urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
204.2.133.49  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cosmeticscriminal.ca/
Effective URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On December 16 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 72 IPs in 3 countries across 52 domains to perform 246 HTTP transactions. The main IP is 204.2.133.49, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 72365.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 11th 2024. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 204.2.133.238 393259 (YOTTAA-AS-1)
1 26 204.2.133.49 393259 (YOTTAA-AS-1)
1 4 151.101.194.133 54113 (FASTLY)
3 2600:1408:c40... 20940 (AKAMAI-AS...)
2 162.159.128.61 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 16 2600:1408:c40... 20940 (AKAMAI-AS...)
1 2a04:4e42::649 54113 (FASTLY)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2600:1408:c40... 20940 (AKAMAI-AS...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:28a... 16509 (AMAZON-02)
6 2607:f8b0:400... 15169 (GOOGLE)
2 172.67.74.152 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
8 104.18.38.107 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2600:9000:27c... 16509 (AMAZON-02)
1 5 142.251.179.147 15169 (GOOGLE)
1 2600:9000:230... 16509 (AMAZON-02)
8 18.160.18.41 16509 (AMAZON-02)
1 2600:9000:247... 16509 (AMAZON-02)
1 1 52.70.202.166 14618 (AMAZON-AES)
1 13.249.39.52 16509 (AMAZON-02)
1 2 68.67.160.132 29990 (ASN-APPNEX)
4 4 15.197.193.217 16509 (AMAZON-02)
2 2 142.251.163.155 15169 (GOOGLE)
1 1 68.67.160.184 29990 (ASN-APPNEX)
1 1 69.173.146.5 26667 (RUBICONPR...)
1 2 104.18.27.193 13335 (CLOUDFLAR...)
1 99.83.184.193 16509 (AMAZON-02)
1 34.102.147.248 396982 (GOOGLE-CL...)
4 151.101.129.21 54113 (FASTLY)
1 23.9.177.190 16625 (AKAMAI-AS)
6 104.18.9.17 13335 (CLOUDFLAR...)
1 3.167.88.57 16509 (AMAZON-02)
2 2600:1408:c40... 20940 (AKAMAI-AS...)
2 31.13.66.19 32934 (FACEBOOK)
2 2a04:4e42::396 54113 (FASTLY)
3 2620:1ec:33:1... 8075 (MICROSOFT...)
14 23.212.249.23 20940 (AKAMAI-AS...)
2 2600:9000:27c... 16509 (AMAZON-02)
1 34.120.253.250 396982 (GOOGLE-CL...)
5 34.49.124.132 396982 (GOOGLE-CL...)
2 64.233.180.149 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
4 142.251.111.94 15169 (GOOGLE)
1 151.101.129.140 54113 (FASTLY)
1 151.101.65.140 54113 (FASTLY)
1 151.101.1.21 54113 (FASTLY)
2 4 172.253.122.149 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 34.98.67.3 396982 (GOOGLE-CL...)
1 3.213.38.112 14618 (AMAZON-AES)
2 31.13.66.35 32934 (FACEBOOK)
3 151.101.3.1 54113 (FASTLY)
2 2606:4700::68... 13335 (CLOUDFLAR...)
5 173.222.169.165 16625 (AKAMAI-AS)
15 34.98.72.95 396982 (GOOGLE-CL...)
2 192.229.210.155 15133 (EDGECAST)
1 34.98.106.171 396982 (GOOGLE-CL...)
1 35.190.20.211 15169 (GOOGLE)
1 35.227.248.175 396982 (GOOGLE-CL...)
1 216.239.38.181 15169 (GOOGLE)
2 3.162.103.75 16509 (AMAZON-02)
1 151.101.64.84 54113 (FASTLY)
1 1 172.253.122.155 15169 (GOOGLE)
1 1 172.253.63.154 15169 (GOOGLE)
2 108.138.64.85 16509 (AMAZON-02)
3 18.205.99.155 14618 (AMAZON-AES)
4 18.214.145.44 14618 (AMAZON-AES)
13 192.225.157.157 30286 (THM)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
1 52.208.170.225 16509 (AMAZON-02)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
2 34.149.130.207 396982 (GOOGLE-CL...)
1 2600:1901:0:5... 396982 (GOOGLE-CL...)
7 34.111.8.32 396982 (GOOGLE-CL...)
246 72
1    204.2.133.238 (United States)

ASN393259 (YOTTAA-AS-1, US)
cosmeticscriminal.ca
26    204.2.133.49 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
4    151.101.194.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
3    2600:1408:c400:13::17d4:f8cb (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
elfcosmetics.a.bigcontent.io
2    162.159.128.61 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
1    2607:f8b0:4004:c21::5d (Washington, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
16    2600:1408:c400:e::17cd:6a1a (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
cdn.media.amplience.net
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
3    2607:f8b0:4004:c09::88 (Washington, United States)

ASN15169 (GOOGLE, US)
www.youtube.com
2    2600:1408:c400:1f::17d4:fbcc (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
cdn.static.amplience.net
12    2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
3    2600:9000:28a9:9800:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
6    2607:f8b0:4004:c09::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    172.67.74.152 (United States)

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
2    2606:4700:3036::6815:1b98 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
8    104.18.38.107 (None, )

ASN13335 (CLOUDFLARENET, US)
sdk.iad-05.braze.com
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    2600:9000:27c2:8200:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
5    142.251.179.147 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f147.1e100.net
www.google.com
1    2600:9000:2305:3a00:1c:df99:ffc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rcom.dynamicyield.com
8    18.160.18.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-18-41.iad12.r.cloudfront.net
async-px.dynamicyield.com
1    2600:9000:2479:6000:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
1    52.70.202.166 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-202-166.compute-1.amazonaws.com
pixel.pointmediatracker.com
1    13.249.39.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-52.iad89.r.cloudfront.net
cdn.blisspointmedia.com
2    68.67.160.132 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
4    15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
2    142.251.163.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f155.1e100.net
cm.g.doubleclick.net
1    68.67.160.184 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
1    69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    104.18.27.193 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    99.83.184.193 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0540a066b92ce4ca.awsglobalaccelerator.com
qoe-1.yottaa.net
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
4    151.101.129.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    23.9.177.190 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-9-177-190.deploy.static.akamaitechnologies.com
static.ordergroove.com
6    104.18.9.17 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn8.eu.inside.chat
www8.eu.inside.chat
1    3.167.88.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-88-57.iad55.r.cloudfront.net
t.contentsquare.net
2    2600:1408:c400:382::1931 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
s.pinimg.com
2    31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net
connect.facebook.net
2    2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
14    23.212.249.23 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-212-249-23.deploy.static.akamaitechnologies.com
analytics.tiktok.com
2    2600:9000:27c2:4a00:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
1    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
5    34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com
sgtm.elfcosmetics.com
2    64.233.180.149 (United States)

ASN15169 (GOOGLE, US)
PTR: on-in-f149.1e100.net
ad.doubleclick.net
2    2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
2    2607:f8b0:4004:c0b::9c (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
4    142.251.111.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f94.1e100.net
www.google.ca
1    151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
1    151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
alb.reddit.com
1    151.101.1.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
4    172.253.122.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f149.1e100.net
10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
1    2607:f8b0:4004:c09::5e (Washington, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
1    3.213.38.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-38-112.compute-1.amazonaws.com
external-api.jebbit.com
2    31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com
www.facebook.com
3    151.101.3.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
t.paypal.com
2    2606:4700::6812:811 (United States)

ASN13335 (CLOUDFLARENET, US)
www8.eu.inside.chat
5    173.222.169.165 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a173-222-169-165.deploy.static.akamaitechnologies.com
ct.pinterest.com
15    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
2    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
1    34.98.106.171 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 171.106.98.34.bc.googleusercontent.com
data.cdnbasket.net
1    35.190.20.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.20.190.35.bc.googleusercontent.com
page.cdnbasket.net
1    35.227.248.175 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 175.248.227.35.bc.googleusercontent.com
view.cdnbasket.net
1    216.239.38.181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
2    3.162.103.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-103-75.iad61.r.cloudfront.net
cdn.us.heap-api.com
1    151.101.64.84 (San Francisco, United States)

