/heap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.71.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-71-129.compute-1.amazonaws.com
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/octet-stream
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
content-length
2
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
text/plain; charset=utf-8
server
nginx
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
dvar
c.contentsquare.net/ 		0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=15.33.7&pid=1926&pn=1&sn=1&uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&happid=1042782804&hsid=8101989692903038&huu=8503785899550927&dv=H4sIAAAAAAAAA0WMywrCMBBFf2XIWoTY0lJ3tdVSEFcidBXSOpTAOCNp8IH476aguLyXc85LlRtTd6Yh6S1BJRy8EBxxCmqt6ifbixugc0hn2D6u6B3ygJNafL3%2FBzoKJ%2BudDU44rh%2Bylzu0HJDnYiVEthcfoRvCzlGIOo8zfDBNaSqKsdDWEdWZTlKdFaulzhOdp0VS5Or9AXT9lg6xAAAA&ct=2&r=568770
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Sat, 16 Nov 2024 09:29:59 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
lookup
pd.cdnwidget.com/ 		74 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=undefined&bxwid=6664&bxdid=121534914468811470&visitID=1731749399338099&enableUID2=false
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-envoy-upstream-service-time
4
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
application/json
server
istio-envoy
7c3b848e8e384895cf8c5a933e
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/7c3b848e8e384895cf8c5a933e
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
019b5f9f7e5e38d4eb605125e42642be9af94a9643e5036ce84e8380457ecaa7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJiMDdlNmQ4Ny1jN2U5LTQ4ZGItOWJjZS1hNTMwMDhjNzM3MTgiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmIxNDAxMDU5LTdmOGEtNGI5Ni04MmE4LTJiNjZhOTkzYTdjNCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzE3NDkzNjUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid0hjWWtiY1VscklSbDB3MndxWVl3SEkwOjpjaGlkOmVsZi11cyIsImV4cCI6MTczMTc1MTE5NSwiaWF0IjoxNzMxNzQ5Mzk1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMDQyNDE3MjQ1NjQ1OTEwMyJ9.chAgTfWsPkDSXHKPPbMw3fA-Azj2Mz0YBjEPisTXOhKIHm71XNp8jnoPMzIcQDih-V3GfblIkNADHbqPQrJLKg
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type
application/json

Response headers

x-dw-resource-state
5b8fa04eeba13d8a6e91b712a371d203ed83a99247c852464cbeb4b8ba05ad00
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
content-encoding
gzip
x-dw-request-base-id
h0raGRdmOGcBAAB_
etag
5b8fa04eeba13d8a6e91b712a371d203ed83a99247c852464cbeb4b8ba05ad00
age
0
x-dw-version-status
obsolete
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
x-yottaa-profileid
5a0c9b7632f01c35d4210220
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
JQHPS5Nuq94Gu1ntY_RY6AWXU_mnEFoTlWcPpj1nKG73CEV2yoyoEw==
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440554 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
access-control-allow-credentials
true
allow
DELETE,GET,HEAD,OPTIONS,PATCH
cf-ray
8e3675b2bc9769d5-PDX
x-yottaa-metrics
2521cc028a86/[201,199,-] 25D1cc028561/[-,202.883]
via
1.1 6ee3eecd683392286f206a7ea6e9ac0c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
994
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/7c3b848e8e384895cf8c5a933e
x-amz-cf-pop
SFO53-P2
init1.js
api.bounceexchange.com/bounce/ 		127 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=933&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYBmIgFgE5iKKBWIzYALxCjIA4AGTAdwFMARjlTA+AfVQATKADY5ZTACc+OEABs4aDARmdOAD3wAmPUr4w+i5YqjYAhmrWoEAczFxFaqAAtgwAA44AKTEAIJBRgBiEZE8cQB0fGowSCA4ALZ8aEg48anpMXwIYgDC4VFJMAC0qRlZqEg1iqjpzg44mABuqMLAYqkgANaofFBBhABCEUZq-tMh5Ua+AcFGtGERtFGbUXE8icm1mdm5+TuRRaXlWxfJNWnHDU0tbWqrRhEl04rzG0Yf-3GABFsCAhiMxpNpjgeJ1fqEYO0+J9ppIpPDpsZ8OtKPgyGQZOx2Pg8YROPMjF9-t1JPCiKRCJRqFRiFwaCjqRiof81CAXC4+JIJAh4Yi3sjKdM+J1LGJefzBcLRUiOUYkHZFH0AI7AACe8PJkv+ODgAlafkVGF6Eo+YTFOAlVJmfIFQucEkkRTQMBGtMBdpVRrVGuAyvFqvVmrEnQccBtC3tyMIQNV-kkkVQihwwAAMiA7H7baFgIo46rJC4uVN-j0AArKbogOA4ErN0CZH7+hGBp09ADKppwSGaAksYYdqp6ABU+PpgAOhMPUKPO0XExG7EhvOJgO8FvTyFQaPQZMDgV0NTgANry13CgC6sCRF6zV+lstviucj8TL+vke1PVH24GNXxNM0RFEIUrREPgf2fUDr0-N1iikL1UB9QV4PFP8rwA7CHVwgDo1jOCnxwxCr38OwBTEPV-DI39Ok9GAbxdL9UM9BBvV9Ai+C6Fi8JDEiNEY58BmGHcwTlDUBXIwiBH8KBuCyJSrwAIgA9SABpNLsUQXBARRdR0zTtyQQYm2AUzvBATJTP8RQQEkOAUFMh0NS3dT70wfxd1sfJ-CcOxkHEGA1Bo2xOm8OwoCAA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
e3c22ad8e48cc2101b5b14fa17155caf3714d090196dce703b0ee6e291d5dabf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
content-encoding
gzip
pragma
no-cache
x-envoy-upstream-service-time
25
x-envoy-decorator-operation
legacy-api-tier1.legacy-api.svc.cluster.local:80/*
via
1.1 google
expires
0
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Sat, 16 Nov 2024 09:29:59 GMT
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
c
ids.cdnwidget.com/ 		438 B
776 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=254036059&GCS2=MTcyLjE3LjAuMiwxMC4xLjE2LjE3LGZkYmY6MWQzNzpiYmUwOjoxNzo6MTEsZmRiZjoxZDM3OmJiZTA6OjE3OjoxMQ==&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22XNnNtYyoMwLnzvM%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A4%2C%22IDStageStart%22%3A4%2C%22obsReqdata%22%3A208%2C%22obsReqview%22%3A209%2C%22obsReqpage%22%3A210%2C%22netComplete%22%3A253%2C%22IDStagePrefire%22%3A253%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-8%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%22121534914468811470%22%2C%22visitid%22%3A%221731749399338099%22%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
92c28caf716dcb8275dbd150d27e3ae97267a4aeef2c3a392ee92566c8ba96e3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
438
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
application/json
vary
Origin
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
gzip
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
age
123301
ad-auction-allowed
true
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
6053
date
Thu, 14 Nov 2024 23:14:58 GMT
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
content-type
text/css
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY0CNani6W415_3y_7n3bCimBlZbbB2m3VM20t0FK6gaNWiRTEjL0Px-RjcF27As3dmvrmBxL8HuVA
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1670951542233151
content-length
6053
server
UploadServer
visit
events.bouncex.net/track.gif/ 		42 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoANARm8oGYAQmwAyITLAAebSQA4AbAH15AFgCUbAIIAHbaQQB1BACMA0lBoN+Adkb95bdqYASAFTwiaAYTakQAawQ2AHEEAGN-Ag1qZi8ACyQCAFsgum5+ZhYs1hiAZRQAMxQkEEt6Gzt5ADJQCBgkBALkBqQcGvAoaApMABNxNG10BFgkUhw4yEhtMBpyzVm6BdoAd1XGBFICsIIwFMgQMLBGbaSlrEUveep6Og2CgFpt3YR9sMeSpPEUUjB2uugGmACKRYPsCJhJDhuPJmMw-p1AcDQSBwQBPKExOG1TpheCQZLAYogFDGfRgHCUazCajUUgENAYHqKcQ0agCK7UIo-VJs6g+GkIYDIRR0hkIJksmns1lcxCs7yssLFSCKACOkFR8v4HJyvP51DAsGMn0m4sU4LqPOlNNlVr5rNFjOZmGZPSw+wKIHFWo5tvl9ppSqQkB9Mu+cqlAeoQZVhJBVu1Ye5-v1gwwig12gTvvDVusABF4TBtgR-F6KVTWWBlsAfX6o30eqGadxqNxyioAJzcFQqeSyWS8FTWXUKmmgJtS7Xcaz8Gdd-idzuqZjULtj6i1qfzSsFjfaHq0EBIMCQEQEFCTtnayBIWCpfU9NChys08AABQaoAI8C8eOSyB1rmG7gLkRpgGEJTGIB271vq4CuAgkiQGBxgQVBMHXpocGKigYRxAgGYzNuM5ztYC5LvQ0KUvmG4FMAIYkbO86dounYbigBA+jk+qkNozbUBMUzEXMSxLKsyzrJsTx7AcRwnGcLqXGcmyPDsslvJBICfJg4YpqyKDEVhPGssA2hblhfANgJV4bkgAn6YGDE+qRLFsRuEC2dq9xWfqaCQT68gOFGpzbiZNKkM5TFkRR7FRkqSSDCAaCYEZ0qvjSKj0PIa4qC+1KbhZ7LhbSUWWcx5GsUuNEbtQ1g5Z2KiyPlplFdqJWRYx5UxVV7F7lGdWqPwsjWC145tZoHVleyrmVe5e4LYW8DIEM2DQMYiTLIgrTxIkKRVMtqAYGtQoniimBQhk2QsAd22rTAegoJABQEEgSQ4GIEiSLdK3HTAbqgGELyolmOBumA-j4toVS4qeAFINAcSGdsmCnZA4o4HCGAENA2ywNgSCotsbo4JcVTY7jP4E0TBBuvwpOaAAcuTCA43j1O6SkpMoLpPQoCzOMNGg504AAil4AsAggwvgpzCBi-e0FhJLYRQOihAEwg3yS9oOyQN8xPy842qSxQ+yQLAJNZYw9Cm+CwsWyT9yzow1QUyj+yYO6hs4IzmhVA0dKXl4KCJSgyWpQAatQmNVEktPy3CywmJaIA9DgQWqEWadQhVsUrmunZVADBwIDnrbtvwXY9n2A5DiOVRpoKXrLOXVSIKq96YEDOdwmEfjuvsKSnqH2i5z1bH9vwMMD9gKDaCAp0QOCOD62g08l0DYNVJAcTHkygzBqiihw0dhF9GAJL6Onto70QBA4E1cJAiMW-J8YVT3Tgh1AA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
2
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
image/gif
pageview
events.bouncex.net/track.gif/ 		42 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmAAbAAWACs-zMQMsIEkgyEBhw+CIBVo9EY8BY7DU-EEwlEdgkMnkEnYqh4FM0HG0un0hhRgIsIPBL1sXAyjkgmG23PMwK4YLgr3q70wpGAXOekss0v50ihMNIsMRXiMYmAll4wEwLUNdmNuA4bHNltNKEIZotRsQYGALqMqFYXBAIVkIFNIBgYCGADUqPbeFxlvb4BBnMNRks4bCEUZYMnUwBGLykPPwgCcpCLRYRLSoxaMy1gHAguaoOcRpGLOfh8NhAA4uzn214LaqgbmjPEajdJPWRxx0HBJPgdO5cEGzXmC15i6Xy13kTO58vgDAoGlhoNMMuwKQa4D65gQkZcNgYKgwqADvUtbZUADpCEYIQXDcEIxROB9IS4TB4S7C1CC4NBbwTZwjABedMGsNIgA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Sat, 16 Nov 2024 09:29:59 GMT
content-type
image/gif
dvar
c.contentsquare.net/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=15.33.7&pid=1926&pn=1&sn=1&uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&happid=1042782804&hsid=8101989692903038&huu=8503785899550927&dv=H4sIAAAAAAAAA6tWcvSL93B1DIh3LChQ8HRRslIyNDAxMrcwsjAwUaoFAAixYhsfAAAA&ct=2&r=111073
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Sat, 16 Nov 2024 09:29:59 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
0860ab24f45bc22b8f13cc8d6647caaa.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		84 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/0860ab24f45bc22b8f13cc8d6647caaa.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cef923d56729944b2ae70b4e78b864efbb81a1db323d25882483aa8d935f9528