ASN54113 (FASTLY, US)
ct.pinterest.com
1    172.253.122.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f155.1e100.net
www.googleadservices.com
1    172.253.63.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f154.1e100.net
googleads.g.doubleclick.net
2    108.138.64.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-64-85.iad12.r.cloudfront.net
cdn-scripts.signifyd.com
3    18.205.99.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-99-155.compute-1.amazonaws.com
c.contentsquare.net
4    18.214.145.44 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-145-44.compute-1.amazonaws.com
c.us.heap-api.com
13    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
1    52.208.170.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-170-225.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
2    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
h64.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aa5n6mkspifita3hfskautk64megamdpff6042f88ccad5596fsac.d.aa.online-metrix.net
2    34.149.130.207 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
ids.cdnwidget.com
7    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
Apex Domain
Subdomains		 Transfer
31 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 72365
sgtm.elfcosmetics.com — Cisco Umbrella Rank: 164582
703 KB
18 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 12022
cdn.static.amplience.net — Cisco Umbrella Rank: 44218
6 MB
16 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 2528
api.bounceexchange.com — Cisco Umbrella Rank: 2892
325 KB
15 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 8305
imgs.signifyd.com — Cisco Umbrella Rank: 6976
77 KB
14 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 799
244 KB
13 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 8471
st.dynamicyield.com — Cisco Umbrella Rank: 7736
rcom.dynamicyield.com — Cisco Umbrella Rank: 8193
async-px.dynamicyield.com — Cisco Umbrella Rank: 8200
254 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 329
188 KB
11 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 284
ad.doubleclick.net — Cisco Umbrella Rank: 145
stats.g.doubleclick.net — Cisco Umbrella Rank: 135
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 228413
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 228654
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
4 KB
8 inside.chat
cdn8.eu.inside.chat — Cisco Umbrella Rank: 169444
www8.eu.inside.chat — Cisco Umbrella Rank: 219679
124 KB
8 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3003
t.paypal.com — Cisco Umbrella Rank: 3701
128 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 142
1 KB
8 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 2839
2 KB
6 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 2435
681 B
6 heap-api.com
cdn.us.heap-api.com — Cisco Umbrella Rank: 13696
c.us.heap-api.com — Cisco Umbrella Rank: 11180
77 KB
6 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 953
4 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
551 KB
5 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 3248
c.contentsquare.net — Cisco Umbrella Rank: 4183
srm.ba.contentsquare.net — Cisco Umbrella Rank: 17164
91 KB
5 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 36667 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 11187
1 MB
4 google.ca
www.google.ca — Cisco Umbrella Rank: 11557
253 B
4 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 960
match.adsrvr.org — Cisco Umbrella Rank: 377
3 KB
4 youtube.com
www.youtube.com — Cisco Umbrella Rank: 79
13 KB
3 cdnwidget.com
pd.cdnwidget.com — Cisco Umbrella Rank: 3926
ids.cdnwidget.com — Cisco Umbrella Rank: 4081
idr.cdnwidget.com — Cisco Umbrella Rank: 6194
1 KB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 2565
h64.online-metrix.net — Cisco Umbrella Rank: 2033
w2txo5aa5n6mkspifita3hfskautk64megamdpff6042f88ccad5596fsac.d.aa.online-metrix.net
837 B
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 5144
page.cdnbasket.net — Cisco Umbrella Rank: 5151
view.cdnbasket.net — Cisco Umbrella Rank: 5149
1014 B
3 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 43163
external-api.jebbit.com — Cisco Umbrella Rank: 43760
61 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 359
15 KB
3 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 495
ib.adnxs.com — Cisco Umbrella Rank: 281
3 KB
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 142112
9 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 476
837 B
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2811
16 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
214 B
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 9852
tags.rd.linksynergy.com — Cisco Umbrella Rank: 5905
698 B
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 2010
alb.reddit.com — Cisco Umbrella Rank: 1418
761 B
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1095
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
77 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 1065
25 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 607
1 KB
2 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1331
8 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2001
548 B
2 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 2102
12 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 96
23 B
1 gstatic.com
www.gstatic.com
548 KB
1 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 3897
6 KB
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 26396
52 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 8119
15 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 419
2 KB
1 blisspointmedia.com
cdn.blisspointmedia.com — Cisco Umbrella Rank: 7547
1 KB
1 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 13817
451 B
1 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 9678
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 514
295 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 847
24 KB
1 cosmeticscriminal.ca
cosmeticscriminal.ca
2 KB
246 52
Domain Requested by
26 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
16 cdn.media.amplience.net 2 redirects www.elfcosmetics.com
15 assets.bounceexchange.com www.elfcosmetics.com
14 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
13 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
8 async-px.dynamicyield.com cdn.dynamicyield.com
8 sdk.iad-05.braze.com cdn-fsly.yottaa.net
6 events.bouncex.net
6 ct.pinterest.com s.pinimg.com
www.elfcosmetics.com
6 www.googletagmanager.com www.elfcosmetics.com
www.googletagmanager.com
5 sgtm.elfcosmetics.com www.googletagmanager.com
t.contentsquare.net
5 www.paypal.com www.elfcosmetics.com
www.paypal.com
5 www.google.com 1 redirects www.googletagmanager.com
www.elfcosmetics.com
cdn-fsly.yottaa.net
www.gstatic.com
4 c.us.heap-api.com cdn.us.heap-api.com
4 www8.eu.inside.chat cdn8.eu.inside.chat
t.contentsquare.net
4 www.google.ca
4 cdn8.eu.inside.chat www.elfcosmetics.com
4 www.youtube.com www.elfcosmetics.com
4 cdn-fsly.yottaa.net www.elfcosmetics.com
3 c.contentsquare.net
3 t.paypal.com
3 analytics.google.com www.googletagmanager.com
3 bat.bing.com www.elfcosmetics.com
3 match.adsrvr.org 3 redirects
3 cdn.dynamicyield.com www.elfcosmetics.com
3 elfcosmetics.a.bigcontent.io www.elfcosmetics.com
2 idsync.rlcdn.com 2 redirects
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 cdn.us.heap-api.com www.elfcosmetics.com
2 www.paypalobjects.com www.elfcosmetics.com
2 www.facebook.com
2 9231397.fls.doubleclick.net 1 redirects www.elfcosmetics.com
2 10742279.fls.doubleclick.net 1 redirects www.elfcosmetics.com
2 stats.g.doubleclick.net www.googletagmanager.com
2 ad.doubleclick.net
2 js.jebbit.com www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 dsum-sec.casalemedia.com 1 redirects
2 cm.g.doubleclick.net 2 redirects
2 secure.adnxs.com 1 redirects
2 use.fontawesome.com www.elfcosmetics.com
use.fontawesome.com
2 api.ipify.org cdn-fsly.yottaa.net
2 cdn.static.amplience.net www.elfcosmetics.com
2 player.vimeo.com www.elfcosmetics.com
1 idr.cdnwidget.com
1 api.bounceexchange.com www.elfcosmetics.com
1 ids.cdnwidget.com t.contentsquare.net
1 pd.cdnwidget.com t.contentsquare.net
1 w2txo5aa5n6mkspifita3hfskautk64megamdpff6042f88ccad5596fsac.d.aa.online-metrix.net
1 h64.online-metrix.net imgs.signifyd.com
1 h.online-metrix.net imgs.signifyd.com
1 srm.ba.contentsquare.net t.contentsquare.net
1 tags.rd.linksynergy.com
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 view.cdnbasket.net assets.bounceexchange.com
1 page.cdnbasket.net assets.bounceexchange.com
1 data.cdnbasket.net assets.bounceexchange.com
1 external-api.jebbit.com js.jebbit.com
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 www.gstatic.com www.elfcosmetics.com
1 alb.reddit.com
1 pixel-config.reddit.com www.redditstatic.com
1 tag.wknd.ai www.elfcosmetics.com
1 t.contentsquare.net www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 pixel.rubiconproject.com 1 redirects
1 ib.adnxs.com 1 redirects
1 insight.adsrvr.org 1 redirects
1 cdn.blisspointmedia.com
1 pixel.pointmediatracker.com 1 redirects
1 js.cnnx.link www.googletagmanager.com
1 rcom.dynamicyield.com cdn.dynamicyield.com
1 st.dynamicyield.com www.elfcosmetics.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 code.jquery.com www.elfcosmetics.com
1 cosmeticscriminal.ca 1 redirects
246 82
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2024-10-11 -
2025-11-11		 a year crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2024-06-13 -
2025-05-03		 a year crt.sh
vimeo.com
WE1		 2024-11-23 -
2025-02-21		 3 months crt.sh
*.google.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-05 -
2025-08-14		 a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2024-09-05 -
2025-10-07		 a year crt.sh
cookielaw.org
WE1		 2024-12-09 -
2025-03-09		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M03		 2024-08-18 -
2025-09-16		 a year crt.sh
*.google-analytics.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
ipify.org
WE1		 2024-11-13 -
2025-02-11		 3 months crt.sh
use.fontawesome.com
WE1		 2024-11-07 -
2025-02-06		 3 months crt.sh
sdk.iad-05.braze.com
WE1		 2024-12-11 -
2025-03-11		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-12-09 -
2025-03-09		 3 months crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2024-06-09 -
2025-07-08		 a year crt.sh
tag.rmp.rakuten.com
WR3		 2024-11-24 -
2025-02-22		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2024-08-09 -
2025-08-20		 a year crt.sh
eu.inside.chat
WE1		 2024-11-26 -
2025-02-24		 3 months crt.sh
t.contentsquare.net
Amazon RSA 2048 M03		 2024-08-13 -
2025-09-10		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-02 -
2025-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-09-24 -
2024-12-23		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-10-06 -
2025-04-03		 6 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 08		 2024-12-15 -
2025-06-13		 6 months crt.sh
*.tiktok.com
RapidSSL TLS ECC CA G1		 2024-07-15 -
2025-07-15		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M02		 2024-04-23 -
2025-05-21		 a year crt.sh
tag.wknd.ai
R10		 2024-11-14 -
2025-02-12		 3 months crt.sh
sgtm.elfcosmetics.com
WR3		 2024-11-05 -
2025-02-03		 3 months crt.sh
*.doubleclick.net
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.google.ca
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-10-13 -
2025-04-11		 6 months crt.sh
*.gstatic.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2024-01-23 -
2025-01-22		 a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2025-06-20		 a year crt.sh
assets.bounceexchange.com
WR3		 2024-11-10 -
2025-02-08		 3 months crt.sh
data.cdnbasket.net
WR3		 2024-10-28 -
2025-01-26		 3 months crt.sh
page.cdnbasket.net
WR3		 2024-11-06 -
2025-02-04		 3 months crt.sh
view.cdnbasket.net
WR3		 2024-11-05 -
2025-02-03		 3 months crt.sh
cdn.us.heap-api.com
Amazon RSA 2048 M02		 2024-10-10 -
2025-11-08		 a year crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M02		 2024-06-02 -
2025-06-30		 a year crt.sh
dep.bf.contentsquare.net
R11		 2024-10-30 -
2025-01-28		 3 months crt.sh
c.us.heap-api.com
Amazon RSA 2048 M03		 2024-02-01 -
2025-03-02		 a year crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2024-11-13 -
2025-12-15		 a year crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M03		 2024-10-08 -
2025-11-07		 a year crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-09-19 -
2025-10-20		 a year crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-09-19 -
2025-10-20		 a year crt.sh
pd.cdnwidget.com
R11		 2024-11-07 -
2025-02-05		 3 months crt.sh
ids.cdnwidget.com
R10		 2024-11-07 -
2025-02-05		 3 months crt.sh
*.wunderkind.co
R11		 2024-11-29 -
2025-02-27		 3 months crt.sh
idr.cdnwidget.com
R11		 2024-11-07 -
2025-02-05		 3 months crt.sh

This page contains 16 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: 0DEFE58E28B930DC3EF57308899F892F
Requests: 216 HTTP requests in this frame