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=MTqQwQ==, md5=CGCrJPRbwiuPE8yNZkfKqg==
etag
"0860ab24f45bc22b8f13cc8d6647caaa"
age
44983
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
86329
date
Fri, 15 Nov 2024 21:00:16 GMT
last-modified
Fri, 01 Nov 2024 19:19:11 GMT
content-type
image/jpeg
x-guploader-uploadid
AFiumC5w03FSbohx21X3OgHIZPi3loPmj0M1ueIRJeMtqDolsYPNDRm-WTkdyy6gPHb8Z4BxI2g
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730488751388465
content-length
86329
server
UploadServer
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
etag
"59a941c096f98029341d8c56b7b89113"
age
6303
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
18352
date
Sat, 16 Nov 2024 07:44:56 GMT
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
content-type
image/png
x-guploader-uploadid
AFiumC7ZVQ0qS1N6AOSc1JPVoRpgQgyyDwEvRFiP9VGaYKjAB96UzwLeKUZpa6QpBy_1cHq1qoQnePgS-A
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1598371060392963
content-length
18352
server
UploadServer
16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
etag
"16f45df19355361dc1c101036c0035b0"
age
1329829
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
2419
date
Fri, 01 Nov 2024 00:06:10 GMT
last-modified
Thu, 01 Apr 2021 03:01:32 GMT
content-type
image/png
x-guploader-uploadid
AHmUCY20lB4Q4xpxhJrI4DbVwy39krIAlDdt81Efg76XS_oY8b35kc-rX3-TYJhZxDL7Cj6YMJ8
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1617246092060079
content-length
2419
server
UploadServer
register-conversion
www.google-analytics.com/privacy-sandbox/
Redirect Chain
  • https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4bc0v879088318z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067554~102067808~102077855&c...
  • https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=161341692.1731749397&dbk=13523955579288907963&dma=0&en=view_item_list&gcs=G111&gtm=45je4bc0v879088318z8896608294za200zb...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=161341692.1731749397&dbk=13523955579288907963&dma=0&en=view_item_list&gcs=G111&gtm=45je4bc0v879088318z8896608294za200zb896608294&npa=1&tid=G-ZLYXLXNDL8&dl=https%3A%2F%2Fwww.elfcosmetics.com%3F
Protocol
H2
Server
2607:f8b0:4004:c1d::65 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
attribution-reporting-info
preferred-platform=os
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgnc:90:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgnc:90:0
attribution-reporting-register-os-trigger
"https://www.google-analytics.com/privacy-sandbox/register-os-conversion?_c=1&cid=161341692.1731749397&dbk=13523955579288907963&dma=0&en=view_item_list&gcs=G111&gtm=45je4bc0v879088318z8896608294za200zb896608294&npa=1&tid=G-ZLYXLXNDL8&dl=https%3A%2F%2Fwww.elfcosmetics.com%3F"
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
attribution-reporting-register-trigger
{"aggregatable_trigger_data":[{"key_piece":"0x4864eec49ece67f4","source_keys":["1"]},{"key_piece":"0xe6696d1ab431267a","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"13523955579288907963","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"}],"filters":{"2":["698270988","1038054595"],"5":["11-16","11-15","11-14"]}}
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
text/plain
server
Golfe2

Redirect headers

cache-control
no-cache, no-store, must-revalidate
location
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=161341692.1731749397&dbk=13523955579288907963&dma=0&en=view_item_list&gcs=G111&gtm=45je4bc0v879088318z8896608294za200zb896608294&npa=1&tid=G-ZLYXLXNDL8&dl=https%3A%2F%2Fwww.elfcosmetics.com%3F
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
503
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
text/html; charset=UTF-8
server
Golfe2
event
www.elfcosmetics.com/api/en-ca/v2.0/ 		105 B
632 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-ca/v2.0/event?locale=en-CA
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
65b40adf03fa7120c5c34468d4e4da1f71e44d1a8f535f9da326c358bddee59c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-9bcmo9keXHoczKvgoH2qxvz6hKs"
age
0
x-content-type-options
nosniff
x-amzn-requestid
10340917-9a5b-440e-a797-10de93759d91
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440563 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
BVTj2GsXPHcEaLQ=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:30:00 GMT
x-yottaa-metrics
2521cc028a8c/[180,179,-] 25D1cc028561/[-,181.972]
access-control-allow-origin
*
content-length
111
x-powered-by
Express
new-9FAEE5
cdn.media.amplience.net/i/elfcosmetics/ 		722 B
898 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/new-9FAEE5?%24Desktop%24=&fmt=auto&w=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8df9e9875419d2c0d1bc8af23e63949a7e20b1ff5cd2f57c7958fc65a7be8b56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
age
68118
x-amp-source-width
112
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:30:00 GMT
edge-control
max-age=86400
content-type
image/avif
last-modified
Fri, 15 Nov 2024 08:13:51 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
dPc9cBMhE,l4p5bDg2e,mF-g78ke7,tJjh4FgGa,WepA0szpz
cache-control
s-maxage=86400, max-age=1800
x-req-id
PIZAg9APrz
x-amp-source-height
96
x-amp-cf-worker
true
cf-ray
8e3675b79d43a284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
722
x-amp-published
Thu, 30 May 2024 19:09:02 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
staffPicks-white
cdn.media.amplience.net/i/elfcosmetics/ 		656 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/staffPicks-white?%24Desktop%24=&fmt=auto&w=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b02a020f88f0cd42fad80078f958d9a87a2f83cee756d5fb426a40bc9823da92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
HIT
age
48076
x-amp-source-width
112
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:30:00 GMT
edge-control
max-age=86400
content-type
image/avif
last-modified
Fri, 15 Nov 2024 05:41:08 GMT
vary
Accept-Encoding
x-frame-options
DENY
edge-cache-tag
SHhVQahuW,l4p5bDg2e,mF-g78ke7,4MizThq0Q,WepA0szpz
cache-control
s-maxage=86400, max-age=1800
x-req-id
54CNNf5rWk
x-amp-source-height
96
x-amp-cf-worker
true
cf-ray
8e3675b79d45a284-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
656
x-amp-published
Thu, 09 Nov 2023 14:42:35 GMT
x-amp-srv
CF
x-xss-protection
1; mode=block
server
cloudflare
84609_OPENA_v5_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw74a44e4a/2024/CamoLiquidBronzerContour/First5shades/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw74a44e4a/2024/CamoLiquidBronzerContour/First5shades/84609_OPENA_v5_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
c2e9dc315ccf9b656532bb301cb0b15a5f4a202e7cdb2985ed7d7a86f8d6a6c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-cache-status
HIT
age
669854
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Hit from cloudfront
x-amz-cf-id
nq2Sb3p0wrbFPiiwoFHqGov7V9kt2cxTq9ay2X6UzDTUn9A6kEg5bQ==
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Wed, 19 Nov 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028561-1730834774-9712808127 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 a37083be4ca45b3389e3c4a636fcffac.cloudfront.net (CloudFront)
cf-ray
8df69140b86196a2-SJC
x-yottaa-metrics
2521cc02858f/[2,-,1731079439550] 25D1cc028561/[hit]
access-control-allow-origin
*
content-length
3227
x-amz-cf-pop
DFW57-P9
x-amz-server-side-encryption
AES256
84641_OPENA_v4_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw81e17a61/2024/CamoLiquidBLUSHExt/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw81e17a61/2024/CamoLiquidBLUSHExt/84641_OPENA_v4_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f89ecfe895e92414e7dc009d8c1eb6c3a642307fa86f9c8ff2f498368ae73df6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
668999
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Hit from cloudfront
x-amz-cf-id
vNcAD2Z_xgPNkdDw6YE9oIIhX-aUMuLVL30pdTufyHTyfGZxEQeSyA==
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Tue, 18 Nov 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028561-1730834774-9712814919 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 c601f966b37ebf3a1ddf28f033b35904.cloudfront.net (CloudFront)
cf-ray
8df6911ac83c232b-SJC
x-yottaa-metrics
2521cc02850e/[2,-,1731079433426] 25D1cc028561/[hit]
access-control-allow-origin
*
content-length
3216
x-amz-cf-pop
SFO53-C1
x-amz-server-side-encryption
AES256
81958_OpenA_0500_V3_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwb0f24271/2023/SqueezeMeLipBalm/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwb0f24271/2023/SqueezeMeLipBalm/81958_OpenA_0500_V3_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
c6e95c4f1ac50221827cfd2badd2254ad7bc79c39ff9e443e9a17606209c1aa9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
669599
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Miss from cloudfront
x-amz-cf-id
1-wQYKv-_JbAsSMJTg9O0dQgvzg-LyzVmtnrD9CVPa07tlP-d_k_Dw==
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Sun, 20 Apr 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028561-1730834774-9712809978 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 e1b8dc4ff57dffc175f8ccd45b3c0a7e.cloudfront.net (CloudFront)
cf-ray
8df69383fcf267b3-SJC
x-yottaa-metrics
2521cc028a7f/[3,-,1731079532240] 25D1cc028561/[hit]
access-control-allow-origin
*
content-length
3109
x-amz-cf-pop
DFW57-P9
x-amz-server-side-encryption
AES256
22092_OpenB_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwaefd226e/2023/CreamGlideLipLiner/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwaefd226e/2023/CreamGlideLipLiner/22092_OpenB_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3737cc343524433d59bc1654afbddd4ef5036667f946f9b432e1b9e472d5a28

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
668941
x-cache
Miss from cloudfront
x-amz-cf-id
IZclbUH3v8gOFvElS9k3gb4w98axvOe-6g36tFbWEiEF3z64ICPw9g==
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Mon, 09 Dec 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028561-1730834774-9712815511 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 d2fb2c2e894a4859713eb3b4c93f9826.cloudfront.net (CloudFront)
cf-ray
8df6919b78562289-SJC
x-yottaa-metrics
2521cc028a89/[2,-,1731079454011] 25D1cc028561/[hit]
access-control-allow-origin
*
content-length
2171
x-amz-cf-pop
DFW57-P9
x-amz-server-side-encryption
AES256
21172_OpenA_V4_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw1d610a48/2024/LipLacquer/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw1d610a48/2024/LipLacquer/21172_OpenA_V4_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f4e9bc12337e6a1bf38d5cdfbafb303695e79c234f151bca5af2233a53522bed