Frame: https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Frame ID: 9B8311CBAE7CC368416A43006625AA87
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: 1C0C8A97B1F6E8769384BA1B97A9519A
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.elfcosmetics.com
Frame ID: 163ACEB9E99056D221F250456185DFB2
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.65.2&integrationType=SDK
Frame ID: 428B870F6638CFF4A649DD710FFE15BA
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ2Y6cjArIoDFXUUiAkd57MPuQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1753382854;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 435957E249C16ACCA98DE1C621B9423B
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CIX57MjArIoDFd81iAkdyhQXGg;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1433585259;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 520D87078752977D7DC52EADF6CC5EA5
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: CF7BC874F51AF676C47F0B792A350B23
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 918B9AAFCDF3BF23D51915082557D46E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu&co=aHR0cHM6Ly93d3cuZWxmY29zbWV0aWNzLmNvbTo0NDM.&hl=en&type=image&v=pPK749sccDmVW_9DSeTMVvh2&theme=light&size=invisible&badge=bottomright&cb=7hmg46cjbdps
Frame ID: 8CF1ED6B9372A7B563A6F4EAD89041EB
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=pPK749sccDmVW_9DSeTMVvh2&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu
Frame ID: 189B58A2753CD0D4F30346351B2EAEF6
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Frame ID: DAD0565A64E55CAA9662243B2AEDFECC
Requests: 12 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 145177019AFBE771346F8662786E2227
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/lad22hzpvIjVI-w-?c675294c535acde8=KQmxnKapzgR5SgXlxzE6mYR8Fa-w0WCg2YWiYzgQFn2vIo_lBq9ECJvvafCoBrz580LPq4QavZFF23ukeON9VpIlRqChfIFf0Xy5YbItSmX5TY9G1DkzOiGaeqj3-HC5xQiBiT_9jf0lV5yvfR8bxu-FP_afgYVaEQxlnVlHTumuLxQ76RYjWNuwVfM_TpRh5A7VHeAXwXajfba5qEzGSvLDqh_h8A
Frame ID: FFACF3E5547DD15368CA60CE1F00C8B0
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/FRyF2cFag09IJbJq?2ecacce74a818b99=wNcyTTOcA_ZG6AM9KWKTbsczH7WcmuI9ualA34adc1rPxim8J2diX3VgkZYPt2bFV6oK7a1XskwJSMjeSmdGYymC7X6wRC0rMx1aYuwk1l_2kkouHgWIc1X6Mwnv4Y9cZO7zcGmQ-IYIqtlPyBUWgGkUmKD5uYjXpQJBcWN2sBm6yYRkHCwHdZP1YzCCeKQz2TrSN0oeV-3CuCT6VDFYM3MOsEXD6eM
Frame ID: 289463A99DDEB08DB8F6041A61343713
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/ECMSzhUVL4rL07xv?03914f92ad4d450b=6gw6GR6tw1QtKGaLATYd5NHrUqHonxXHW_KqGEWI8bHyZByiJqdWhFz0yMr49x9Cwrn9svpuBSfD5b2MUDYPLKsZvdI9MFZyRZTCY5QV1--gOW160KRga90S-FBKYILhwCYCLdjscTFRGSNC8LBuk7qkul0d3HJxv5kB5n6KaL-GwY7ZKqNY5kXeJDQSczayLwouw-A2A0CZ8r1KhMChQlxLuL4KAlE
Frame ID: 217A58523519B5E884D924352FA8A1F6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

  1. https://cosmeticscriminal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /demandware\.static/
Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

246
Requests

95 %
HTTPS

29 %
IPv6

52
Domains

82
Subdomains

72
IPs

3
Countries

11567 kB
Transfer

23741 kB
Size

92
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticscriminal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ HTTP 301
  • https://www.elfcosmetics.com/en_CA
Request Chain 21
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 22
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 39
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=xZGUizHUarAOLD9azapj1rrUjn3Uq3L8oL_HSzzZ_po HTTP 303
  • https://www.elfcosmetics.com/callback?usid=c440adee-65e1-4cbd-9a23-0289660bc974&code=jv94YOUIg8FOlza0sNnJvEVoMLfI__Qw4UTCScenQxw
Request Chain 77
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=68297b2d-beea-451a-96e4-79cf876a9f9f&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=297552782 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 78
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 79
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NzAxMzA2ZGQtMTE4Yi00MWRhLWE3ZjctODM1ZjgyNmMyOTEx&gdpr=0&gdpr_consent=&ttd_tdid=701306dd-118b-41da-a7f7-835f826c2911 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&google_hm=NzAxMzA2ZGQtMTE4Yi00MWRhLWE3ZjctODM1ZjgyNmMyOTEx&gdpr=0&gdpr_consent=&ttd_tdid=701306dd-118b-41da-a7f7-835f826c2911&google_tc= HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=701306dd-118b-41da-a7f7-835f826c2911&google_gid=CAESEKTC9nmDI4nXt_s4ob-sHS8&google_cver=1 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=701306dd-118b-41da-a7f7-835f826c2911 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4886300268077266109&ttd_tdid=701306dd-118b-41da-a7f7-835f826c2911 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=701306dd-118b-41da-a7f7-835f826c2911&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=701306dd-118b-41da-a7f7-835f826c2911&expiration=1736951486&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=701306dd-118b-41da-a7f7-835f826c2911&expiration=1736951486&gdpr=0&gdpr_consent=&C=1
Request Chain 124
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1753382854;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ2Y6cjArIoDFXUUiAkd57MPuQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1753382854;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 125
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1433585259;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CIX57MjArIoDFd81iAkdyhQXGg;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1433585259;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 189
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=693843137&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1610136199.1734359484&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1229160044&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1610136199.1734359484&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&eitems=ChAIgLz_ugYQhsK70YnlyZZCEh0ADbz98xvuf_k_pWMM6rNr2xInDff2TRwp92e9Tg&pscrd=IhMIh-nxycCsigMVLQqICR2LMzstMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdMel91Z1lRaFBPNzY0TFd4czFVRWkwQVNsYmZQMHVIQV9YbHM2c0hFMWF5WFJ0YlZ5M3NxSm9Cb0hER1h2NDRBWnNPemJUQk9iYkVCc2V3UWtR HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1229160044&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1610136199.1734359484&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIh-nxycCsigMVLQqICR2LMzstMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdMel91Z1lRaFBPNzY0TFd4czFVRWkwQVNsYmZQMHVIQV9YbHM2c0hFMWF5WFJ0YlZ5M3NxSm9Cb0hER1h2NDRBWnNPemJUQk9iYkVCc2V3UWtR&is_vtc=1&cid=CAQSKQCa7L7du2VfrMF7pbWEWvefhFJ-9FxI9bwjIXisc25s_2X_QIZrQh34&eitems=ChAIgLz_ugYQhsK70YnlyZZCEh0ADbz98zT0UuCpoI64JQlEQ7HXc69sW-6gulBUrQ&random=2904600337 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1229160044&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1610136199.1734359484&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIh-nxycCsigMVLQqICR2LMzstMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdMel91Z1lRaFBPNzY0TFd4czFVRWkwQVNsYmZQMHVIQV9YbHM2c0hFMWF5WFJ0YlZ5M3NxSm9Cb0hER1h2NDRBWnNPemJUQk9iYkVCc2V3UWtR&is_vtc=1&cid=CAQSKQCa7L7du2VfrMF7pbWEWvefhFJ-9FxI9bwjIXisc25s_2X_QIZrQh34&eitems=ChAIgLz_ugYQhsK70YnlyZZCEh0ADbz98zT0UuCpoI64JQlEQ7HXc69sW-6gulBUrQ&random=2904600337&ipr=y
Request Chain 210
  • https://idsync.rlcdn.com/458359.gif?partner_uid=5273e0f7-6387-4c43-89b3-8d69ad5fc2f0 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDUyNzNlMGY3LTYzODctNGM0My04OWIzLThkNjlhZDVmYzJmMBAAGg0Iw_OAuwYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=7325a8626ff4d8cb8101083bc33f4a41a57f9ffaba21686e3c07943c712794ef6ac34734d8e453ee

246 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/en_CA/
Redirect Chain
  • https://cosmeticscriminal.ca/
  • https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
1009 KB
250 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f0edb4a37158b523856d03b9219f18d1e7235d7e546452808aa15a91d9edf8c3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
255010
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 14:31:19 GMT
etag
W/"df36b-IgEKpuPyL5aqfudgV5rPNrxeIQ8"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 968842023e92f9868a60ec906f146c2c.cloudfront.net (CloudFront)
x-amz-apigw-id
C430lHucCYcEETQ=
x-amz-cf-id
wZZ1Lpxh_FXWrb6vlY_N6VPIECuFODKVSKh3lr42yKo5tB_QZpCxtg==
x-amz-cf-pop
SFO53-P2
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
914283
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:19 GMT
x-amzn-requestid
f46db180-fe44-465e-a519-63661f6be2a5
x-amzn-trace-id
Root=1-676039b6-467979c131d40e0230caf215;Parent=082b5bf580bbd260;Sampled=0;Lineage=1:2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
2521cc028a8f/[1440,1374,-] 25D1cc028531/[-,1495.625]
x-yottaa-optimizations
ob/1000000100001000 si/25D1cc028531-1733930865-6327513298 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 14:31:18 GMT
location
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658f1dead931403bb4ae3e88 rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
25D1cc0285ee/[-,0.160]
x-yottaa-optimizations
ob/0 si/25D1cc0285ee-1733930864-7259362301 tts/1734359478096 ti/0 ai/658f1dead931403bb4ae3e88
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ 		0
0
en_CA
www.elfcosmetics.com/
Redirect Chain
  • https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/
  • https://www.elfcosmetics.com/en_CA
258 KB
258 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/en_CA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amzn-remapped-content-length
935377
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"e45d1-Gn6fB9gwbb/7aSRH/FdStblTMEM"
age
0
x-amzn-requestid
fc5ac6f4-9dcc-493d-a12d-f30ecca1d659
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
PeDGxJ4KNQRzN9Uq7vbqD21_e4vEvHnfJNHx1H5yAGbGHRYiMjk3cw==
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000000100001000 si/25D1cc028531-1733930865-6327513313 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
cache-control
public, must-revalidate, s-maxage=900
x-amz-apigw-id
C4307H3wiYcEkJA=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:21 GMT
x-amzn-trace-id
Root=1-676039b8-735667df25270e2a4aeca233;Parent=0a7bd0745e8087c3;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 922f380ce54182257be92d6c0111acb4.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028a8d/[1163,1089,-] 25D1cc028531/[-,1204.529]
access-control-allow-origin
*
content-length
254992
x-amz-cf-pop
SFO53-P2

Redirect headers

x-amzn-remapped-content-length
0
x-amzn-remapped-connection
close
age
39
x-amzn-requestid
06f88d70-8fb5-4c21-9001-9d66c6137128
x-cache
Miss from cloudfront, HIT
x-amz-cf-id
TGTJT-X-Ny0cwNEdT4cDYfKJ2AkY0PXxDO60WjU30lSOy8AHzXD1PQ==
date
Mon, 16 Dec 2024 14:31:20 GMT
content-type
application/json
x-served-by
cache-yul1970072-YUL
x-cache-hits
1
x-yottaa-optimizations
ob/1000 si/3211a5fec6eb-1730389937-215384456 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
location
https://www.elfcosmetics.com/en_CA
x-amz-apigw-id
C43usF2biYcEQjw=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:30:40 GMT
x-timer
S1734359480.455045,VS0,VE1
x-amzn-trace-id
Root=1-67603990-2595cd1b1342604c51ccc273;Parent=03e84ad89d68474e;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront), 1.1 varnish
x-yottaa-metrics
3221cc02d141/[222,217,-] 3211a5fec6eb/[-,224.946]
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-amz-cf-pop
DFW57-P1
server
CloudFront
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ 		0
0
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ 		0
0
Icon-BeautySquad-Logo-png
elfcosmetics.a.bigcontent.io/v1/static/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/Icon-BeautySquad-Logo-png?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:13::17d4:f8cb Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
359722b660d0b4a5afb34561728a3918b96bdccf3a3cddc4291ee4cd15f65c3f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-server-side-encryption
AES256
cache-control
max-age=1800, s-maxage=86400
x-amz-version-id
null
access-control-allow-methods
POST, GET, OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
content-length
6783
date
Mon, 16 Dec 2024 14:31:21 GMT
x-amp-srv
A
content-type
image/png
server
Unknown
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:13::17d4:f8cb Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cache-control
max-age=1800, s-maxage=86400
content-encoding
gzip
x-amz-version-id
null
access-control-allow-methods
POST, GET, OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
content-length
996
date
Mon, 16 Dec 2024 14:31:21 GMT
x-amp-srv
A
content-type
image/svg+xml
vary
Accept-Encoding
server
Unknown
x-amz-server-side-encryption
AES256
icon-noun-family-7026571-min
elfcosmetics.a.bigcontent.io/v1/static/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-family-7026571-min?%24Desktop%24=&fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:13::17d4:f8cb Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
c31826b9b61e051e0f0c582d9963e9f7835ec7249ed88cc651ce10b349496b8c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cache-control
max-age=1800, s-maxage=86400
content-encoding
gzip
x-amz-version-id
null
access-control-allow-methods
POST, GET, OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
content-length
1021
date
Mon, 16 Dec 2024 14:31:21 GMT
x-amp-srv
A
content-type
image/svg+xml
vary
Accept-Encoding
server
Unknown
x-amz-server-side-encryption
AES256
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.elfcosmetics.com
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.elfcosmetics.com
Referer

Response headers

Content-Type
application/font-woff2;charset=utf-8
985935623
player.vimeo.com/video/ Frame 9B83 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.61 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://browser-intake-datadoghq.com https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm.vhx.com/v2/fairplay/cert https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://browser-intake-datadoghq.com https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://player-telemetry.vimeo.com https://lensflare.vimeo.com https://arclight.vimeo.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

CF-Cache-Status
DYNAMIC
CF-Ray
8f2f6062686aac4e-YYZ
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 16 Dec 2024 14:31:20 GMT
Expires
Fri, 15 Dec 1985 19:30:00 GMT
Link
<https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin, <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin
Server
cloudflare
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Origin, Referer, Accept-Encoding
Via
1.1 varnish
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://browser-intake-datadoghq.com https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm.vhx.com/v2/fairplay/cert https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://browser-intake-datadoghq.com https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://player-telemetry.vimeo.com https://lensflare.vimeo.com https://arclight.vimeo.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*; worker-src blob:
x-backend-server
player-backend-edge-entry
x-bapp-server
player-backend-6cc6958998-4lrj9
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-host
player-backend-6cc6958998-4lrj9
x-player-backend
g
x-served-by
cache-yyz4549-YYZ
x-timer
S1734359481.717949,VS0,VE212
x-xss-protection
1; mode=block
rZPCKoUReO0
www.youtube.com/embed/ Frame 1C0C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c21::5d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 14:31:20 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
nU9rS6HdH,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-source-width
3199
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/jpeg
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
BQh7zLQ6pw
x-amp-source-height
1249
accept-ranges
bytes
access-control-allow-origin
*
content-length
644728
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
110n0_Q9x,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-source-width
800
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/png
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
xpDdge-AAA
x-amp-source-height
340
accept-ranges
bytes
access-control-allow-origin
*
content-length
209440
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
dzuRcJgVR,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-amp-source-width
3080
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/png
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
u2id8B0nNj
x-amp-source-height
1484
accept-ranges
bytes
access-control-allow-origin
*
content-length
2085695
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
YolDlxHo9,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-amp-source-width
2806
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/jpeg
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
N04rqeVf7Z
x-amp-source-height
1062
accept-ranges
bytes
access-control-allow-origin
*
content-length
338113
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
qJfRqE0Uh,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-amp-source-width
1952
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/jpeg
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
Y7MYETxCHc
x-amp-source-height
1108
accept-ranges
bytes
access-control-allow-origin
*
content-length
184181
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
YFs8LtPvK,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-amp-source-width
3200
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/png
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
RQNX0Kgr3p
x-amp-source-height
525
accept-ranges
bytes
access-control-allow-origin
*
content-length
628288
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
W/"28feccc0-11278"
age
4343001
x-cache
HIT, HIT
date
Mon, 16 Dec 2024 14:31:20 GMT
content-type
application/javascript; charset=utf-8
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits
14381, 8645
x-served-by
cache-lga21987-LGA, cache-yul1970042-YUL
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=604800
x-timer
S1734359480.493455,VS0,VE0
cross-origin-resource-policy
cross-origin
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
24036
server
nginx
player.js
player.vimeo.com/api/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.61 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
498a41eab15456686643b139ae2c289c961bb02da852aaad698540831d0e9bb5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Age
0
x-backend-server
player-backend-edge-entry
expires
Mon, 16 Dec 2024 10:01:20 GMT
x-player-backend
g
x-cache
MISS
Date
Mon, 16 Dec 2024 14:31:20 GMT
Content-Type
application/javascript;charset=utf-8
x-bapp-server
x-served-by
cache-yyz4581-YYZ
x-cache-hits
0
vary
Origin, Referer, Accept-Encoding
content-security-policy
default-src 'none'; style-src 'unsafe-inline'
Cache-Control
max-age=1800
x-timer
S1734359481.717840,VS0,VE53
Connection
keep-alive
via
1.1 varnish
CF-RAY
8f2f6062681daae6-YYZ
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
11437
Server
cloudflare
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8d1544bb47c74ef9a9b177a721c628aeff0be0f9f6a57b18769a7d67055c759
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
x-content-type-options
nosniff
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
expires
Mon, 16 Dec 2024 14:31:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
date
Mon, 16 Dec 2024 14:31:20 GMT
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
require-trusted-types-for 'script'
cache-control
private, max-age=0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
x-xss-protection
0
server
ESF
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2600:1408:c400:1f::17d4:fbcc Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
x-amp-route
ak-s1
etag
"dd3676819bd88a250c875a11e38c307d"
Content-Range
bytes 0-1060947/1060948
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
1060948
date
Mon, 16 Dec 2024 14:31:22 GMT
x-amp-srv
A
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
content-type
video/mp4
x-amz-server-side-encryption
AES256

Redirect headers

x-amp-srv
A
cache-control
max-age=1800, s-maxage=86400
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cache-tag
lchH0iHNe,l4p5bDg2e,bgWw7nQ29
x-content-type-options
nosniff
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
date
Mon, 16 Dec 2024 14:31:21 GMT
x-xss-protection
1; mode=block
content-type
text/html; charset=UTF-8
server
Unknown
x-frame-options
DENY
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2600:1408:c400:1f::17d4:fbcc Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
3000
x-amp-route
ak-s1
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
Content-Range
bytes 0-1262366/1262367
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
1262367
date
Mon, 16 Dec 2024 14:31:22 GMT
x-amp-srv
A
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
content-type
video/mp4
x-amz-server-side-encryption
AES256

Redirect headers

x-amp-srv
A
cache-control
max-age=1800, s-maxage=86400
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cache-tag
got5Gji_K,l4p5bDg2e,fH6Lo3_5e
x-content-type-options
nosniff
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
date
Mon, 16 Dec 2024 14:31:21 GMT
x-xss-protection
1; mode=block
content-type
text/html; charset=UTF-8
server
Unknown
x-frame-options
DENY
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/ 		2 MB
643 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
495b6c4a195f2e48f175b6e86696578e7716c3053ef82277f81290025eb7d5b1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
943936
content-encoding
gzip
age
1096557
x-cache
Hit from cloudfront, HIT
x-amz-cf-id
D7Cd5Wjb3pmhYW0Jiu15MdYM1ZqjOAtBHK-xEMqGev59CEw8AoJP8g==
date
Mon, 16 Dec 2024 14:31:20 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970048-YUL
x-cache-hits
1
x-yottaa-optimizations
ob/1100 si/2311cc8d59cf-1730225853-1592329611 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1734359481.571751,VS0,VE2
via
1.1 8db0da5790a86a83533944290a7dab9a.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12737
x-yottaa-metrics
23214047a14e/[32,-,1733262920266] 2311cc8d59cf/[-,392.071]
accept-ranges
bytes
access-control-allow-origin
*
content-length
657956
x-amz-cf-pop
PHL50-C1
server
AmazonS3
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/ 		2 MB
582 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1c2b78660856b99c7f32fc4318ce7bfc448adda9297018fd43e9ae63334ebe00