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
669839
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Miss from cloudfront
x-amz-cf-id
lYzK6kde5SRuR3mryU0FrDeoxlb16eVHmBJnrnHydfNwjzM0bLQavg==
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Sun, 20 Apr 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028561-1730834774-9712808207 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 9a040afcec80c777d2ceb3eb2146d14a.cloudfront.net (CloudFront)
cf-ray
8df692c9ad2c69a2-SJC
x-yottaa-metrics
2521cc028592/[2,-,1731079502369] 25D1cc028561/[hit]
access-control-allow-origin
*
content-length
3406
x-amz-cf-pop
DFW57-P9
x-amz-server-side-encryption
AES256
57586_CLOSED_v5_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw96ed8bcf/2024/ThirstBurstDrops/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw96ed8bcf/2024/ThirstBurstDrops/57586_CLOSED_v5_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
a081e6f3dcf031f6f4b433dddf1fa6d72bff9dbd3eb26e0f93563fc5e574add1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
630408
x-amzn-requestid
a570a476-0a9d-4f8a-a50c-e377a3154aa2
x-cache
Miss from cloudfront
x-amz-cf-id
PW8rGEe5GuI96MY_fch9kcdc9u5OPlrk9uS2-xJPH2JmFiGT8Elb-A==
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/jpeg
x-yottaa-optimizations
ob/101 si/25D1cc028561-1730834774-9713237855 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
x-amz-apigw-id
A71RAGRYIAMERAQ=
x-amzn-trace-id
Root=1-672e359f-45299ecb361cfa9e7787a8ff;Parent=083b63a0e002a40f;Sampled=0;Lineage=1:36621fcf:0
via
1.1 b97c3f1bc7d93d237abfb0799bf3d77c.cloudfront.net (CloudFront)
cf-ray
8df9db5affe61598-SJC
x-yottaa-metrics
2521cc02850f/[3,-,1731113932018] 25D1cc028561/[hit]
access-control-allow-origin
*
content-length
2626
x-amz-cf-pop
DFW57-P9
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=15.33.7&pid=1926&pn=1&sn=1&uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&happid=1042782804&hsid=8101989692903038&huu=8503785899550927
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.81.190.108 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-190-108.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
*
content-length
2
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
application/json
shoppercontext
www.elfcosmetics.com/api/v1/ 		155 B
921 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us&method=PATCH
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.97 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJiMDdlNmQ4Ny1jN2U5LTQ4ZGItOWJjZS1hNTMwMDhjNzM3MTgiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmIxNDAxMDU5LTdmOGEtNGI5Ni04MmE4LTJiNjZhOTkzYTdjNCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzE3NDkzNjUsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid0hjWWtiY1VscklSbDB3MndxWVl3SEkwOjpjaGlkOmVsZi11cyIsImV4cCI6MTczMTc1MTE5NSwiaWF0IjoxNzMxNzQ5Mzk1LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMDQyNDE3MjQ1NjQ1OTEwMyJ9.chAgTfWsPkDSXHKPPbMw3fA-Azj2Mz0YBjEPisTXOhKIHm71XNp8jnoPMzIcQDih-V3GfblIkNADHbqPQrJLKg
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
155
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"9b-kxf9yVg30tXuCGFtxK1Gzr92WYg"
age
0
x-amzn-requestid
db8b3afa-793a-4c75-aadd-fc504379d386
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
GwukzA5WfRoFRjWFuTll1qwjcHVWoKx_3HpQ8OMwGuMpcs7O_5E7Qw==
date
Sat, 16 Nov 2024 09:30:01 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/25D1cc028561-1730834774-9719440570 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
BVTj5EilCYcEq6w=
x-amzn-remapped-date
Sat, 16 Nov 2024 09:30:01 GMT
x-amzn-trace-id
Root=1-67386618-77a30a3d58354efa1bda4b22;Parent=4538b53b454f5472;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 ae8253630612e3347863de4af7a55446.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028a8d/[728,726,-] 25D1cc028561/[-,729.122]
access-control-allow-origin
*
content-length
131
x-amz-cf-pop
SFO53-P2
graph
idr.cdnwidget.com/ 		0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2ovUAYRdQBzHGoNWc6GHmwjWcHQ&deviceID=2osvEIfokOxUuWxmSQGwbMewlaO&bxdid=121534914468811470&bxvid=1731749399640249&bxwid=6664&gm=true&apikey=2^HIykD&loadID=XNnNtYyoMwLnzvM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-envoy-upstream-service-time
0
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 16 Nov 2024 09:30:00 GMT
server
istio-envoy
eligible
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=E4UwNg9ghgJgwlAtgBygSwOYDsDOA1AJgF4AGAMhgwC40cBlAVwCMcBjYNJkYIgMyjA4QFarQAKoAG5oIDHHDkAXCIm58BQkVVZRWACxAAVOkQCMAdgDMFgCwBOS3bsBWUwDYyDAI5myQjKpYigD6aDA4RGQ6KOjYYUQE5m4EdjYAHH6ywKwgREyyWDkAHmRQGCBBRABWOGSIEDC55ADuICxoiiDxbj02ZNI4HfEW1ub2jnZuNiQE9hQg0jnDBKbOlvamNjZuaWmmm+bkqOXSIM3DfiBeDBVLMAlRYGgViopoqjiKSMhmVrapJBI5gI5FYTxeUGQaEk3EGECwRC+GEs80WuRgZEUejQwBgwVQwEUAE9gp8IMAyiBgjBaFAmGAQPd+IJhIoAF4QIjpcg4CC8ELxAgQHCSACiAEleBAANYAeSKAFUGAB1IqIOgARQA4s0mABZM5gKCysh6KC40L3IWSBUAQQAmgAlGAagBCbIAElqIAA5ZWsNxaj2IZpVf0ejVAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/gif
pop
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMn1wBsRIATAYUm2EngHM0BnANQCYMAGQp3CHDQQAVzSx8ATxGVcGagEF+g8CSbx0GAIrUVQkRPhpcE2fIByy0QEcMARkLQ6DZmniUMnAOwA2TgCcACwAHISsYvjQ8gBGYmjRAB6EkAISGABWrITYIHK8hADuuDGs8LC4Hhi+NUGEiPBlCJ723gDMrUEBbQEBvkE8nF2Ecg3RVfac9gCsbV32QUG+ISH2C958DAINuIUT4bg2oqbjnm1OpPCmsDi4rLAuDu2dwTw83kMXVxKQwEgEZS0DyY51G8GiGEohFgAAt4PhKAB9Bj4WBSRH3ED4VK4RGURqQGKkXCeABmkFIrFw0IAXiAMKE+BFSbBEVVOCBWIgAKIASVJIAA1gB5RIAVVEAHVEtgAMraADihRiAFldqRIMLCDDIAi2Z4OYgxYoAJoAJUo2gAQjSABIKkAWSXQXwK23YQoZZ227RAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/gif
eligible
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=E4UwNg9ghgJgwlAtgBygSwOYDsDOA1AJgF4AGAMhgwC40cBlAVwCMcBjYNJkYIgMyjA4QFarQAKoAG5oIDHHDkAXCIm58BQkVVZRWACxAAVOkQCMAdgDMFgCwBOS3bsBWUwDYyDAI5myQjKpYigD6aDA4RGQ6KOjYYUQE5m42lgAc5n6ywKwgREyyWDkAHmRQGCBBRABWOGSIEDC55ADuICxoiiDxbj02ZNI4HfEW1ub2jnbJJAT2FCDSOcMEps6W9qY2Nm6pqaYb5uSo5dIgzcN+IF4MFYswRH2sYGgViopoqjiKSMhmVrZ2NhIJDGliiTxeUGQaEk3EGECwRC+GFBjQWuRgZEUejQwBgwVQwEUAE9gp8IMAyiBgjBaFAmGAQHd+IJhIoAF4Qe6pcg4CC8ELxAgQHCSACiAEleBAANYAeSKAFUGAB1IqIOgARQA4s0mABZU5gKCysh6KC40J3IWSBUAQQAmgAlGAagBCbIAElqIAA5ZWsNxaj2IZpVf0ejVAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
image/gif
start
www8.eu.inside.chat/signalr/ 		25 B
245 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/signalr/start?transport=webSockets&clientProtocol=2.1&k=IN-1011171%3A16948775-d855451cc4f43b0e41867443d75484105006f4759aa3076e32f44b0581bb3516-5-5%3A73651014%3A1082574&c=4bcd567be9e29d5b42bccb35b5b4c4a0&nc=0&connectionToken=X247FeNB6j2Xr%2BhZ%2B0LZqlDRTC%2FVFNo1JQTkrucjNmLKGiMncunfs0MFVi0FN0I751ZAsXUts%2Fz6hEACWUFLR%2B1Ev9tl4yZ0yLyEnKLFPvXjYgRqi7O8rU9g%2FPr%2BSoDX&connectionData=%5B%7B%22name%22%3A%22insidesocialhub%22%7D%5D&_=1731749397249
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
text/plain, */*; q=0.01
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
no-cache
content-encoding
br
cf-cache-status
DYNAMIC
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
cf-ray
8e3675bacd34369c-YYZ
expires
-1
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:30:00 GMT
content-type
application/json; charset=UTF-8
server
cloudflare
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-22.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
cache-control
max-age=1800
content-encoding
gzip
etag
W/"73ca6f23f3e08738233832c7a7a0c30c"
age
761
via
1.1 6741f9acf28bc52b25f06e9986a71e26.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
As9aJ9cER8lh1QpQaQU5OWBW4FTc5kjv5HCKfoc0-oabX6L4xkSCLg==
date
Sat, 16 Nov 2024 09:17:21 GMT
content-type
application/javascript
last-modified
Tue, 23 Apr 2024 14:51:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
x-amz-server-side-encryption
AES256
rcomEvent
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/rcomEvent?cnst=1&_=445078&uid=-3247095080494275053&sec=8772046&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expSes=1338&p=1&cl=dk.l.c.ws.fst.&ses=de575dcbdc06115b926c7a36feb6185b&data=%7B%22ctx%22%3A%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D%2C%22widgets%22%3A%7B%22199244%22%3A%7B%22fId%22%3A16887%2C%22fallbackData%22%3Afalse%2C%22expData%22%3A%7B%22expId%22%3Anull%2C%22varId%22%3Anull%7D%2C%22events%22%3A%5B%7B%22type%22%3A%22PIMP%22%2C%22pId%22%3A%5B%22300241%22%2C%22300234%22%2C%22300222%22%2C%22300230%22%2C%22400030%22%2C%2257586%22%5D%2C%22strId%22%3A9%2C%22md%22%3A%7B%7D%7D%2C%7B%22type%22%3A%22WIMP%22%2C%22strId%22%3A9%7D%5D%7D%7D%7D&reqts=1731749400881&rri=3490522
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 b3dcbb5db65271a2024ef727d001a4e2.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
o4fcCZpsRjHTFFG_7fiXrjRhyQ2x2-Exm78r1PgwioCVpeeZn2rGTA==
date
Sat, 16 Nov 2024 09:30:00 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=76121f44-33c6-4fcf-88c1-1ec12c634d5f
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDc2MTIxZjQ0LTMzYzYtNGZjZi04OGMxLTFlYzEyYzYzNGQ1ZhAAGg0ImczhuQYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=6efa484ffb56b71f7882dfddd189d917ea89cb0c02a77d65d071a20fda4ad1d36ac34734d8e453ee
37 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=6efa484ffb56b71f7882dfddd189d917ea89cb0c02a77d65d071a20fda4ad1d36ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
date
Sat, 16 Nov 2024 09:30:01 GMT
x-samesite
secure
content-type
image/gif

Redirect headers

cache-control
no-cache, no-store
timing-allow-origin
*
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=6efa484ffb56b71f7882dfddd189d917ea89cb0c02a77d65d071a20fda4ad1d36ac34734d8e453ee
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
0
date
Sat, 16 Nov 2024 09:30:01 GMT
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-22.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
cache-control
max-age=1800
content-encoding
gzip
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
age
765
via
1.1 6741f9acf28bc52b25f06e9986a71e26.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
ZsYYj2AfmXnKPGDswelPL2fW_5ODNQuZFf0G5jyNhwh2DofAMYuUKw==
date
Sat, 16 Nov 2024 09:17:17 GMT
content-type
application/javascript
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
x-amz-server-side-encryption
AES256
id_sync
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2osvEIfokOxUuWxmSQGwbMewlaO&source=web&agent=cjs&deviceid=121534914468811470&visitid=1731749399640249&websiteid=6664&pageviewid=1&sequenceid=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Sat, 16 Nov 2024 09:30:01 GMT
content-type
image/gif
xhj10zgcrw87asng.js
imgs.signifyd.com/ 		98 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/xhj10zgcrw87asng.js?46vktmnggothiis2=w2txo5aa&pnntji85nc33rnno=L2VuX0NBLzdjM2I4NDhlOGUzODQ4OTVjZjhjNWE5MzNl
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
1076a7353719312e23f98815f8c7d2a7433d16f35a9743afc47a57247ce01a5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

X-Robots-Tag
noindex, nofollow
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
P3P
CP=IVAa PSAa
Keep-Alive
timeout=2, max=100
Date
Sat, 16 Nov 2024 09:30:01 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Server
Apache
F-75pNM3KDwLbfDi
imgs.signifyd.com/ Frame F553 		319 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/xhj10zgcrw87asng.js?46vktmnggothiis2=w2txo5aa&pnntji85nc33rnno=L2VuX0NBLzdjM2I4NDhlOGUzODQ4OTVjZjhjNWE5MzNl
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
316f15cbd03631b8f493d493f15260b560c62ab8a919efe8f4b906775b712a9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