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
943936
content-encoding
gzip
age
581307
x-cache
Hit from cloudfront, HIT
x-amz-cf-id
ZN2CeU9P32y-w_-dlgOi146uk6-ugMd5saHiV6rkfuDM0QbdAyewlA==
date
Mon, 16 Dec 2024 14:31:20 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970048-YUL
x-cache-hits
1
x-yottaa-optimizations
ob/1001 si/33118cae0c63-1730319328-1570852286 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1734359481.571976,VS0,VE1
via
1.1 414783beeaeb2ca5f172ef001c407572.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12737
x-yottaa-metrics
33218cae0c7c/[41,12,-] 33118cae0c63/[hit]
accept-ranges
bytes
access-control-allow-origin
*
content-length
595082
x-amz-cf-pop
ATL58-P9
server
AmazonS3
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/pages-product-list-product-list-page.js?yocs=Z_14_1K_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a80b10ec0c44ff82a283f3d78f81623e15d8381656a111ad9211878700f89c2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-meta-deploy
943936
content-encoding
gzip
age
1096540
x-cache
Miss from cloudfront, HIT
x-amz-cf-id
lipLhewGs8FCRMBYMp2yxa0pjfHwIAe2JHdkUQGnw_l3aIJ2lcODVQ==
date
Mon, 16 Dec 2024 14:31:20 GMT
content-type
application/javascript; charset=utf8
x-served-by
cache-yul1970048-YUL
x-cache-hits
10
x-yottaa-optimizations
ob/1001 si/2311cc8d59cd-1730225859-417528635 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
vary
Accept-Encoding
x-yottaa-forcecache
true, true
cache-control
public, max-age=31104000
x-timer
S1734359481.571819,VS0,VE0
via
1.1 fadedfea448fa31cb8aba15ba1b05064.cloudfront.net (CloudFront), 1.1 varnish
x-amz-meta-bundle
12737
x-yottaa-metrics
23214047a149/[87,79,-] 2311cc8d59cd/[hit]
accept-ranges
bytes
access-control-allow-origin
*
content-length
14522
x-amz-cf-pop
PHL50-C1
server
AmazonS3
PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min
cdn.media.amplience.net/i/elfcosmetics/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_OLIVIA-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
aca990e4ea5c882dcfe05c1b6de93300cc4e0ed49fe61d511422b67c9953ec0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
ahdTsQ33S,l4p5bDg2e,5-jG4GMEO,WepA0szpz
x-amp-source-width
855
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/avif
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
259hN36SZx
x-amp-source-height
1303
accept-ranges
bytes
access-control-allow-origin
*
content-length
74677
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min
cdn.media.amplience.net/i/elfcosmetics/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_OFACE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
m8w5dPp2g,l4p5bDg2e,QvpKILV5P,DtzGFM5oJ
x-amp-source-width
2000
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/webp
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
XfJbemLkmx
x-amp-source-height
2000
accept-ranges
bytes
access-control-allow-origin
*
content-length
16698
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min
cdn.media.amplience.net/i/elfcosmetics/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_CHARLOTTE-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
bb378098ee9eb555df3b46abb37f65c770427b74147322c7707da6f623b28144
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
b8kTDztS3,l4p5bDg2e,h1qKNVnZ0,WepA0szpz
x-amp-source-width
862
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/avif
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
QiZ_06s1NM
x-amp-source-height
1324
accept-ranges
bytes
access-control-allow-origin
*
content-length
52893
x-amp-published
Thu, 21 Dec 2023 20:12:24 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min
cdn.media.amplience.net/i/elfcosmetics/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CAROUSEL_DESKTOP_3_PRODUCT_H20PROOF-min?fmt=auto
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
VHcIfmFGe,l4p5bDg2e,nb-u70u49,DtzGFM5oJ
x-amp-source-width
2400
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:21 GMT
content-type
image/webp
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
IQByxBB4Xu
x-amp-source-height
2400
accept-ranges
bytes
access-control-allow-origin
*
content-length
20738
x-amp-published
Thu, 21 Dec 2023 20:12:23 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50d93a2c186cbd1032ed973e133713a6dfbbd5f7fba4fb89069350f228ce4d81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
UzmBk0Ra4K9he+CwjGKb/g==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD1BF06242194D
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
31683
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:22 GMT
content-type
application/javascript
last-modified
Sat, 14 Dec 2024 03:35:41 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
8f37caf0-301e-00c3-53d9-4d1ac9000000
cf-ray
8f2f606ec8e7a2e1-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
7211
x-ms-blob-type
BlockBlob
server
cloudflare
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		521 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28a9:9800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
17a69af059441e3bf2dda19d5d28a0f95ab8d239db61d2c54a01a0c43124d598

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=30
content-encoding
gzip
etag
W/"2525a03d06edb9e7aa9a8a2e421c8cbe"
via
1.1 d0f0c12b84f2e6c0568fb45ff9f90b78.cloudfront.net (CloudFront)
x-cache
RefreshHit from cloudfront
x-amz-cf-id
RBpPywBJkEOVuET2vQdZ3U8oNbOAC5pILxWn2areZ8NxsHQObnzamQ==
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 16 Dec 2024 12:30:06 GMT
server
DYCDN
x-amz-cf-pop
IAD89-P3
x-amz-server-side-encryption
AES256
api_static.js
cdn.dynamicyield.com/api/8772046/ 		395 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28a9:9800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
5dc0d7bd68b30ae8330274f08b4f3424d474fa1f10bc1abfcceaa89901bb3c08

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=28800
content-encoding
gzip
etag
W/"34a902f7bd976cb13d0c3785dde3a9a4"
age
5666
via
1.1 d0f0c12b84f2e6c0568fb45ff9f90b78.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
dzF6Qda7Af22mNS2F3783DB-PKvxrXhSXayR_aUGAbB9MlN2HGWjkA==
date
Mon, 16 Dec 2024 12:56:57 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 12 Dec 2024 22:57:41 GMT
server
DYCDN
x-amz-cf-pop
IAD89-P3
x-amz-server-side-encryption
AES256
gtm.js
www.googletagmanager.com/ 		562 KB
146 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
572ddd2acf0e670af32546012da3e46055a0ff12b7a9454ccd275473cb2e7686
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Mon, 16 Dec 2024 14:31:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:22 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 16 Dec 2024 12:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
148747
x-xss-protection
0
server
Google Tag Manager
/
api.ipify.org/ 		24 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
DYNAMIC
cf-ray
8f2f606ecc52abc1-YYZ
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=22436&min_rtt=21985&rtt_var=3937&sent=7&recv=12&lost=0&retrans=0&sent_bytes=4049&recv_bytes=2208&delivery_rate=179159&cwnd=242&unsent_bytes=0&cid=6b520f2554515d63&ts=395&x=0"
content-length
24
date
Mon, 16 Dec 2024 14:31:22 GMT
content-type
application/json
vary
Origin
server
cloudflare
/
api.ipify.org/ 		24 B
229 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cf-cache-status
DYNAMIC
cf-ray
8f2f606f2ca8abc1-YYZ
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=26461&min_rtt=21985&rtt_var=9392&sent=9&recv=14&lost=0&retrans=0&sent_bytes=4434&recv_bytes=2269&delivery_rate=179159&cwnd=245&unsent_bytes=0&cid=6b520f2554515d63&ts=441&x=0"
content-length
24
date
Mon, 16 Dec 2024 14:31:22 GMT
content-type
application/json
vary
Origin
server
cloudflare
searchsession
www.elfcosmetics.com/api/en-ca/v2.0/ 		105 B
672 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-ca/v2.0/searchsession?locale=en-ca&profile_id=&session_id=
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
dae2962d0ad512373f5e70c5bd6b0a106ad88a7d00f6722d6dcdd46f196555c6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-x2cUsGggasDhH8lm5ldQzkoCh0c"
age
0
x-content-type-options
nosniff
x-amzn-requestid
703f26d9-908c-4476-9eba-393cd0dc2ab2
date
Mon, 16 Dec 2024 14:31:22 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513318 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
C431LFpAPHcEu5w=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:22 GMT
x-amzn-trace-id
Root=1-676039ba-4a5b33be5cbf099d551f16b0
x-yottaa-metrics
2521cc028522/[161,159,-] 25D1cc028531/[-,162.100]
access-control-allow-origin
*
content-length
109
x-powered-by
Express
7f85a56ba4.css
use.fontawesome.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/7f85a56ba4.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92913c2b11fc1e9e7c4f84628362d1c9660e7f7e88904d124c9ebbbef9d4e48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=1800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"8360eb270b919a1fb4776bc448d9ed14"
age
1500
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lkebfTLZuXVSEa2nZ5Mlf1khZTqu73jzf6f%2F6e8hzHNtAAFylSV8jeiA17%2B4YMc0Nsc9rS7wrcmoGqI%2BpPXX%2BGFRxgZA9lEKgZmdDOIIEFjEpZ0HEpR4Fd4gzYFKkL7hAlhrzS8K7O2BFeCrmG%2Fq3NLA"}],"group":"cf-nel","max_age":604800}
cf-ray
8f2f606eca334bbf-YUL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=15586&min_rtt=15544&rtt_var=2526&sent=7&recv=12&lost=0&retrans=0&sent_bytes=4031&recv_bytes=2297&delivery_rate=249055&cwnd=253&unsent_bytes=0&cid=3b7ff69b7d939f3a&ts=363&x=0"
date
Mon, 16 Dec 2024 14:31:22 GMT
content-type
text/css
last-modified
Fri, 22 Sep 2023 00:57:51 GMT
vary
Accept-Encoding
server
cloudflare
font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/7f85a56ba4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://use.fontawesome.com/7f85a56ba4.css

Response headers

cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"36082410df2ef7f83932219089dc1443"
age
1844942
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xMTrDaqZfi7jV9nEdoCBrLAhZaNd01iIakfyQiMTFrJCmMIyA2g81ARtW7lWMk%2BoJ8JzD5eIVgiMICFBfvsJlqde%2F2xh96YB2Hbs0vtgG%2Fiyzfc%2FeZX%2BOISizm257nzzY%2BuK7g0yp%2B33Zcnuj2a3l672"}],"group":"cf-nel","max_age":604800}
cf-ray
8f2f606efa604bbf-YUL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=17379&min_rtt=15544&rtt_var=5480&sent=10&recv=14&lost=0&retrans=0&sent_bytes=5154&recv_bytes=2409&delivery_rate=249055&cwnd=257&unsent_bytes=0&cid=3b7ff69b7d939f3a&ts=396&x=0"
date
Mon, 16 Dec 2024 14:31:22 GMT
content-type
text/css
last-modified
Fri, 22 Sep 2023 01:44:05 GMT
vary
Accept-Encoding
server
cloudflare
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=c440adee-65e1-4cbd-9a23-0289660bc974&code=jv94YOUIg8FOlza0sNnJvEVoMLfI__Qw4UTCScenQxw
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=c440adee-65e1-4cbd-9a23-0289660bc974&code=jv94YOUIg8FOlza0sNnJvEVoMLfI__Qw4UTCScenQxw
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

x-amzn-remapped-content-length
0
x-amzn-remapped-connection
close
age
0
x-amzn-requestid
6161c810-69f1-4c24-ad94-9377f08c7f29
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
1yv-G8JA_U1KiTULwfLsES-kS7Jo46Ys-0Wqw9Dha6XZE42u4_6i1Q==
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513321 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-yottaa-forcecache
true
cache-control
public, max-age=604800
x-amz-apigw-id
C431THA4iYcEvHw=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:23 GMT
x-amzn-trace-id
Root=1-676039bb-01b596673d52e42338787050;Parent=2f8a71df8a0eeeca;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 8effee3aa40a71b9ac0a963e0f02b7e0.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc0285f8/[275,272,-] 25D1cc028531/[-,276.543]
access-control-allow-origin
*
content-length
0
x-amz-cf-pop
SFO53-P2