X-Robots-Tag
noindex, nofollow
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Date
Sat, 16 Nov 2024 09:30:01 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
tmx-nonce
06f00df92caef9dc
X-XSS-Protection
1; mode=block
Server
Apache
h6DaAG3GWEydxNwc
imgs.signifyd.com/ Frame F553 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/h6DaAG3GWEydxNwc?4612da9fdf35a11e=LGdDhoicvPfRL0xRe8iRwH_WCFuKZyMPraSz-NTxVINH46PeiJ_EenAkzBFDU88D2Ugw5WAiOKqqZjeDziAGOKIlapsAkmg9khm-0Md-U8fv7JbmI782Ya9xv4tHLtJP5Zhtm_vbkW16P6PhSZSAft_p3Bsu-VbizuDhZ630kYGz0agzbg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Sat, 16 Nov 2024 09:30:02 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
RMNz_4NmsKtI4g_A
imgs.signifyd.com/ Frame F553 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/RMNz_4NmsKtI4g_A?c263ccec40a94860=7PPJn618B7QMqJvPo8DDLUOtr4CyIUt6fmzBTvLv-niigWhlrs7_k1hiwHe2bvCaig2J0O5gCFVM0WJEayMs4-QqoiFFYadBTdA7f22e5OO0ED81bzGz7QQY8sllwgKx8fbrEyePJb0t3iIhRbd3zU2BHezIR-SU0pAv-zLGMhJX003_zw
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Sat, 16 Nov 2024 09:30:02 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
clear.png
imgs.signifyd.com/fp/ Frame F553 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*/*, w2txo5aa/06f00df92caef9dcl2vux0nblzdjm2i4ndhloguzodq4otvjzjhjnwe5mznl
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
private, must-revalidate, max-age=0
Etag
08ca23d52fd747de95ffdadc3b3ba7d2
Connection
Keep-Alive
Expires
Thu, 15 Nov 2029 09:30:02 GMT
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Sat, 16 Nov 2024 09:30:02 GMT
Last-Modified
Sat, 16 Nov 2024 09:30:02 GMT
Content-Type
image/png
Server
Apache
uT-vJDEOfI8eEjqF
imgs.signifyd.com/ Frame CA85 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/uT-vJDEOfI8eEjqF?64fec855c165b24d=2aIVQ8KngD88GyigVIQ46Pv8Db792mrFTC9G6F4Pn0Tp6OtHHQ5S9B_Bds9ypi8oEJxj5dEBoK21IKrjs_U4D_g3rwnTG0pqgIKHAKcFh6cMur9ga_QLmhcbjD8rLb-VI2OtF12ZsT2tFey4ZW7XShCoZAGKP9NWKCkQcduvxh8Vi9X_9mESdsgTV4B0P3HKknoeGSRfg0rm28JZhKmBMqY5eQHGQA
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 16 Nov 2024 09:30:02 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
ohKNwdB6G-b4eKJB
imgs.signifyd.com/ Frame F553 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ohKNwdB6G-b4eKJB?3205a1f01e4756f1=FE8JATfpGJoOvp-_j1pngO2RlC1gn6S2mWhjmVthrUvGFgWa_GK173zSExDElbLL3wycddsktoUmOYzZLscIHBiAJvjI5m1Fz4q-AI-T-NxgBHVMpJhCfXyDN617SFvkiCEIgpU0UoY9DLT5AEIYbaUzwlF5AMN8S9nipw&jb=3b34246c7b613733393a376e3d6039373b343c3c6837396b3b3033383932343a3b3c6d32683239
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=98
Date
Sat, 16 Nov 2024 09:30:02 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
rqHJEMC27MMt6Jrl
imgs.signifyd.com/ Frame F553 		134 B
656 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/rqHJEMC27MMt6Jrl?3a420db21f77f694=PFsLmm4Za1KgCw9q_fUpFUcdhITGLvMAMwgL38XrR4tAxkWwITUAHeli8xnzCGOR0u1OVEb2xiwW9yqiv6moRTB8ALCW0TH16bd8zxJpxVFym_nS_SnuXU0uAUWs2oEO9BVoTGtiiKMGGYDebMjnxOdKDv1j1pzO
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
f240d168f09529050ef0c7c0d9671b2abc64cee20ad664d92017a26aea2e7924
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Content-Encoding
gzip
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Date
Sat, 16 Nov 2024 09:30:02 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Server
Apache
Tz-Gig4fixbvoNjP
h.online-metrix.net/ Frame 0E13 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/Tz-Gig4fixbvoNjP?69e69da43159251c=rcaJks5iYpGjmjXxSlndHUMbYBcKzXKQhuzsaekzXMop07KWC2QyMBECDyLuTDw1FIZToDirEX9UqrSBI4kzZuaqJ-O21VgiNbr2HUu9N0WpGMhhkAmMCg1xEo5HM7Q8BeBNbJnkzDaFl796qlvYmQ30I8ZDJZ0Yqwoy3ULqjoSczNzjDbl0u8TaLO6iidScDscRGZvOhJ8bD8Osloh7ZR-BFLKyaTE
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 16 Nov 2024 09:30:02 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
OQFqaEDY_BS7MEiF
imgs.signifyd.com/ Frame EDA6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/OQFqaEDY_BS7MEiF?c617011391099601=fdozmWPi4AWMmXFRIGeWSmAKtO6csV445TWex7umsDF6X0VlFXuB06dHG6qeAoTdAjGmxW1W0xmg8dV3MS-0J4MATF7CkXJUnNXUAcrZeosxWwrNZ70xAAsmVIHCMtMLujvhrjTn-P3qScrO2KVSdUctvn7wYX4mEMuK7xRyPgQ1tIqJ8agZ6Z0BiP9rnowQ2QewxJ9k2BF7EAsYVpb9ZcwlUCXaQ2k
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Sat, 16 Nov 2024 09:30:02 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
JViFpi0fxcwOsD34
h64.online-metrix.net/ Frame F553 		0
399 B 		Script
General
Check archive.org
Download Go to
Full URL
https://h64.online-metrix.net/JViFpi0fxcwOsD34?29d4bb438dc0c881=Q4BKtFXjWnleCBgseBhQD5CUeUJn8-ZB70gp5ASbvMGTjMiq-WXFvb1vYOeSIcApbVZwikJRRqAkguiQOhyVTcn2KfwUA8zeNCLcTY6VOEVb-jbK7tCBIrE86d2PZSxr49XJRV7Pg-QTbZQV1bO8LLq1q2QFceoaUlFktdjBVRs
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=100
Date
Sat, 16 Nov 2024 09:30:02 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
ohKNwdB6G-b4eKJB
imgs.signifyd.com/ Frame F553 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ohKNwdB6G-b4eKJB?3205a1f01e4756f1=FE8JATfpGJoOvp-_j1pngO2RlC1gn6S2mWhjmVthrUvGFgWa_GK173zSExDElbLL3wycddsktoUmOYzZLscIHBiAJvjI5m1Fz4q-AI-T-NxgBHVMpJhCfXyDN617SFvkiCEIgpU0UoY9DLT5AEIYbaUzwlF5AMN8S9nipw&ja=3a3231342e26693f253e383a2e7835363a266e353b34303a723132303a26636c373b3e3a3a7a3132383a2c7b707b3f313a3072333a3a266e7870353126313e383a2e31383a302c313c3032263b38383a2633363038263b3a38322e313e303a2e3938383f24333a3026313a382c6f7437383766353b64313b3e336d3c6864323031683c3e6a6631383f623a636e39633e2e6f663d38267b6b6e3f323e2c6c683d6274767a792f3b4b2f3046253a4c7d7f7f2c676c6e636571656f74636b712663656d2d3a4c676e55494125324c656e6c27696779676774696b27697a616f6b6e696c792478663d3f2e72603d6f38383a6e64613f3f3531393966366f686f3033333165623c6b33313a3b32642e68623f3c39323e6b353d633f36383b6e363168326430313d6435383232393c3a6334312e607967354e6b6e7d782c687b683d496070676d6f253a383b31302c60736f75374c6b647f722e607960753d4b6278676567246e606337333e2c6e6e653f3026646d7c783732267e70643d4167657063696b2d384c54616e6b657f7e6d70246d69746270353e303a3b66396338626d6b3a30653c696335363a303a386b6e393f3f3630316e6e3e3d303a333439643c67696b323e6c6131346b666a6c3d30333b393139366b26667837627c7e7a712533492f384e2d3044777f772467646c63657b6f6d7463637b26696d6d2f3846656e5543432f384c6d666c2f636f7b676f7c61612f637a69676b666b6c792e72357066756f61645d66666b7368253f45646b66796d2b7a6e75676164557f616c666f7f73556f6d6e696b5772646173657a2d3f47666b667365217a6c776d6364576b6e6d6265576b697a676063742d354f646966736f297264756d6966577b7769696174696d6f25374f6c6b64796f23706c7d6d636657716a6f6b6b7d637e6f253f4d64696c7965297866776763645f72656b6c72666b736d782f3745666966796d29726e756f69645d7e666355786e69796f722d3d4f646166796521706675656364556c6f7c636c767a2f3f4d6e636e736d217a6e7d6d696457717e675576616d7d67722f3f4566616673672b7a667d6d636c5f6a697c6b2d3d47646164736f246f665f6935756d626d6c5f6d68454c2f3830312e3a25303a2245786f64454c253a3a4f5b2d30323226302f3038496878676f617567295f6d68454c2f3830474c594c27383a4f5b2f3832312e382f3838204d7265664746273a3a45592d3038474653442d383245592f323031243027383a496078656f697565235d6d6a496b745f656849617e253838556d624d4c49464d4e4555636e73746b6e616f6e556978786379732d39482d3a3247585c5f686e6d646455656b666d6b782d3b4827323a4f58545f696c6b7a556967647e706f6c2d39482d3a3247585c5f696d646572556a776e666f7257606b6e66556c6c6f617e2531482f38384f52565f646d7a7e6057616e6165702f314a2f323a4d5a5c5f6c6c67697e5d62666f6e6425394227383a4f505e556472616f556e6d78766a253b422f30384f585e5772676c73676766556d666c7965745f696c63677a2f3b482f303045505e557b606366657a5f7e67707e75786d5d646f6e253b4a2f30304f52545f746f78767f786f5769656f70726d797961676c5d62787469273b4825383847505455746d707e77726f55636f6d7a72677979636764557067746b2f394a2d303245505455766d72747f7a675766636c7c6d785d616463736f74786f7263692f3b482f303045505e557c6d7a76757a65556f617872657a5d6b6c6b6d78577e6d5f6f6e676525394227383a4f505e557152474a2f394a2d30324f4d535567646f6d6f6676576964646d70557769647e2533422f3232454f59576c686d5f726d646e6d7a5d6f69786d6b722d39422f3a324745595f7b7c6b6c646b78645f646f726b7c6b7e617c6f7125334a2f38384747515f7c6572767d7865556e6e67617e253b4a2f3030454f535f746f78767f786f576c666d6174576663666d6370253b422f303845455957766d787e757a6d556a61666c5f666c6561762f39482d383a4d4553577e6f707c77706557686b6e6e55666667637c5f6669666d6b70253948253230454551557c6f7a7e6f7a5f617a786b71576d606a6d637e273b48253838554d424d4c576b656e6f78556275666c6570556c66676b7e2733422d383a5f4d40454c5763656f787865797b676c5f7e65707c7f7065556b7374632f33402f383a5f4f48454c5f6b6567787a6771736d6455766d72747f7a6757657e632d3b4827323a5d454247465f6165677a7a6f79716564577e6f707c77706557657e61392f33482d3038574f424f4455616f677a726573796566557e6f707e7f70655f7b397e6b2d3140253a305d474a4d4c556b6d657078657b7b6f665f7e6f78747578655d79397e6b55797067622d39482d3a3255454a47465d6c6f627f6f5d7a6564646d7a6f705f6364666f25394227383a5d4d484d4e5f646d687f6f57716a616c6578712d39422f3a325f45484744576e67707e625f7465727477786f2f3b482f3030574d484d44576670617f5f68776e6c65787b273b422f32385f4f404746556c6f736f5f6165647e6d727e2733422d383a5f4d40454c576d7f6e7c635f6e7a637f2539422d3a3a5545484d4c5f70656c7b6d65645767656665313e2c6d64576a3f383e663961303e61323f336a343265696c323636336b6434613d6237693c3a3068326364353d3b3c2e7f656e76354964766d662538384b666324267f6f66703d436474656c2f32324378637b2f38324f706d644d442d3032456667636c6d2c63696c3f39&jb=393136266471374f6770696664632d324c3526382f30302252313125394227383a4661647f7a25323872323e573436292d323a43787a6c6f5f676a4b63742d3a4c37333d2433362538302a41425e45462f3043253a3a66616367273238476f616365292f3a324b68786f656d2f30463b39302e3024302c3a2f3838596b646172612f384e3d31352e3b36
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Keep-Alive
timeout=2, max=99
Date
Sat, 16 Nov 2024 09:30:02 GMT
Content-Type
text/javascript;charset=UTF-8
Server
Apache
Connection
Keep-Alive
U4IIu0eeHGZOBa0A
w2txo5aahgbwyrdmvlqxabx7lv2tvpq2246tc7qo06f00df92caef9dcsac.d.aa.online-metrix.net/ Frame F553 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aahgbwyrdmvlqxabx7lv2tvpq2246tc7qo06f00df92caef9dcsac.d.aa.online-metrix.net/U4IIu0eeHGZOBa0A?ea8aa4f227537e75=NVvG3NIpnt0VcElysA4DTSDxT5DrJmyuXuFH1TN7Exd3vqaZmGmJ3YGMxlNfTpQA9etyskeG367Bk774Fu8etk8hj4btdO0Oo3MWSwqmBSfTaLuoL0XCDbrTaRCqw65KVLSZTo5iquYwQ77dGz2j_SFeqkacFp02CCPGt9f8Fi1BN_8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
close
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Date
Sat, 16 Nov 2024 09:30:02 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
rwr-L9x70DQ5-OqV
imgs.signifyd.com/ Frame F553 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/rwr-L9x70DQ5-OqV?d0a3bc9eb824342d=znqO1J-QqYj0HT4tJ2JSkCyYIxoz38LFeuclJivlb5olU5oWv6H63jYcfWpts3K1caKXCL9Kr5LCPewDR41op6HZSIX9sYPuU-BOr35yK-YSqYnZPdeYt376Br9PMn0MkhOnl0J_q0EycXdqQsPEZPqUw_ONFGAyLI4Wwo7CqTwzqR34Z0AP8CvYQw13SlWHRWwTSwsm8E4YeJiiHHFR9rwLG5ErMg&jf=3c333a267b696e5d7a6464377c667a5f4f617a4e33314d4478384643396e4c782c79616e556661746d373b3f3b33353431343a302e79696e577671706f3d7f6d683865696e73612679696655616f7137393235393b3a3b3b383432373a6132343c32636f3b6638323a31383e3a3a326b323634386965316e3a39383b3a3530333c383a38383667343b356c313b3234396c336d3533336c6c3d32346b3a6464353a31366b6e333a3c3d313036313a6c3e306434653b613d3b3f3b613c3c3031636839303c6835386f6b3431313832366e33396d683e6664363868683a306061643c39683a6a3a623e3f613b376e343e386866353d333839356c3466693c336a6e323334623b6f2c7b61665d7361673731383e363a3a3039303a623a3e3a60313d3b6539326b64316f6c3c3b3b326766376e396c31383263333b366b306d3a356930306e6533303f393930396c6c333765683261683c3931693a323232393a3a6b3831323938333a31693b64333c3739366e383d3d38376138386639313d3066393d3d6a326b3b30393c3d6e3e3c3b376538656e373c3a663a3f3531363a656d2e796b66783730
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=98
Date
Sat, 16 Nov 2024 09:30:02 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png;charset=UTF-8
Server
Apache
MaCIlyNelsqxsi5Z
imgs.signifyd.com/ Frame F553 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/MaCIlyNelsqxsi5Z?6cf470a97c6768c0=UK0aJV4x-vs_rj6xiGRTCUtqeC5uKVTmJX4iSrSYJq2h4gf-wtnFJpSVdPMfabGrRyNEQhMoEbz3C8LuAkXPqKHU4JopqTMFns5PHLSpyuFdK5tmyLBkBzmnZh5Nxr5xPyROdO8yu3eMpJES72Cs5sOabnjvl7zwebCxscips5uwhdPiaLT-aS-oQOdi6CJgrn0v5E4Hkr_c6KxnGb4phaISPB6HSQ&jac=1&je=3036242665656e6a3522332f3a41392538433b2d3841373e693433373d6566383f3d3d39386462663d6e386e6b3566343f3169673b6b336f39633f326c39386e3b60623b386336633a306332696f6b6f3b3b30306d3b23
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Keep-Alive
timeout=2, max=97
Date
Sat, 16 Nov 2024 09:30:02 GMT
Content-Type
text/javascript;charset=UTF-8
Server
Apache
Connection
Keep-Alive
ohKNwdB6G-b4eKJB
imgs.signifyd.com/ Frame F553 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ohKNwdB6G-b4eKJB?3205a1f01e4756f1=FE8JATfpGJoOvp-_j1pngO2RlC1gn6S2mWhjmVthrUvGFgWa_GK173zSExDElbLL3wycddsktoUmOYzZLscIHBiAJvjI5m1Fz4q-AI-T-NxgBHVMpJhCfXyDN617SFvkiCEIgpU0UoY9DLT5AEIYbaUzwlF5AMN8S9nipw&jac=1&je=3e3130262e77636b353b373826333f2e3a2e3a243b322e3b2431362e3b37247d6f63353b3c352e31393e243a383b2c3138332c75613c3d6c6c606e3a3b643b3f3060626f3a3a303a3b3738303b3b2e7a673f6e6f2e686b7c7b763f253f422f303a66657c6d6e2d3238253b493b2c303a2f3243253832717e6b7e7d792f3032253b4b2f3a3a616a617a67636c6f2f32382d354c266b756c603761613d683965366f363a3b696969693c6432613f693b313a3b31363b343c603d69333b3f3b3e623e64306c6e36383c3a3033386c65366c3a396e696e3a3435312c6f703b3f61313b633e67383f396f30336c303d376e3b6c66623a6e3838376b393a3e3e6b30686f6133633b682c6d70363f633f383d363a38386b696431323d3438693960663f6f3039626f66343d6c69382c7f63683d2d3d482d3a3063726b6863766d69747f7a672d3238253b492f30322f383225324925303868637c646f7173253a382f3b492730322d3238273a4925383a607a6164647b2d383025394b2535422f35462f38492d383864756c645c6f7a7b6b6d6e446979762d38322f3b432d3548253d4c2f30432f38326d6f68696e6f2f383a2f3943666164796f2d3a4127323a6d65666d6625383a273b412f323a2d38302538492532327a6c637e6c657a672f3032253b4b2f3a3a2730322d3249273a38706669766e6f786d5e6d78716965642532322f33432f38382d38382732432d38387f677534342d3238273b4b666b64716d253d442e7d6b6e3d2f3d4225323862706b646e7b2f38302533492f3f4a2d3746253a432f303a676f68616e6d2538322d3b4b64616679652532492530387a66697e6c6d726d2d38382d3b4327323a2538302d3d442c7b6a6c3d65706d66
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/F-75pNM3KDwLbfDi?46e8ae652f2bd43d=HW_6hAziuF_838Nu926O-9hnbFf0Kthqr5lAraz-wKALhb_TaZCbhaarAwCq6awwedkiH_OYT5W58xpPfWvk_qUbOBlyCoqFqZ6WHJODY9Z6f51t6245ubJ-pDw4Qk0Wi9_QzWhP4oewL3gU59FoDql3xGH4RVagf4_mlRiIZYG8HP21q2-BU9rw7W54gSobo-dJBkSnS5EyDaoNBCzRdnuiI84&jb=3d32242662736577354669647d7a2e6a796f3544636c75722c6a73627f3d41627865656f2c6873623549627a676f67253a303b3138
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=96
Date
Sat, 16 Nov 2024 09:30:02 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
0860ab24f45bc22b8f13cc8d6647caaa.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		84 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/0860ab24f45bc22b8f13cc8d6647caaa.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cef923d56729944b2ae70b4e78b864efbb81a1db323d25882483aa8d935f9528

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=MTqQwQ==, md5=CGCrJPRbwiuPE8yNZkfKqg==
etag
"0860ab24f45bc22b8f13cc8d6647caaa"
age
44983
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
86329
date
Fri, 15 Nov 2024 21:00:16 GMT
last-modified
Fri, 01 Nov 2024 19:19:11 GMT
content-type
image/jpeg
x-guploader-uploadid
AFiumC5w03FSbohx21X3OgHIZPi3loPmj0M1ueIRJeMtqDolsYPNDRm-WTkdyy6gPHb8Z4BxI2g
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730488751388465
content-length
86329
server
UploadServer
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
etag
"59a941c096f98029341d8c56b7b89113"
age
6303
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
18352
date
Sat, 16 Nov 2024 07:44:56 GMT
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
content-type
image/png
x-guploader-uploadid
AFiumC7ZVQ0qS1N6AOSc1JPVoRpgQgyyDwEvRFiP9VGaYKjAB96UzwLeKUZpa6QpBy_1cHq1qoQnePgS-A
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1598371060392963
content-length
18352
server
UploadServer
6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
etag
"6aa18944a3ad2c224d37dafb46afa35f"
age
103660
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
93895
date
Fri, 15 Nov 2024 04:42:24 GMT
last-modified
Mon, 08 Apr 2024 16:27:35 GMT
content-type
image/jpeg
x-guploader-uploadid
AFiumC6uXVNTsRI8ORwhYEXNdwb2LTlYZQCGSGsvw8VjFJh1DkSvFI4X1A8g8ZmkAnBwGWi2DI8
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1712593655184176
content-length
93895
server
UploadServer
events
c.contentsquare.net/v2/ 		0
42 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.contentsquare.net/v2/events?uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&sn=1&hd=1731749399&v=15.33.7&pid=1926&pn=1&happid=1042782804&hsid=8101989692903038&huu=8503785899550927&str=1730&di=2360&dc=5288&fl=5314&sr=18&mdh=6759&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Sat, 16 Nov 2024 09:30:05 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
recording
k-aeu1.contentsquare.net/v2/ 		0
16 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&rst=1731749399270&let=1731749404998&v=15.33.7&pid=1926&pn=1&sn=1&uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&happid=1042782804&hsid=8101989692903038&huu=8503785899550927&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.49.246.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-246-129.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
access-control-allow-origin
*
timing-allow-origin
*
content-length
0
date
Sat, 16 Nov 2024 09:30:05 GMT
access-control-allow-methods
GET, POST, OPTIONS
widget.js
js.jebbit.com/companion/v1/ 		44 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27d4:d800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
226049a96ceaa190e0dd45980c8fba9367127b7c2b19b635ee30bb7f4fa17e52

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
M.fQKrXkVHcvymDK9D8bU4BvoS660wdj
etag
"9ee6264c1a592ca4976fb94c91ef8c87"
age
3192
via
1.1 e16efc71e79c35b916d39ffacf1425d6.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
45384
x-amz-cf-id
2Y4TNxJ5VOAquaulpgB71eNxFjYSZ4hdBPGcNPBNasoe92PCx2z1Iw==
date
Sat, 16 Nov 2024 08:36:44 GMT
content-type
text/javascript
last-modified
Mon, 07 Oct 2024 17:19:22 GMT
server
AmazonS3
x-amz-cf-pop
ORD51-P1
x-amz-server-side-encryption
AES256
i.js
tag.wknd.ai/6664/ 		17 KB
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
a687e75c399fb4ce1187ebf92ab22e67e92a7e7a04d0a7b60cca3ff783253494

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
cf08ca714b6433
age
9
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
text/plain; charset=utf-8
vary
Accept-Encoding
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
cache-control
public,max-age=60
timing-allow-origin
*
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
tag-router.tag-router.svc.cluster.local:80/*
via
1.1 google
access-control-allow-origin
*
content-length
5686
server
istio-envoy
x-region
us-central1
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:4000:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=600
content-encoding
gzip
age
370
via
1.1 google, 1.1 e2d34a357aab1d6cff5cce981d09ebba.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
H0wzruMrUDt0064784DXFtdJl4MnoryWFYsKD251mCqWY2eS5u991Q==
date
Sat, 16 Nov 2024 09:23:46 GMT
content-type
text/javascript;charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P1
iframe_api
www.youtube.com/ 		993 B
517 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.93 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f93.1e100.net
Software
ESF /
Resource Hash
4ded1be65e7802d42d9d88aba8b134f9bd4a03cf737284fc397c26a14b10d1cc
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
x-content-type-options
nosniff
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
expires
Sat, 16 Nov 2024 09:30:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
require-trusted-types-for 'script'
cache-control
private, max-age=0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
x-xss-protection
0
server
ESF
events
c.contentsquare.net/v2/ 		0
19 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.contentsquare.net/v2/events?uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&sn=1&hd=1731749399&v=15.33.7&pid=1926&pn=1&happid=1042782804&hsid=8101989692903038&huu=8503785899550927&str=1730&di=2360&dc=5288&fl=5314&sr=18&mdh=6759&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Sat, 16 Nov 2024 09:30:05 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
recording
k-aeu1.contentsquare.net/v2/ 		0
183 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&v=15.33.7&pid=1926&pn=1&sn=1&uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&happid=1042782804&hsid=8101989692903038&huu=8503785899550927&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.49.246.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-246-129.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
access-control-allow-origin
*
timing-allow-origin
*
content-length
0
date
Sat, 16 Nov 2024 09:30:05 GMT
access-control-allow-methods
GET, POST, OPTIONS
collect
sgtm.elfcosmetics.com/g/ 		429 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4bc0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067554~102067808~102077855&cid=161341692.1731749397&ecid=977587072&ul=en-ca&sr=1600x1200&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=MA&sst.rnd=121143378.1731749395&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=4&sid=1731749396&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=view_item_list&pr1=id57586~nmHoly%20Hydration!%20Thirst%20Burst%20Drops~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp0~brELF%20Cosmetics~caskin~lnProduct%20Carousel~va~pr16~qt1&pr2=id300222~nmSqueeze%20Me%20Lip%20Balm~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp1~brELF%20Cosmetics~calips~c2lips-lip-balms-treatments~lnProduct%20Carousel~va~pr6~qt1&pr3=id300230~nmCream%20Glide%20Lip%20Liner~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp2~brELF%20Cosmetics~calips~c2lips-lip-liner~lnProduct%20Carousel~va~pr3~qt1&pr4=id300234~nmCamo%20Liquid%20Blush~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp3~brELF%20Cosmetics~caface~c2face-blush~lnProduct%20Carousel~va~pr9~qt1&pr5=id300241~nmCamo%20Liquid%20Blush~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp4~brELF%20Cosmetics~caface~c2face-bronzer~lnProduct%20Carousel~va~pr9~qt1&pr6=id400030~nmLip%20Lacquer~afELF%20Cosmetics~ds0~k0currency~v0CAD~lp5~brELF%20Cosmetics~calips~c2lips-lip-gloss~lnProduct%20Carousel~va~pr4~qt1&ep.item_list_name=Product%20Carousel&_et=3260&tfd=15256&richsstsse
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
2c00a29846889e3c8ff549df29e0228083a817dc8c7455389ba20ae599c9704f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
text/plain
server
Google Frontend
collect
sgtm.elfcosmetics.com/g/ 		0
0
eligible
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=E4UwNg9ghgJgwlAtgBygSwOYDsDOA1AJgF4AGAMhgwC40cBlAVwCMcBjYNJkYIgMyjA4QFarQAKoAG5oIDHHDkAXCIm58BQkVVZRWACxAAVOkQCMAdgDMFgCwBOS3bsBWUwDYyDAI5myQjKpYigD6aDA4RGQ6KOjYYUQENs5uiTZ+ssCsIERMslhZAB5kUBggQUQAVjhkiBAw2eQA7iAsaIog8W5dadI4bfEW1ub2jnZuNiSJdhQg0lkDBKbOlvamNjZuABybpmvm5Kil0iCNA34gXgxl8zBEzlFgaGWKimiqOIpIyGZWtnYT9hcDyeQSgyDQkm4fQgWCInwwlhmc2yMDIij0aGAMGCqGAigAnsEPhBgCUQMEYLQoEwwCBbvxBMJFAAvCBEGybcg4CC8ELxAgQHCSACiAEleBAANYAeQKAFUGAB1AqIOgARQA4o0mABZE5gKDSsh6KBY0K3AWSOUAQQAmgAlGBqgBCzIAEhqIAA5RWsNwat2IRoVX1utVAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
image/gif
kpi
pixel.pointmediatracker.com/ 		0
0
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1731749405014&sw=1600&sh=1200&v=2.9.177&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=12318&fbp=fb.1.1731749397262.299593853531347623&ic=gtm&ler=empty&cdl=API_unavailable&it=1731749396637&coo=false&eid=1731750053898_173175025128345&tm=1&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=32, rtx=0, c=26, mss=1232, tbw=8496, tp=20, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1731749405014&sw=1600&sh=1200&v=2.9.177&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=12318&fbp=fb.1.1731749397262.299593853531347623&ic=gtm&ler=empty&cdl=API_unavailable&it=1731749396637&coo=false&eid=1731750053898_173175025128345&tm=1&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7437807061114650015"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa230b3a6a6e8856b","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["1521466687872304"]},"debug_reporting":true,"debug_key":"2280823867769115829"}
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
6/Jl6GbExCSi/XzcA+mQ0kmzoERO6zPURwaG5U/xLq4KqPOV2X3C2PPXWxcO0mjGGNWe3OreG/9QxZGaocf9uw==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7437807061114650015", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=32, rtx=0, c=26, mss=1232, tbw=8688, tp=22, tpl=0, uplat=18, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
rp.gif
alb.reddit.com/ 		42 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1731749405017&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=c158a2a9b466f65fc186083ae21f5105b5bb6bf05c6ba9b055883565182562c7&uuid=4723ca10-a637-448b-8a9f-f2e244618fcb&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_49267bce&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after
0
cross-origin-resource-policy
cross-origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
content-length
42
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
image/gif
server
Varnish
px
secure.adnxs.com/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.76 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
167.114.209.103; 167.114.209.103; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
0567e824-0725-4e5f-9748-b65f2fa7e450
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Sat, 16 Nov 2024 09:30:05 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
syncd
x.bidswitch.net/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
43 B
183 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
Protocol
H2
Server
35.211.202.130 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
130.202.211.35.bc.googleusercontent.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