Redirect headers

x-correlation-id
8f2f606f98182f30
cf-cache-status
DYNAMIC
age
0
x-ratelimit-1m-limit
24000, 2000000
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
Gxjso-R6cXxWcvcUWbtYdTBZrl5Dk-W7dZlhcCjNXfb8P5c8mEJ4Rw==
date
Mon, 16 Dec 2024 14:31:22 GMT
vary
Accept-Encoding
x-yottaa-optimizations
ob/0 si/25D1cc028531-1733930865-6327513319 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
x-yottaa-os
303
cache-control
no-store
location
https://www.elfcosmetics.com/callback?usid=c440adee-65e1-4cbd-9a23-0289660bc974&code=jv94YOUIg8FOlza0sNnJvEVoMLfI__Qw4UTCScenQxw
pragma
no-cache
via
1.1 2063124c232c5b97b617efefe26d1e72.cloudfront.net (CloudFront)
cf-ray
8f2f606f98182f30-PDX
x-yottaa-metrics
2521cc02851d/[178,177,-] 25D1cc028531/[-,180.142]
access-control-allow-origin
*
x-ratelimit-1m-remaining
23591, 1962645
content-length
0
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=xZGUizHUarAOLD9azapj1rrUjn3Uq3L8oL_HSzzZ_po
x-amz-cf-pop
SFO53-P2
x-ratelimit-1m-reset
37137, 37137
/
sdk.iad-05.braze.com/api/v3/data/ 		736 B
738 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e685313112279f592a7ee9ef45c43481f9db088f258fae8322751776a43aa26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
X-Braze-TriggersRequest
true
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-DataRequest
true
X-Braze-Req-Attempt
1
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
bc38a602-b1ef-4bb6-8d56-7fcf1041f33f
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"8e685313112279f592a7ee9ef45c4348"
access-control-allow-methods
POST, GET
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.170469
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1734359484
cf-ray
8f2f6070de31aafe-YYZ
x-ratelimit-remaining
493.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8f2f60706dd0aafe-YYZ
content-encoding
gzip
date
Mon, 16 Dec 2024 14:31:22 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
aY7kJA0jlzEL9QWHODNZDw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCA5D566A7B63C
age
12935
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Tue, 17 Dec 2024 14:31:22 GMT
date
Mon, 16 Dec 2024 14:31:22 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 20:25:14 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
3ab7c63a-001e-00cb-15c9-3101ba000000
cf-ray
8f2f606fda33a30f-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
1832
x-ms-blob-type
BlockBlob
server
cloudflare
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8f2f607189eba294-YUL
access-control-allow-origin
*
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
st
st.dynamicyield.com/ 		160 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=r6ehhq799airbv42m6lr8fag151muzs2&ref=&scriptVersion=2.45.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27c2:8200:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5f741b0b06c38fb534139add094284920efd63fe1882c389bdf8354634c5f29

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
content-encoding
gzip
via
1.1 43ea6d4d093c6f8fb9edddca6fa0cf36.cloudfront.net (CloudFront)
expires
Mon, 16 Dec 2024 14:31:22 GMT
access-control-allow-origin
*
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-amz-cf-id
qpG4pDaCxVmQwuHKOyab2bP61zzH7SknUPjBNqONZsYfDb4TfPTaMA==
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-amz-cf-pop
IAD61-P4
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&scrsrc=www.googletagmanager.com&frm=0&rnd=671481759.1734359484&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&auid=1610136199.1734359484&navt=n&npa=0&gtm=45He4cc1v896608294za200&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734359483529&tfd=5940&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.179.147 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
pd-in-f147.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202406.1.0/ 		451 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
7I5y/rp4ODu7ul89ty+epQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56F667161
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
24548
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/javascript
last-modified
Tue, 16 Jul 2024 22:20:01 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
5bc25b51-101e-0031-4bd5-2cc85d000000
cf-ray
8f2f6074280da2e1-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
112027
x-ms-blob-type
BlockBlob
server
cloudflare
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8f2f607438efaafe-YYZ
content-encoding
gzip
date
Mon, 16 Dec 2024 14:31:23 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8f2f607438f1aafe-YYZ
content-encoding
gzip
date
Mon, 16 Dec 2024 14:31:23 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0459d92439b00a45ee64b06b3332d2d9ff6f1ab8b44ff970b7874bbe874a2477
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
29
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
8fcb872f-bb65-46ae-aa14-195fe8029a6b
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"0459d92439b00a45ee64b06b3332d2d9"
access-control-allow-methods
POST, GET
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.042349
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1734359484
cf-ray
8f2f60749930aafe-YYZ
x-ratelimit-remaining
483.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ 		20 B
180 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
X-Braze-Last-Req-Ms-Ago
7200000
X-Braze-DataRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
28
X-Braze-FeatureFlagsRequest
true
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
b5544238-fddb-4569-bbbc-acba5de427eb
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"e92f434a50c76d6e52d0d3cc91cdf185"
access-control-allow-methods
POST, GET
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.037343
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1734359484
cf-ray
8f2f60749938aafe-YYZ
x-ratelimit-remaining
490.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
fe94d8c5399189327e9bef23c9a122573f8c7daa36b12f9775301e982c76b23d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Authorization
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-correlation-id
8f2f60750c2e2f61
age
0
x-ratelimit-1m-limit
24000, 2000000
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS,PATCH
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
-Y8XHLdJzOBKfmsCAH0sg0PaW3d6fqxqxfH-lNthwgjI6CoDIJ_qSQ==
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513322 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
x-yottaa-os
200
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 ae8253630612e3347863de4af7a55446.cloudfront.net (CloudFront)
cf-ray
8f2f60750c2e2f61-PDX
x-yottaa-metrics
2521cc0285ac/[191,189,-] 25D1cc028531/[-,192.350]
access-control-allow-origin
*
x-ratelimit-1m-remaining
23570, 1961056
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-amz-cf-pop
SFO53-P2
x-ratelimit-1m-reset
36246, 36245
sw_iframe.html
www.googletagmanager.com/static/service_worker/4cc0/ Frame 163A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.elfcosmetics.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
203032
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Sat, 14 Dec 2024 06:07:31 GMT
expires
Sun, 14 Dec 2025 06:07:31 GMT
last-modified
Thu, 12 Dec 2024 10:18:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/ 		227 KB
39 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
8kCXQkwViL618LYUH092ww==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCA5D56AD873B6
age
8071
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Tue, 17 Dec 2024 14:31:23 GMT
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 20:25:21 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
bd10f3a4-801e-0095-474c-26f2b9000000
cf-ray
8f2f60750fb9a30f-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
39839
x-ms-blob-type
BlockBlob
server
cloudflare
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.45.0/ 		196 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28a9:9800:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
e35ebb7e01dda1bdb1fbb86be8bb4163c3b3a0b1353a0b90d573d1ebb913eddd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
cache-control
max-age=31536000
content-encoding
gzip
etag
W/"2cc11e085e968b149aa3743056780ffc"
age
3648407
via
1.1 d0f0c12b84f2e6c0568fb45ff9f90b78.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
cnC62gZ7kOIcvOm3jfeMfVamFuGqIzbSJt4VaYoaRPfqlMRIjzhkYQ==
date
Mon, 04 Nov 2024 09:04:37 GMT
content-type
text/javascript
last-modified
Mon, 28 Oct 2024 08:59:27 GMT
server
DYCDN
x-amz-cf-pop
IAD89-P3
x-amz-server-side-encryption
AES256
otFlat.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
sHJXWIgDpMKY35PyRRy4zQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56B3084E2
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
6603
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:54 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
e5ee5aa5-201e-0039-2d2a-31d32e000000
cf-ray
8f2f6076a9c1a30f-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
3003
x-ms-blob-type
BlockBlob
server
cloudflare
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
LtDYZmcfPNW39lMw/Yu0RQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56C7CC8BB
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
30215
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
125efa87-d01e-00e0-3577-d87502000000
cf-ray
8f2f6076a9c5a30f-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
12723
x-ms-blob-type
BlockBlob
server
cloudflare
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
QnaHNt7KvNcyo6Q1ZDZObg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCA5E56C38B888
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
6603
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
application/json
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
21a48b36-f01e-0091-3444-26073b000000
cf-ray
8f2f6076a9c6a30f-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
1738
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c496fcbe60fec78dc1b86a9136644d9a97cae20df32be3e9a4a62ce7bd0e6a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
10725
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=24745
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
text/css
last-modified
Tue, 16 Jul 2024 22:20:07 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
c2721718-001e-00c0-0f77-d819ce000000
cf-ray
8f2f6076a9c7a30f-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
8772046
rcom.dynamicyield.com/v3/recommend/ 		12 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rcom.dynamicyield.com/v3/recommend/8772046
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2305:3a00:1c:df99:ffc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7e3dc02a0e24d7014bce91d1c2c1cff39e4056903aa9c069257f9ab3338dee34

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

timing-allow-origin
*
content-encoding
gzip
access-control-allow-methods
GET, POST
via
1.1 4b0dd366e44414a4e7e6ed6970080d58.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
1741
x-amz-cf-id
mM0WQqx17uKAtXEmUfXddbK1FaHJSA98avDYV0qFkS1bEo1zr6PtnA==
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
IAD89-P2
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
uia
async-px.dynamicyield.com/ 		0
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1734359483941
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.18.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-41.iad12.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 f05e3afde72874082b3c4e5699bc66ba.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
5Ae1HBeIWqaR9Rb7OATf7CYmhQXJn0DGqW6gsLCEDqaha0XDx36iHw==
date
Mon, 16 Dec 2024 14:31:24 GMT
x-amz-cf-pop
IAD12-P4
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=937544&uid=81065031250229691&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=0edca45e106429e432aca24ce8de687b&expSes=40189&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5215959236385200940&cgtgDecisionId=5215959237720059928&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1734359483972&rri=2995839
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.18.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-41.iad12.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 f05e3afde72874082b3c4e5699bc66ba.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
QoLDDmmL1VKiNAHdzb_tWnOxDAANt3vLQBLXd5ysjO4POiQ0--yi6A==
date
Mon, 16 Dec 2024 14:31:24 GMT
x-amz-cf-pop
IAD12-P4
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=537926&uid=81065031250229691&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=0edca45e106429e432aca24ce8de687b&expSes=40189&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5215959236724472403&cgtgDecisionId=5215959238741594818&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1734359483973&rri=4370072
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.18.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-41.iad12.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 f05e3afde72874082b3c4e5699bc66ba.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
1W3KCym6P1JCiyN4g_fkTKTY8WAO4Xa-dkh7Ka6RQ_pnXqGam-VqGA==
date
Mon, 16 Dec 2024 14:31:24 GMT
x-amz-cf-pop
IAD12-P4
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=927329&uid=81065031250229691&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=0edca45e106429e432aca24ce8de687b&expSes=40189&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5215959236044251345&cgtgDecisionId=5215959237409106702&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1734359483973&rri=4772718
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.18.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-41.iad12.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 f05e3afde72874082b3c4e5699bc66ba.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
7JnhCn9EhnHVBuP0h1-6rFO4UZf6wg82dZFaTOyf5tNdc8mgRECrNw==
date
Mon, 16 Dec 2024 14:31:24 GMT
x-amz-cf-pop
IAD12-P4
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=729981&uid=81065031250229691&sec=8772046&t=ri&e=1956448&p=1&ve=13809702&va=%5B29454385%5D&ses=0edca45e106429e432aca24ce8de687b&expSes=40189&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5215959238752543998&cgtgDecisionId=5215959237875498114&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1734359483974&rri=3558451
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.18.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-41.iad12.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 f05e3afde72874082b3c4e5699bc66ba.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
r_y3mmkbXxmkJ4ZLAsWvl_fIFZULEH-uJtmV6E3_v9iHc4fHW7U3iA==
date
Mon, 16 Dec 2024 14:31:24 GMT
x-amz-cf-pop
IAD12-P4
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmM0NDBhZGVlLTY1ZTEtNGNiZC05YTIzLTAyODk2NjBiYzk3NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzQzNTk0NTMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid1hvWWtlZEl4dXNSbEh0SmtxWVl3MGhJOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNDM2MTI4MywiaWF0IjoxNzM0MzU5NDgzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzAzNDA4NDUwODcwMzM2NiJ9.iN1FHljlRz3wsddOkOLWUOC4xFZLoIXQyz_BRxyubKdq3vZvpVQ0D9-bAVM9RNhi33a9jz47EZzaEhsFV4q2Mw
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-dw-request-base-id
lUqeyLw5YGcBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
6pw5q18_qJv3SIGED9SXPeJDDVHZmHA4fxInzwgMCmsssl7pMH-ZXw==
date
Mon, 16 Dec 2024 14:31:24 GMT
x-yottaa-optimizations
ob/0 si/25D1cc028531-1733930865-6327513323 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
204
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
allow
OPTIONS,POST
cf-ray
8f2f60775b7e2f42-PDX
x-yottaa-metrics
2521cc0285ab/[171,169,-] 25D1cc028531/[-,171.592]
via
1.1 6dddb00d156bc90e84fe8c9d69f4809e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
x-amz-cf-pop
SFO53-P2
shoppercontext
www.elfcosmetics.com/api/v1/ 		155 B
918 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmM0NDBhZGVlLTY1ZTEtNGNiZC05YTIzLTAyODk2NjBiYzk3NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzQzNTk0NTMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid1hvWWtlZEl4dXNSbEh0SmtxWVl3MGhJOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNDM2MTI4MywiaWF0IjoxNzM0MzU5NDgzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzAzNDA4NDUwODcwMzM2NiJ9.iN1FHljlRz3wsddOkOLWUOC4xFZLoIXQyz_BRxyubKdq3vZvpVQ0D9-bAVM9RNhi33a9jz47EZzaEhsFV4q2Mw
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
155
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"9b-kxf9yVg30tXuCGFtxK1Gzr92WYg"
age
0
x-amzn-requestid
a756db4d-2b0d-4179-85bc-15c1c6b0899b
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
HBp5cwOJ1PBks4WchRB-XTnzAaFF2vhSCyS2-AFsy_t19OQerUCooQ==
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513324 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
C431cFzNiYcEl5Q=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:24 GMT
x-amzn-trace-id
Root=1-676039bc-166dcc303a7320db696f3ed7;Parent=63fb6a206a6709bb;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 b9123be426d0e732cf10eff602d871c8.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028599/[601,599,-] 25D1cc028531/[-,602.016]
access-control-allow-origin
*
content-length
131
x-amz-cf-pop
SFO53-P2
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
261 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d6d87deb0262a268b1656036f7d55c1cd917354fccfd9792f106deff1cddf27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
438
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
27
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
1fa48cc4-c540-4e39-8527-c71425d120b9
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"5d6d87deb0262a268b1656036f7d55c1"
access-control-allow-methods
POST, GET
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.061357
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1734359487
cf-ray
8f2f6076fb79aafe-YYZ
x-ratelimit-remaining
499.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
shoppercontext
www.elfcosmetics.com/api/v1/ 		155 B
919 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmM0NDBhZGVlLTY1ZTEtNGNiZC05YTIzLTAyODk2NjBiYzk3NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzQzNTk0NTMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid1hvWWtlZEl4dXNSbEh0SmtxWVl3MGhJOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNDM2MTI4MywiaWF0IjoxNzM0MzU5NDgzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzAzNDA4NDUwODcwMzM2NiJ9.iN1FHljlRz3wsddOkOLWUOC4xFZLoIXQyz_BRxyubKdq3vZvpVQ0D9-bAVM9RNhi33a9jz47EZzaEhsFV4q2Mw
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
155
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"9b-kxf9yVg30tXuCGFtxK1Gzr92WYg"
age
0
x-amzn-requestid
ab5d42b8-9dd3-4c62-bb2b-0d5dbe087f3e
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
SivmNuQXlmL74jQb_7D-G3Hm4CTFU_R6oHqZ-NnHTuo1dxEonkD0aQ==
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513325 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
C431dH-oCYcEa0g=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:24 GMT
x-amzn-trace-id
Root=1-676039bc-4168323226f7e2d62c976ea8;Parent=4c83cead97697dab;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 671f1f27279c7644e32ce35df9d281aa.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028598/[582,581,-] 25D1cc028531/[-,582.950]
access-control-allow-origin
*
content-length
131
x-amz-cf-pop
SFO53-P2
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d6d87deb0262a268b1656036f7d55c1cd917354fccfd9792f106deff1cddf27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
BRAZE-SYNC-RETRY-COUNT
0
X-Braze-DataRequest
true
X-Braze-Last-Req-Ms-Ago
1
X-Braze-ContentCardsRequest
true
X-Braze-Req-Attempt
1
X-Braze-Req-Tokens-Remaining
26
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57

Response headers

access-control-max-age
7200
x-request-id
b156b51e-bda6-4864-a1b1-67ace40444c2
access-control-expose-headers
content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"5d6d87deb0262a268b1656036f7d55c1"
access-control-allow-methods
POST, GET
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json
vary
Origin,Accept-Encoding
x-runtime
0.060765
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1734359487
cf-ray
8f2f6076fb7baafe-YYZ
x-ratelimit-remaining
498.0
access-control-allow-origin
*
x-ratelimit-limit
500.0
server
cloudflare
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
922 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/json

Response headers

content-encoding
gzip
x-dw-request-base-id
lUqiyLw5YGcBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
4l6i9iVyixHChd84HAEohl2SkHP0osde7Koq5DJtmyVI87aoDWRfRA==
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513326 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
max-age=0,no-cache,no-store,must-revalidate
allow
GET,HEAD,OPTIONS
cf-ray
8f2f60778cc0eb3e-SEA
x-yottaa-metrics
2521cc028597/[287,286,-] 25D1cc028531/[-,288.156]
via
1.1 b9123be426d0e732cf10eff602d871c8.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-amz-cf-pop
SFO53-P2
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
924 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/json

Response headers

content-encoding
gzip
x-dw-request-base-id
lUrHyLw5YGcBAAB_
x-dw-version-status
obsolete
age
0
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
W6MvrECHYAPb2lUZl3RtseT4dynlLx8b0K5o2c2FZ7_kKTwRbmBphw==
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513330 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
max-age=0,no-cache,no-store,must-revalidate
allow
GET,HEAD,OPTIONS
cf-ray
8f2f6079acc15ed7-PDX
x-yottaa-metrics
2521cc028593/[292,291,-] 25D1cc028531/[-,293.708]
via
1.1 6dddb00d156bc90e84fe8c9d69f4809e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-amz-cf-pop
SFO53-P2
event
www.elfcosmetics.com/api/en-ca/v2.0/ 		105 B
671 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-ca/v2.0/event?locale=en-CA
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
dae2962d0ad512373f5e70c5bd6b0a106ad88a7d00f6722d6dcdd46f196555c6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-x2cUsGggasDhH8lm5ldQzkoCh0c"
age
0
x-content-type-options
nosniff
x-amzn-requestid
6a07bbb8-643f-40a2-bee1-020f65f9021c
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513327 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
C431cFq4vHcESzQ=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:24 GMT
x-amzn-trace-id
Root=1-676039bc-59123aea0aab4cc720cf83e6
x-yottaa-metrics
2521cc028596/[162,160,-] 25D1cc028531/[-,163.503]
access-control-allow-origin
*
content-length
109
x-powered-by
Express
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwXoYkedIxusRlHtJkqYYw0hI/ 		11 B
986 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwXoYkedIxusRlHtJkqYYw0hI/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmM0NDBhZGVlLTY1ZTEtNGNiZC05YTIzLTAyODk2NjBiYzk3NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzQzNTk0NTMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid1hvWWtlZEl4dXNSbEh0SmtxWVl3MGhJOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNDM2MTI4MywiaWF0IjoxNzM0MzU5NDgzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzAzNDA4NDUwODcwMzM2NiJ9.iN1FHljlRz3wsddOkOLWUOC4xFZLoIXQyz_BRxyubKdq3vZvpVQ0D9-bAVM9RNhi33a9jz47EZzaEhsFV4q2Mw
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

x-yottaa-metrics
2521cc028595/[209,208,-] 25D1cc028531/[-,210.445]
x-correlation-id
8f2f6078dbc12cf8
cf-cache-status
DYNAMIC
content-encoding
gzip
age
0
x-content-type-options
nosniff
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
0JbNtl5muYGKiPG9qXUjBjjavJKH8vuUxDo-2Y8ZFw58BnCJBKrw8Q==
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513328 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=31536000; includeSubDomains
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
no-cache, no-store
pragma
no-cache
via
1.1 139fcf0656ce62dcfe3841c9c385a5c6.cloudfront.net (CloudFront)
sfdc_cache_status
MISS [0/1]
cf-ray
8f2f6078dbc12cf8-PDX
accept-ranges
bytes
access-control-allow-origin
*
sfdc_load
1
content-length
37
dnt
0
x-ratelimit-limit
99999
x-ratelimit-remaining
999
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwXoYkedIxusRlHtJkqYYw0hI/baskets?siteId=elf-us
x-amz-cf-pop
SFO53-P2
batch
async-px.dynamicyield.com/ 		0
384 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1734359484256_900090
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.18.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-41.iad12.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 a27022837959b6f70545c8d6d0de9d04.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
V0OH_kQLRtOX0xRrdGXr7AegWBq9joSnlo16GelfnJbuGh0CQc-VyQ==
date
Mon, 16 Dec 2024 14:31:24 GMT
x-amz-cf-pop
IAD12-P4
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=624788&uid=81065031250229691&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28207095%5D&ses=0edca45e106429e432aca24ce8de687b&expSes=40189&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expVisitId=5215959237171068385&cgtgDecisionId=5215959235229525917&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1734359484426&rri=3305863
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.18.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-41.iad12.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 f05e3afde72874082b3c4e5699bc66ba.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
x_O3uMvCrtlRzr9zC2NiK9rEwLUuIxQk3HLFfJhJodNPnBSqSuK1VQ==
date
Mon, 16 Dec 2024 14:31:24 GMT
x-amz-cf-pop
IAD12-P4
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2479:6000:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=600
content-encoding
gzip
age
331
via
1.1 google, 1.1 0a2ddb6f9b0df10d973faa154be16dba.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
du4rsjMkIXQ-3gp9H-XqFuDx5PuqA7S5oOtuaMaKX4T7tsxt6G0kkg==
date
Mon, 16 Dec 2024 14:25:52 GMT
content-type
text/javascript;charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
IAD61-P3
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=68297b2d-beea-451a-96e4-79cf876a9f9f&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
13.249.39.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-39-52.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
null
etag
"18b3e43abad26bdac6f4cea944777b62"
age
29180
via
1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
807
x-amz-cf-id
hxQSxE4O9wVSZpAeq5cMhZfy92Z66bqoaQUp9KwLh-isVo_yVs3qcg==
date
Mon, 16 Dec 2024 06:25:06 GMT
content-type
image/gif
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C1