via
1.1 google
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
image/gif

Redirect headers

location
https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=8464e919-38cf-4ea6-907a-e792fb0142c2&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
content-length
0
date
Sat, 16 Nov 2024 09:30:05 GMT
server
Kestrel
pageview
c.contentsquare.net/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&pvt=a&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6761&ww=1600&wh=1200&sw=1600&sh=1200&uu=b5b4c303-35b8-a4b5-c56f-1959e22b2b07&sn=1&hd=1731749405&v=15.33.7&pid=1926&pn=2&happid=1042782804&hsid=8101989692903038&huu=8503785899550927&r=757565
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.217.190.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-217-190-26.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Sat, 16 Nov 2024 09:30:05 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;p...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=297791405;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f148.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Sat, 16 Nov 2024 09:30:05 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"7288891153988799355"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0x9ab5086fe7f2e12d","source_keys":["12","13","14","15","16","17","18","19","20","21","22981708","22981709","22981710","22981711","24748276","24748277","24748278","24748279","27138660","27138661","27138662","27138663","628477676","628477677","628477678","628477679","628627208","628627209","628627210","628627211","642003348","642003349","642003350","642003351","642003440","642003441","642003442","642003443","642887056","642887057","642887058","642887059"]},{"key_piece":"0x6b44b81f3d5668b1","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","22981708","22981709","22981710","22981711","24748276","24748277","24748278","24748279","27138660","27138661","27138662","27138663","628477676","628477677","628477678","628477679","628627208","628627209","628627210","628627211","642003348","642003349","642003350","642003351","642003440","642003441","642003442","642003443","642887056","642887057","642887058","642887059"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"22981708":131,"22981709":131,"22981710":131,"22981711":12713,"24748276":32,"24748277":32,"24748278":32,"24748279":3177,"27138660":34,"27138661":34,"27138662":34,"27138663":3345,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"642003348":32,"642003349":32,"642003350":32,"642003351":3177,"642003440":32,"642003441":32,"642003442":32,"642003443":3177,"642887056":65,"642887057":65,"642887058":65,"642887059":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"9653386251948545881","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"7288891153988799355","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"7288891153988799355","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"7288891153988799355","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"7288891153988799355","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
content-type
image/png
x-xss-protection
0
server
cafe
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1594443019;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f148.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Sat, 16 Nov 2024 09:30:05 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"15550718446203338454"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0xdbbef7ef1717f9a5","source_keys":["12","13","14","15","16","17","18","19","20","21","22938932","22938933","22938934","22938935","27161852","27161853","27161854","27161855","628473576","628473577","628473578","628473579","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","641998712","641998713","641998714","641998715","642025028","642025029","642025030","642025031","643969340","643969341","643969342","643969343"]},{"key_piece":"0x5d2c788f9c2ffc54","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","22938932","22938933","22938934","22938935","27161852","27161853","27161854","27161855","628473576","628473577","628473578","628473579","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","641998712","641998713","641998714","641998715","642025028","642025029","642025030","642025031","643969340","643969341","643969342","643969343"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"22938932":34,"22938933":34,"22938934":34,"22938935":3345,"27161852":32,"27161853":32,"27161854":32,"27161855":3177,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"641998712":32,"641998713":32,"641998714":32,"641998715":3177,"642025028":34,"642025029":34,"642025030":34,"642025031":3345,"643969340":32,"643969341":32,"643969342":32,"643969343":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"6571294779022902869","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"15550718446203338454","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"15550718446203338454","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"15550718446203338454","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"15550718446203338454","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
content-type
image/png
x-xss-protection
0
server
cafe
/
ct.pinterest.com/user/ 		35 B
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221731750053898_173175025128345%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22pin_unauth%22%3A%22dWlkPVpEYzBNall6T0RrdE5EWmlaaTAwTmpZMkxUZ3hZbUV0WmpGbE1UTXlOV1ptT1RNMw%22%2C%22external_id%22%3A%22%22%7D&cb=1731749405139&dep=4%2CTAGS_RECEIVED&stc=true
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Epik,Pin-Unauth
x-pinterest-rid-128bit
ca3ef39da5ce1ef247bf93f96ac2f459
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=600
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
image/gif
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
0
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
quic-version
0x00000001
pin-unauth
dWlkPVlUTm1NamcyTXpVdFkyUTNaQzAwTkRGbUxXRm1aR010TnpWak1UQXlaR1V4WW1NeQ
pinterest-version
fe8dde823c9d8ad4331a9352a6a28b5f1fb1cf4b
access-control-allow-origin
https://www.elfcosmetics.com
content-length
35
akamai-grn
0.11dfda17.1731749405.c68b276
x-pinterest-rid
5170013596691919
track
c.us.heap-api.com/api/capture/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.71.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-71-129.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
allow
POST
content-length
4
content-type
text/html; charset=utf-8
date
Sat, 16 Nov 2024 09:30:05 GMT
etag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
track
c.us.heap-api.com/api/capture/v2/ 		2 B
286 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/track
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.71.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-71-129.compute-1.amazonaws.com
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/octet-stream
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
content-length
2
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
text/plain; charset=utf-8
server
nginx
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
activityi;dc_pre=CPrfi6HF4IkDFaIjiAkdCFMclQ;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-cri...
10742279.fls.doubleclick.net/ Frame BD46
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CPrfi6HF4IkDFaIjiAkdCFMclQ;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcos...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CPrfi6HF4IkDFaIjiAkdCFMclQ;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=297791405;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.63.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bi-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
396
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:30:05 GMT
expires
Sat, 16 Nov 2024 09:30:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:30:05 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CPrfi6HF4IkDFaIjiAkdCFMclQ;src=10742279;type=elf8j0;cat=glo_flap;ord=3175322256517;npa=1;auiddc=88868488.1731749395;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=297791405;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0h1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CKT_iqHF4IkDFfAkiAkdP2cxpw;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;...
9231397.fls.doubleclick.net/ Frame 6A30
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CKT_iqHF4IkDFfAkiAkdP2cxpw;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-cr...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CKT_iqHF4IkDFfAkiAkdP2cxpw;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1594443019;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.31.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
463
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:30:05 GMT
expires
Sat, 16 Nov 2024 09:30:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Nov 2024 09:30:05 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CKT_iqHF4IkDFfAkiAkdP2cxpw;src=9231397;type=retarget;cat=globa0;ord=5905164385146;npa=1;auiddc=88868488.1731749395;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1594443019;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4bc0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067554~102067808~102077855;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
ct.pinterest.com/v3/ 		35 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221731750053898_173175025128345%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22pin_unauth%22%3A%22dWlkPVpEYzBNall6T0RrdE5EWmlaaTAwTmpZMkxUZ3hZbUV0WmpGbE1UTXlOV1ptT1RNMw%22%2C%22external_id%22%3A%22%22%7D&cb=1731749405202&dep=4%2CTAGS_RECEIVED&stc=true&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%225aecc8b1%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.220.128.196 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-220-128-196.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-pinterest-rid-128bit
123b25cdaebcc40fce2a403330a1727a
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=600
date
Sat, 16 Nov 2024 09:30:05 GMT
content-type
image/gif
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
1
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
quic-version
0x00000001
pinterest-version
fe8dde823c9d8ad4331a9352a6a28b5f1fb1cf4b
access-control-allow-origin
https://www.elfcosmetics.com
content-length
35
akamai-grn
0.11dfda17.1731749405.c68b2bf
x-pinterest-rid
1485575690943839
widget.css
js.jebbit.com/companion/v1/ 		15 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27d4:d800:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
69beb39687e8656561a843b13137c292498648b7f1ae665214eb292527cd436b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
fgLtE0C.phC7FjS26Fxc9wt33wvWl9V5
etag
"c2b625a2843069c776e8a618c90b952a"
age
62047
via
1.1 e16efc71e79c35b916d39ffacf1425d6.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
15522
x-amz-cf-id
OgsH2nzkWqT_hD4lu-y5U_pccZE_y3L5HmI-19vrenmcFaHaRXR4gg==
date
Fri, 15 Nov 2024 16:15:51 GMT
content-type
text/css
last-modified
Mon, 07 Oct 2024 17:19:22 GMT
server
AmazonS3
x-amz-cf-pop
ORD51-P1
x-amz-server-side-encryption
AES256
include.js
cdn8.eu.inside.chat/gtm/IN-1011171-EC/ 		24 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat/gtm/IN-1011171-EC/include.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08e5f2fdc1f7a9d0de8db23174e037c1510a852b514811807b4e3f89307486d5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
public, max-age=3600
content-encoding
br
cf-bgj
minify
etag
W/"01e251ada13db1:0"
age
576
cf-cache-status
HIT
cf-ray
8e36759fb9ceabf1-YYZ
expires
Sat, 16 Nov 2024 10:29:56 GMT
cf-polished
origSize=38567
alt-svc
h3=":443"; ma=86400
date
Sat, 16 Nov 2024 09:29:56 GMT
content-type
application/javascript
last-modified
Tue, 01 Oct 2024 08:15:40 GMT
vary
Accept-Encoding
server
cloudflare
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=JqsQr2tKz5IKiZkqQDLq2oW6axr6o9TqJzUpBFndkmg%3D.1731749397&gtm=45j91e4bd0v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067554~102067808~102077855&aip=1&z=292099904
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sat, 16 Nov 2024 09:30:05 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
rcomEvent
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/rcomEvent?cnst=1&_=959292&uid=-3247095080494275053&sec=8772046&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expSes=1338&p=1&cl=dk.l.c.ws.fst.&ses=de575dcbdc06115b926c7a36feb6185b&data=%7B%22ctx%22%3A%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D%2C%22widgets%22%3A%7B%22199244%22%3A%7B%22fId%22%3A16887%2C%22fallbackData%22%3Afalse%2C%22expData%22%3A%7B%22expId%22%3Anull%2C%22varId%22%3Anull%7D%2C%22events%22%3A%5B%7B%22type%22%3A%22WRIMP%22%2C%22strId%22%3A9%7D%2C%7B%22type%22%3A%22PRIMP%22%2C%22pId%22%3A%5B%2257586%22%2C%22400030%22%2C%22300230%22%2C%22300222%22%2C%22300234%22%2C%22300241%22%5D%2C%22strId%22%3A9%2C%22md%22%3A%7B%7D%7D%5D%7D%7D%7D&reqts=1731749405884&rri=3399072
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.22.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-22-67.ord51.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 b3dcbb5db65271a2024ef727d001a4e2.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
4_2EmhtoIKUXTZw3H84a4nJ1-ttkRtbYT_XRmvVjVUNSoUVOPxm00g==
date
Sat, 16 Nov 2024 09:30:05 GMT
x-amz-cf-pop
ORD51-C2
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/
Domain
www.elfcosmetics.com
URL
blob:https://www.elfcosmetics.com/fb1c88d7-c2f5-447a-bf02-da4196cc7504
Domain
sgtm.elfcosmetics.com
URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4bc0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067554~102067808~102077855&cid=161341692.1731749397&ecid=977587072&ul=en-ca&sr=1600x1200&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=121143378.1731749395&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=5&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&sid=1731749396&sct=1&seg=1&en=page_view&ep.page_type=content&ep.page_environment=production&ep.page_language=EN&ep.vendor_id=facebook&ep.event_id=1731750053898_173175025128345&ep.email=&ep.phone=&ep.facebook_pixel_id=1638306756445368&_et=4845&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=15257&richsstsse
Domain
pixel.pointmediatracker.com
URL
https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=3de91131-deaf-4282-aa92-8971a282e7f4&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=New&gtmcb=45085460

Verdicts & Comments Add Verdict or Comment

227 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host function| $ function| jQuery object| Vimeo boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended boolean| VimeoCheckedUrlTimeParam object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive object| DataLayer object| dataLayer function| getDataLayerEvent object| DY object| viewedProductIdsForPage boolean| BRAZE_SETUP_COMPLETE boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom string| personalizationHash object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| DYO object| contextManager object| DYJSON object| DYExps object| OtTrustedType string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| DYWork function| $dy object| Optanon object| OneTrust object| DYCS function| getProductNamesEval object| _uxa function| create_UUID function| createCookie number| gtmPageLoadId function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer number| j boolean| otLastAcceptAllValue object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| _inside boolean| _insideLoaded function| _insideJQ function| _insideViewUpdate object| a object| m function| ___rmuid object| ___RMCMPW object| gaGlobal object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs function| redditNormalizeEmail object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG object| insideFrontInterface object| _insideGraph string| _insideProtocol string| _insideCluster string| _insideGraphUrl string| _insideSocialUrl string| _insideCDN string| _insideCDN2 string| _insideScriptVersion boolean| _insideLive boolean| _insideIsLive object| bouncex function| UET function| UET_init function| UET_push object| CS_CONF object| CS_INTEGRATIONS_CONF function| csSetTimeout function| csQueueMicrotask function| csClearTimeout function| csSetInterval function| csClearInterval function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen function| csRegExp object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| UXAnalytics object| CSCurrentScript object| paypalDDL string| PaypalOffersObject function| ppq object| ueto_85174ae5fd object| uetq object| heapReadyCb object| heap object| tagConfig object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| recaptcha object| closure_lm_608467 object| webpackChunksmart_tag object| __post_robot_10_0_44__ object| PAYPAL object| bxgraph function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie object| insideAPI object| insideStreamingCheck object| insideCreditCard string| imageurl string| offerurl object| fbQueue function| fbAsyncInit function| processFbQueue function| close_bouncex_ad boolean| usingChatPanev2 object| cti110221 function| a0_0x3eec function| a0_0x20c7 object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| threatmetrix function| tmx_post_session_params_fixed function| tmx_run_page_fingerprinting boolean| tmx_profiling_started string| td_1D

93 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ANOXeZytNlb0ZhDvJBlyNW7B4RkOo7n3ZncFqqNE8ZHHFM-rvB8V_g0f1K-KaS8sxpLWqobUdSPNEju4UV42rQM
.youtube.com/ Name: YSC
Value: TyiUrQrlgm8
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: CbWCGfmOmJU
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJDQRIEGgAgJQ%3D%3D
.vimeo.com/ Name: _cfuvid
Value: kBulvTSRJFvE_YjBYkmvqBD6JzMMkBtIOzWUjZMAWLM-1731749392901-0.0.1.1-604800000
.vimeo.com/ Name: vuid
Value: pl2063304581.1134739467
.vimeo.com/ Name: __cf_bm
Value: tzuO2Xc6FPMxPSbJ9RPi.bHNXfnjkwor32SWrnboe0I-1731749393-1.0.1.1-IlAF.fAGBuRVaJyoSd9zF.m7YgNCofgqwVy6DKxs_Pixa5hAW3vRR9OJGLo0PyO7
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A642149d6-7196-ffa4-fb44-b9dd141f073d%7Ce%3A1731751194270%7Cc%3A1731749394270%7Cl%3A1731749394270
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A96e83af3-ae9c-a858-133d-9256f32abdea%7Ce%3Aundefined%7Cc%3A1731749394272%7Cl%3A1731749394272
.elfcosmetics.com/ Name: _dyjsession
Value: wx3804dswxyqvjh8uh5dgkjcw34ommer
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: wx3804dswxyqvjh8uh5dgkjcw34ommer
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.88868488.1731749395
.dynamicyield.com/ Name: DYID
Value: -3247095080494275053
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _dyid
Value: -3247095080494275053
.elfcosmetics.com/ Name: _dycst
Value: dk.l.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: CA.NA.CA_.CA__
.elfcosmetics.com/ Name: _dy_df_geo
Value: Canada..
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _dy_soct
Value: 1731749395!1652212.0'1654610.0'1750272.0!wx3804dswxyqvjh8uh5dgkjcw34ommer~1248068.0
www.elfcosmetics.com/ Name: FPC
Value: 3de91131-deaf-4282-aa92-8971a282e7f4
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Sat+Nov+16+2024+01%3A29%3A56+GMT-0800+(Pacific+Standard+Time)&version=202406.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=0708d016-213d-4385-b9e0-e31e781b774c&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
.adnxs.com/ Name: XANDR_PANID
Value: 8cOFY6HU7puW14bYCHAVhgmj7aXqX74aejazvNks8exd3uhQZ8TvPBXQH6kODgEJ7ORVhT5DcLaz05Vg62TL-kTcJbQOTMIVIwCEYIUwzFE.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 1710665979220969974
.adsrvr.org/ Name: TDID
Value: 8464e919-38cf-4ea6-907a-e792fb0142c2
www.elfcosmetics.com/ Name: dwsid
Value: OCO4s6uqKYoPI5fKXtFTxlHOBYW1Efj3O_VJnW7lKl29bXbbdTPurgi_PoRc6kpKAo9Fmah7leu0EZXsNvZjkQ==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: abwHcYkbcUlrIRl0w2wqYYwHI0
.pointmediatracker.com/ Name: c
Value: 7187d9d2-ad45-48e1-a1b3-e7e7a4ddb250
.doubleclick.net/ Name: IDE
Value: AHWqTUnTr-tL34FCZ8phxcuhQGtKjQLuSvZFpHYMFW-xVhTamXsLiihZuB-9AuwvOCA
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.elfcosmetics.com/ Name: _ga
Value: GA1.1.161341692.1731749397
.tiktok.com/ Name: _ttp
Value: 2ovUA5zCqSs3TgEltEOeyVf6Dga
.doubleclick.net/ Name: ar_debug
Value: 1
.rubiconproject.com/ Name: audit_p
Value: 1|o9MHh1C1dGNSfDJfF0/xAPk3EQxzkygO6A1bF63p7I47wCFCn6f3el2WejIVIk5JOAAjCDVzBO8wHTRO1/p4iHX0qfg68IpFQAPcN3ARK85XbBTm334V1QbHMjvuqKmaMcpHBYSGjc4ePMZczFMkl0yp545gU9J2TmC8j4XAe67REvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.rubiconproject.com/ Name: khaos
Value: M3JYVMGJ-1Y-6EJR
.rubiconproject.com/ Name: khaos_p
Value: M3JYVMGJ-1Y-6EJR
.rubiconproject.com/ Name: audit
Value: 1|o9MHh1C1dGNSfDJfF0/xAPk3EQxzkygO6A1bF63p7I47wCFCn6f3el2WejIVIk5JOAAjCDVzBO8wHTRO1/p4iHX0qfg68IpFQAPcN3ARK85XbBTm334V1QbHMjvuqKmaMcpHBYSGjc4ePMZczFMkl0yp545gU9J2TmC8j4XAe67REvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.elfcosmetics.com/ Name: FPID
Value: FPID2.2.JqsQr2tKz5IKiZkqQDLq2oW6axr6o9TqJzUpBFndkmg%3D.1731749397
.elfcosmetics.com/ Name: FPAU
Value: 1.1.88868488.1731749395
.elfcosmetics.com/ Name: FPGSID
Value: 1.1731749397.1731749397.G-5D80LRC85N.XlFZcNhd9uXwrS_CRsxKSQ
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1731749397262.299593853531347623
.linksynergy.com/ Name: rmuid
Value: 76121f44-33c6-4fcf-88c1-1ec12c634d5f
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.undertone.com/ Name: UTID
Value: 100ba7de74b84574aa4586565bedbd57
.undertone.com/ Name: UTID_ENC
Value: y744pxi90rk85n0ezl4w2slz
.pinterest.com/ Name: ar_debug
Value: 1
.casalemedia.com/ Name: CMID
Value: ZzhmFdHM6r4AAH3NAO6KkQAA
.casalemedia.com/ Name: CMPS
Value: 3828
.casalemedia.com/ Name: CMPRO
Value: 3828
.elfcosmetics.com/ Name: _cs_c
Value: 0
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPVpEYzBNall6T0RrdE5EWmlaaTAwTmpZMkxUZ3hZbUV0WmpGbE1UTXlOV1ptT1RNMw
.elfcosmetics.com/ Name: FPLC
Value: RUZLxVf6oPR8Y9HT0LlGxFyBRIrXz6eNFG7AHQ2kMW9Fu8kInaXUwexZFezx9u2bfrZ%2FNIUoW0wkbbq5flfHmDm3pqHillJOOKa%2FKcWPw%2F4hZL91jqDTNZKrUwLpbg%3D%3D
.elfcosmetics.com/ Name: _scid
Value: 7753b122-3f1e-4651-d5bc-a1677507021e
.elfcosmetics.com/ Name: inside-eu8
Value: 16948775-d855451cc4f43b0e41867443d75484105006f4759aa3076e32f44b0581bb3516-0-0
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: 5KRa_uT-uiUVFG2QA_iQmcxUGML.tt.1
.elfcosmetics.com/ Name: _uetsid
Value: 58ffac40a3fd11ef80fad5c412e1172b
.elfcosmetics.com/ Name: _uetvid
Value: 58ff9e90a3fd11efb42b3d3a1d0b4a04
.bing.com/ Name: MUID
Value: 367CDAB125B564281F6CCF88248E654F
.bat.bing.com/ Name: MR
Value: 0
www.elfcosmetics.com/ Name: esw.currency
Value: CAD
www.elfcosmetics.com/ Name: sid
Value: hZIY1vnP7_7zbTCLJHR9Q-x_peDndD6Dx7s
www.elfcosmetics.com/ Name: _dyid_server
Value: -3247095080494275053
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: true
www.elfcosmetics.com/ Name: esw.location
Value: CA
www.elfcosmetics.com/ Name: currentLocale
Value: en_CA
www.elfcosmetics.com/ Name: esw.sessionid
Value: abwHcYkbcUlrIRl0w2wqYYwHI0
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_CA
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.bounceexchange.com/ Name: bounceClientVisit6664c
Value: %7B%22vid%22%3A1731749399640249%2C%22did%22%3A%22121534914468811470%22%7D
www.elfcosmetics.com/ Name: bounceClientVisit6664v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QbFIIDm9QSgooUbevxjUN13SfMQrNuw6cuKAL5AA
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2ovUAYRdQBzHGoNWc6GHmwjWcHQ","deviceID":"2osvEIfokOxUuWxmSQGwbMewlaO","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJvdlVBWVJkUUJ6SEdvTldjNkdIbXdqV2NIUSIsImRldmljZUlEIjoiMm9zdkVJZm9rT3hVdVd4bVNRR3diTWV3bGFPIiwiaXYiOiIiLCJ2IjoiIn0%3D
.elfcosmetics.com/ Name: _hp5_event_props.1042782804
Value: %7B%22Contentsquare%20Replay%22%3A%22https%3A%2F%2Fapp.contentsquare.com%2Fquick-playback%2Findex.html%3Fpid%3D1926%26uu%3Db5b4c303-35b8-a4b5-c56f-1959e22b2b07%26sn%3D1%26pvid%3D1%26recordingType%3Dcs%26vd%3Dhe%22%7D
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1731749396.1.0.1731749400.56.0.0
.www.google-analytics.com/ Name: ar_debug
Value: 1
.rlcdn.com/ Name: rlas3
Value: gweKZ5cWKPp7yY2ergNgRPQUTUQhT2U7KMiJ802NrDs=
.rlcdn.com/ Name: pxrc
Value: CJnM4bkGEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-11-16T09:30:01Z
imgs.signifyd.com/ Name: thx_guid
Value: b961f69dc6b90c015dd9ae36c47131ab
imgs.signifyd.com/ Name: tmx_guid
Value: AAwRsxm43alXQg6qQWC82Nw_bbbCYooKEa45aiFAWUH7rVIerTXke2pe6u2YXaBvycwKlpXtnMD_Mdz3lFmLPQCuJqQKRQ
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1731749397201.4723ca10-a637-448b-8a9f-f2e244618fcb
.elfcosmetics.com/ Name: _cs_id
Value: b5b4c303-35b8-a4b5-c56f-1959e22b2b07.1731749399.1.1731749405.1731749399.1558384338.1765913399173.1
.elfcosmetics.com/ Name: _cs_s
Value: 2.5.0.9.1731751205030
.elfcosmetics.com/ Name: _hp5_meta.1042782804
Value: %7B%22setPath%22%3A%7B%7D%2C%22userId%22%3A%228503785899550927%22%2C%22sessionId%22%3A%228101989692903038%22%2C%22lastEventTime%22%3A1731749405034%2C%22sessionProperties%22%3A%7B%22time%22%3A1731749399163%2C%22referrer%22%3A%22%22%2C%22id%22%3A%228101989692903038%22%2C%22search_keyword%22%3A%22%22%2C%22utm%22%3A%7B%22source%22%3A%22%22%2C%22medium%22%3A%22%22%2C%22term%22%3A%22%22%2C%22content%22%3A%22%22%2C%22campaign%22%3A%22%22%7D%2C%22initial_pageview_info%22%3A%7B%22time%22%3A1731749399163%2C%22id%22%3A%223554909219801552%22%2C%22title%22%3A%22Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics%22%2C%22url%22%3A%7B%22domain%22%3A%22www.elfcosmetics.com%22%2C%22path%22%3A%22%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22query%22%3A%22%22%2C%22hash%22%3A%22%22%7D%2C%22source_properties%22%3A%7B%22screen_height%22%3A1200%2C%22screen_width%22%3A1600%7D%2C%22properties%22%3A%7B%22Page%20Type%22%3A%22content%22%7D%7D%7D%7D
.elfcosmetics.com/ Name: _ga_5D80LRC85N
Value: GS1.1.1731749396.1.1.1731749405.0.0.977587072
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2GTtet89.!]tcV8bhzs#DIgl#XsfX#YR-N
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGZ29vZ2xlEgsIvNSkxOiKwz0QBRIWCgdydWJpY29uEgsI8vqkxOiKwz0QBRIXCghhcHBuZXh1cxILCIC9lcnoisM9EAUSFQoGY2FzYWxlEgsI7OiVyeiKwz0QBRIYCgliaWRzd2l0Y2gSCwjE_LyV6YrDPRAFGAUoATILCMa5v8L_isM9EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgliaWRzd2l0Y2g.
.ct.pinterest.com/ Name: _pinterest_ct_ua
Value: "TWc9PSZ4SnBhMWpvSUpjakMxQkh4Vk1jZjNJeTh2eU90b2xrTStCaVI3b3pHaEduQm1iUVNJRzNQamltdDdEUjMxQXBxTE1DYVFYV0ZleUYyNDRUQldCUWswSkduc3FMYkw1bFZCSkFJY2xsZTJzND0mVWxQL0FwMDUxZU52UXk4TTBwWlNIcFNYNkRVPQ=="

6 Console Messages

Source Level URL
Text
security error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 402)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ from frame with URL https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals. Domains, protocols and ports must match.
security error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 402)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ from frame with URL https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals. Domains, protocols and ports must match.
security error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 402)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ from frame with URL https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals. Domains, protocols and ports must match.
rendering warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0901D009C3B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A05069069C3B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A02069069C3B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ad.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
c.us.heap-api.com
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.blisspointmedia.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.us.heap-api.com
cdn8.eu.inside.chat
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
cosmeticscriminals.ca
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
k-aeu1.contentsquare.net
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel-config.reddit.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
player.vimeo.com
qoe-1.yottaa.net
rcom.dynamicyield.com
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
use.fontawesome.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aahgbwyrdmvlqxabx7lv2tvpq2246tc7qo06f00df92caef9dcsac.d.aa.online-metrix.net
www.elfcosmetics.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
www8.eu.inside.chat
x.bidswitch.net
cdn-fsly.yottaa.net
pixel.pointmediatracker.com
sgtm.elfcosmetics.com
www.elfcosmetics.com
104.18.26.193
104.18.38.107
104.18.9.17
104.26.13.205
108.138.106.11
108.138.106.22
13.226.22.67
13.226.94.108
142.250.31.149
142.251.16.156
142.251.163.94
151.101.1.21
151.101.193.140
151.101.193.21
151.101.2.133
151.101.65.140
151.101.67.1
157.240.229.1
162.159.128.61
162.159.138.60
165.254.198.225
172.253.115.103
172.253.115.105
172.253.115.156
172.253.115.94
172.253.122.102
172.253.122.148
172.253.62.157
172.253.63.149
172.253.63.93
172.64.145.183
18.238.80.36
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:36::181
204.2.133.97
23.212.248.149
23.220.128.196
23.47.22.7
2600:1901:0:56e0::
2600:9000:2211:7000:a:b89d:a6c0:93a1
2600:9000:23cb:4000:11:85b0:d600:93a1
2600:9000:266a:3200:1c:df99:ffc0:93a1
2600:9000:27d4:d800:a:7914:b00:93a1
2600:9000:2807:e00:15:ad21:c740:93a1
2606:4700:3037::ac43:8ef5
2606:4700:4400::ac40:96d1
2606:4700:4400::ac40:9b23
2606:4700:4400::ac40:9b77
2606:4700::6812:572a
2607:f8b0:4004:c08::5b
2607:f8b0:4004:c0b::61
2607:f8b0:4004:c17::9b
2607:f8b0:4004:c1d::65
2620:1ec:33::10
2a04:4e42:200::396
2a04:4e42:400::649
2a04:4e42:600::84
3.232.50.39
31.13.66.35
34.102.147.248
34.111.8.32
34.120.253.250
34.149.130.207
34.149.44.52
34.239.243.233
34.49.124.132
34.98.67.3
34.98.72.95
34.98.88.136
35.211.202.130
35.241.17.112
35.244.154.8
44.217.190.26
52.21.71.129
52.223.40.198
52.49.246.129
68.67.160.76
69.173.146.5
99.81.190.108
99.83.184.193
019b5f9f7e5e38d4eb605125e42642be9af94a9643e5036ce84e8380457ecaa7
08e5f2fdc1f7a9d0de8db23174e037c1510a852b514811807b4e3f89307486d5
0c22692fd69ca82d18566270bcbf1bd4c8b2f53fcc163cbd2dbffd6dfd0f8c5e
0c28a3b893740df4c1372e6321ce52981e0f77543c6fc8384af2deab941773c2
0e63ad56cb0ac356f19b952fdbccf7f3e96db14322a84628ee907835b8a144c1
106ca63496a79c5531c0e7c25aad5dda4b011c5e33cf7e007be0f06c9572ec4f
1076a7353719312e23f98815f8c7d2a7433d16f35a9743afc47a57247ce01a5c
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
14939503c8a97bef459ce94218f0e65933ab569f7b1d726bcb0b3c1031ebccf9
163ef25029a223ecbd9d19a8a76c4b5e54e2375dbca862fb73213a3ce2f9efc5
183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24
19308d1d6253bdf22053ef9727f6efd8e2a87e426fd4347bac94c17c8aba2d52
19576a00ececd1add5cecaa486d9f1f224597e55442a826c77d6ad17f8c11e07
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
1d79675679418e15443e5acee824d85aee85834ebbb42676e300e14d3c2195a0
1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
226049a96ceaa190e0dd45980c8fba9367127b7c2b19b635ee30bb7f4fa17e52
26e394c8bd847b5e9c4649a41eb1936db4fce85fbf462beed2a9a3f131bd761a
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2adcf9fd70c1c834f4b13d732b66f4900cec9a6bbdc587b85dbc68cdd9a34be4
2c00a29846889e3c8ff549df29e0228083a817dc8c7455389ba20ae599c9704f
2ec6c83ec1824898d15400462916551bf6761d2772bc3baec5b8fba523e03eb7
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
308c6802f9ebbbbac0992cddcbca0837a19ac24f19c7e87c060fa43b09e3bc41
316f15cbd03631b8f493d493f15260b560c62ab8a919efe8f4b906775b712a9e
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
3458b578161bba8266bd62ab348626abf4640d0695fdb363670d2efe3376ab68
359722b660d0b4a5afb34561728a3918b96bdccf3a3cddc4291ee4cd15f65c3f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3a59d44a2d31e92af61684f38edf53948979b926ac6766bb4c1a0dedef9ee625
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
3b5ba7d8e597d6c25d0181c3abbaa12988396c6044e0e0a9837b306e1deb6f7e
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
3e2be12954d30ece9147fb4d6d37c7d1e632138807880bdcd4cff7ad9768d11b
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed
43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f
43b23b13063ca915e738f4c77fc5be52b1f139b74088ba6f0b2e397dd5e6175e
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
498a41eab15456686643b139ae2c289c961bb02da852aaad698540831d0e9bb5
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4bef3d0bd705d1159b1a3a179655afd097f8da9fb9ea8249139b6c17b5b4fe8c
4ded1be65e7802d42d9d88aba8b134f9bd4a03cf737284fc397c26a14b10d1cc
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
546e554a3c51ce180d022de9ff5506f14603b38d40ece9f2be43c88328358a52
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
551e481191ade781873b0d50652fb8373a9a05463cdacb5e0cbb1f8c7d035ec6
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56a91178be19c73d3cd57f522c0c8dc23246780057acf2a768f0fd7b12bf492a
56aea4e78cf1538541603e3c8f14b15dfc9bfee27cadb946f8b3017ebe8abe3b
5a80b10ec0c44ff82a283f3d78f81623e15d8381656a111ad9211878700f89c2
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
6595b286ac718c159a3691b9c6cdd875d5ee75db1eab07830cca9b6bed9ce5ce
65b40adf03fa7120c5c34468d4e4da1f71e44d1a8f535f9da326c358bddee59c
68f38bac4859fbffd21448e052eb99ca911f8e2aa1f8f3709dee67a48b2196be
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69beb39687e8656561a843b13137c292498648b7f1ae665214eb292527cd436b
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6ada904b348f3aec8423f2b8a1335f55aa68d2d8d636da40fb02a2ac7cd4b193
6c496fcbe60fec78dc1b86a9136644d9a97cae20df32be3e9a4a62ce7bd0e6a6
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6ec4bd33290aa912d09572f5937bcedb1aca9461cc2d45b72db4799c170ed865
6ee5be4b99c2ae73bc6fcd965ac26d9601fed3219b941448ddd1cf193cdd454a
72ff5a1f7f8d2a84d8976552d8a42bb69c9ff70656b0c902af9c57902de5b3c5
74e50ec3a3c5025c49d2d4f373d67b71dd8eb694cc816dc68b21f1cdad7f05d5
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7a506503adb523ec7fd71e1cd5b953922dea386950cf0ea6355d1037bd7c6d1c
7b72e1d9e65564ea13890071486e5c74677b9a838c27145ffbd5eee96d2a381d
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
7f112f4a2dab651ac0411c527e616a77b5cae236f200ba601d7b03672855e0cc
7f5996c22fc09bf3ef02e07473b5677fe8fcc436caffacd309cb9ce46224a9e4
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8c3f75f1c8b6cfe144642e31e2d91c8533cd096c47acde5f008e23beb4309c82
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8df9e9875419d2c0d1bc8af23e63949a7e20b1ff5cd2f57c7958fc65a7be8b56
8e73254d45a18bc32ccda3defcb07cda6af6bea0c5e8ab47c731e40d75bd3540
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
915892286261cfb27f96e384465af2d7d3228755edc40f905e24bd7e863f1914
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
92c28caf716dcb8275dbd150d27e3ae97267a4aeef2c3a392ee92566c8ba96e3
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
96f725ed7fedea70ca3eab2240f3066a4c9e9a50c9bd64ed4e5bd44a15c26c88
974f64bede7bfa0bbd7ebbeb0c6123ea1551023c2f01b3407bc6c24e542f8465
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
99245d294adef742fb20f1c7bbb85e6875eb9c4fbbf8679d27ae3077c36ec49b
9c6e693f5a8ab14c75e1727f85f25d6f93ad8ee3f20ffd6ed8ce7dc59714d65b
9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552
a081e6f3dcf031f6f4b433dddf1fa6d72bff9dbd3eb26e0f93563fc5e574add1
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a687e75c399fb4ce1187ebf92ab22e67e92a7e7a04d0a7b60cca3ff783253494
a8b68b46f44aac34f59d2926e8db6bdae4bc3b7fe3aad60948e97f428b087531
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aaaab2d5cf4cdfc000b09bf6acf2c67c4cbfeb1e2340e813e4c3aa7d52a57d2b
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
b02a020f88f0cd42fad80078f958d9a87a2f83cee756d5fb426a40bc9823da92
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b7a844157618dbe790cbedcccdff04d38e10fdbdd18121628786a1bec190cc2a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc7d55efb29058bd29d42a38d2a8f5fe19599455dcb31df5f2e69345c2c8197c
bf055e03c860dd88d9d4017203050548dc930d6b78749b07320c9b08f3625071
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
c19d35d3ab541478af2ee769d2a306f12cd47c94ecfb3dbc5c319218cf6d369b
c2e9dc315ccf9b656532bb301cb0b15a5f4a202e7cdb2985ed7d7a86f8d6a6c5
c31826b9b61e051e0f0c582d9963e9f7835ec7249ed88cc651ce10b349496b8c
c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20
c6e95c4f1ac50221827cfd2badd2254ad7bc79c39ff9e443e9a17606209c1aa9
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
cef923d56729944b2ae70b4e78b864efbb81a1db323d25882483aa8d935f9528
d40187484a91e4994e80ab979ada052981a741330139099a74b5bb3fbda50068
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
e3737cc343524433d59bc1654afbddd4ef5036667f946f9b432e1b9e472d5a28
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c22ad8e48cc2101b5b14fa17155caf3714d090196dce703b0ee6e291d5dabf
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e7c8e3f79bd1538a46192ed7d9ca48dce346fa123a5d2afcf0a89360d6ff7fa9
e9114bcdf58288f505b10d8be4724e263c87aaa20209e60ba634596c11532bb4
e92913c2b11fc1e9e7c4f84628362d1c9660e7f7e88904d124c9ebbbef9d4e48
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
ee66778dba8431b64c285bbfcc94d437a298b46e129512f2371e3c7d13a2bcd6
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f240d168f09529050ef0c7c0d9671b2abc64cee20ad664d92017a26aea2e7924
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55
f4e9bc12337e6a1bf38d5cdfbafb303695e79c234f151bca5af2233a53522bed
f89ecfe895e92414e7dc009d8c1eb6c3a642307fa86f9c8ff2f498368ae73df6
f8e5f5ce9ff44073cff24bcd3d2b8aa4e67b67891b14ff929fe4743880fdf82e
f954e6a3c784eed56f87f44a068e3755d1848a03a3e3739e95b14e771b0e6d6c
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fcd4a4b678043c52039f029de8f292610e4e96da12c1d8e38f5482eee9a6dbb8