Redirect headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
x-amz-apigw-id
C431hGgaoAMEmSA=
x-amzn-trace-id
Root=1-676039bc-5a06154b558b5f2b5e679eed;Parent=4bfff7bbb56937f2;Sampled=0;Lineage=1:07bbc27a:0
x-amzn-requestid
46de6870-8b2d-46b0-969e-bb96815a0adc
access-control-allow-origin
*
content-length
2
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/json
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.160.132 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
167.114.209.103; 167.114.209.103; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
8164323b-a81b-4eef-92bc-82e7f887adf1
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Mon, 16 Dec 2024 14:31:24 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
167.114.209.103; 167.114.209.103; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
be2e716b-4ec6-44ad-b4db-c333fd505cd5
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Mon, 16 Dec 2024 14:31:24 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NzAxMzA2ZGQtMTE4Yi00MWRhLWE3ZjctODM1ZjgyNmMyOTEx&gdpr=0&gdpr_consent=&ttd_tdid=701306dd-118b-41da-a7f7-835f8...
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&google_hm=NzAxMzA2ZGQtMTE4Yi00MWRhLWE3ZjctODM1ZjgyNmMyOTEx&gdpr=0&gdpr_consent=&ttd_tdid=701306dd-118b-41da-a7f7-835...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=701306dd-118b-41da-a7f7-835f826c2911&google_gid=CAESEKTC9nmDI4nXt_s4ob-sHS8&google_cver=1
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=701306dd-118b-41da-a7f7-835f826c2911
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4886300268077266109&ttd_tdid=701306dd-118b-41da-a7f7-835f826c2911
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=701306dd-118b-41da-a7f7-835f826c2911&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=701306dd-118b-41da-a7f7-835f826c2911&expiration=1736951486&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=701306dd-118b-41da-a7f7-835f826c2911&expiration=1736951486&gdpr=0&gdpr_consent=&C=1
43 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=701306dd-118b-41da-a7f7-835f826c2911&expiration=1736951486&gdpr=0&gdpr_consent=&C=1
Protocol
H2
Server
104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxDJXBnZgvJ%2FZebyBsqCBfwTQM0ZvaYt3OVooJN9BymkY7a4uPO%2BEVLbkFzef36oYTacgYKPxgr98vWeMqTyhisQTgT9tEmxbUAi6%2Bkg9jzxI1nvkpnCTdmmWTnXx33IsVuXRSg8eZ%2Bv%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f2f6085bed4abcd-YYZ
expires
0
alt-svc
h3=":443"; ma=86400
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
image/gif
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
no-cache
location
/rum?cm_dsp_id=39&external_user_id=701306dd-118b-41da-a7f7-835f826c2911&expiration=1736951486&gdpr=0&gdpr_consent=&C=1
cf-cache-status
DYNAMIC
pragma
no-cache
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vCZY4JVex04QaZyuoeCjyV%2FajZ%2FFXTmqXQzmrPzeXdxZgXAUqq%2BLqqi3EgQwGK61qLWl5bImEXwF%2FWd2BYXu0rGzgDzcYHTa3b3G3kjhqxO%2BBXl8JvWMzUZStQxzY2uhy5XHjgA8B%2BX8sQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f2f60855e83abcd-YYZ
expires
0
alt-svc
h3=":443"; ma=86400
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date
Mon, 16 Dec 2024 14:31:26 GMT
vary
Accept-Encoding
server
cloudflare
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
624 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
24380
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
image/svg+xml
last-modified
Sat, 14 Dec 2024 03:35:43 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
d0129382-a01e-0001-5191-4e9277000000
cf-ray
8f2f607a0ff0a2e1-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
539 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
57356
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
image/svg+xml
last-modified
Sat, 14 Dec 2024 03:35:42 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
16110a1d-101e-0031-78e8-4dc85d000000
cf-ray
8f2f607a1ecea30f-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
E8+sk/ECzKgTUVtDLikiIA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8DD1BF063836B08
age
13390
cf-cache-status
HIT
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
image/png
last-modified
Sat, 14 Dec 2024 03:35:43 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
456204f7-701e-006e-0feb-4d3aa3000000
cf-ray
8f2f607a483aa2e1-YUL
accept-ranges
bytes
access-control-allow-origin
*
content-length
4036
x-ms-blob-type
BlockBlob
server
cloudflare
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-md5
Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
24380
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
image/svg+xml
last-modified
Sat, 14 Dec 2024 03:35:43 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
769832aa-201e-0093-5824-4e05c1000000
cf-ray
8f2f607a483da2e1-YUL
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
favicon.ico
www.elfcosmetics.com/ 		34 KB
35 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

x-amzn-remapped-content-length
34494
x-amzn-remapped-connection
close
etag
W/"86be-1939d273a30"
age
0
x-amzn-requestid
2fa55eb9-d259-45a7-ba7f-858d0f0ca9f9
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
nGu4CUa3XF4JhgRM-4VbmOztKIfRkfSXASbxRrIzlfauJflqCslKOA==
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
image/x-icon
last-modified
Fri, 06 Dec 2024 18:06:54 GMT
vary
Accept-Encoding
x-yottaa-optimizations
ob/10 si/25D1cc028531-1733930865-6327513331 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
cache-control
max-age=600, s-maxage=600
x-amz-apigw-id
C02oqGs0CYcEvfw=
x-amzn-remapped-date
Sun, 15 Dec 2024 09:15:35 GMT
x-amzn-trace-id
Root=1-675e9e37-2dec9ab3578817a7268388d1;Parent=7e6a47436eca5ec4;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 cdb593e085c35596a44093f23350a6a2.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028592/[-,-,1734359201398] 25D1cc028531/[-,2.764]
accept-ranges
bytes
access-control-allow-origin
*
content-length
34494
x-amz-cf-pop
SFO53-P2
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
b12820211823098b4d8f580aabc41bdc00210bc7c8f0addab8aade7b6ce263fe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmM0NDBhZGVlLTY1ZTEtNGNiZC05YTIzLTAyODk2NjBiYzk3NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzQzNTk0NTMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid1hvWWtlZEl4dXNSbEh0SmtxWVl3MGhJOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNDM2MTI4MywiaWF0IjoxNzM0MzU5NDgzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzAzNDA4NDUwODcwMzM2NiJ9.iN1FHljlRz3wsddOkOLWUOC4xFZLoIXQyz_BRxyubKdq3vZvpVQ0D9-bAVM9RNhi33a9jz47EZzaEhsFV4q2Mw
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/json

Response headers

x-dw-resource-state
5f243daa30c1f6c40ff2545a0cbc28e2bdb6402a1bd4363df131695ef406ca88
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
content-encoding
gzip
x-dw-request-base-id
lUrryLw5YGcBAAB_
etag
5f243daa30c1f6c40ff2545a0cbc28e2bdb6402a1bd4363df131695ef406ca88
age
0
x-dw-version-status
obsolete
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
4WhOf6GBWy3JPlJ24F-Y9FWoI5TS_yi1Vvt8nlZi4r0ZipOK_1utmA==
date
Mon, 16 Dec 2024 14:31:25 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513333 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
allow
OPTIONS,POST
cf-ray
8f2f607bfdfa2f2b-PDX
x-yottaa-metrics
2521cc028590/[261,259,-] 25D1cc028531/[-,262.353]
via
1.1 23e0198e3ba45afaefc61c0d0fc4eacc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
1107
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
x-amz-cf-pop
SFO53-P2
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.184.193 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0540a066b92ce4ca.awsglobalaccelerator.com
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
*
access-control-expose-headers
X-Results-Data-Source
timing-allow-origin
*
cache-control
no-cache
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
text/json
access-control-allow-credentials
true
www-widgetapi.js
www.youtube.com/s/player/f8f53e1a/www-widgetapi.vflset/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f8f53e1a/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14939503c8a97bef459ce94218f0e65933ab569f7b1d726bcb0b3c1031ebccf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
age
343
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
x-content-type-options
nosniff
expires
Tue, 16 Dec 2025 14:25:41 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:25:41 GMT
last-modified
Wed, 11 Dec 2024 05:16:51 GMT
content-type
text/javascript
vary
Accept-Encoding, Origin
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
content-length
10165
x-xss-protection
0
server
sffe
api.js
www.google.com/recaptcha/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.179.147 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
pd-in-f147.1e100.net
Software
ESF /
Resource Hash
0781116351275f1c9d97818c6b40d4b90f97fc3a015d22bcb8e6ac1c8ac1562e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Mon, 16 Dec 2024 14:31:24 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Mon, 16 Dec 2024 14:31:24 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=86400
content-encoding
gzip
x-samesite
secure
via
1.1 google
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cache
hit
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
text/javascript
last-modified
Mon, 16 Dec 2024 14:31:24 GMT
js
www.paypal.com/sdk/ 		425 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
911894783ee4fd2bdbea04f4cf5c1ccfa3cab4be816e5ebed6c5d2c2cb6d38a3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-FnIlmon31eJuMEpNXKwcd/FYrGD/E5yaDPRJQTEQeCsVJHCo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-FnIlmon31eJuMEpNXKwcd/FYrGD/E5yaDPRJQTEQeCsVJHCo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
f4612405fd613
content-encoding
gzip
etag
W/"1d899-LHR6v85diFVZ7uoSF/xh1vUcO3g"
age
10522
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
disable-set-cookie
true
traceparent
00-0000000000000000000f4612405fd613-771dc5dbaaba51ec-01
server-timing
"traceparent;desc="00-0000000000000000000f4612405fd613-89ae448b9d0881e0-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
p3p
true
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-bur-kbur8200163-BUR, cache-yul1970078-YUL, cache-yul1970078-YUL
x-cache-hits
1673, 1, 0
x-frame-options
SAMEORIGIN
x-cache
HIT, HIT, MISS
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-FnIlmon31eJuMEpNXKwcd/FYrGD/E5yaDPRJQTEQeCsVJHCo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-FnIlmon31eJuMEpNXKwcd/FYrGD/E5yaDPRJQTEQeCsVJHCo' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
cache-control
public, max-age=3600, s-maxage=10800
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1734359485.897356,VS0,VE4
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
access-control-allow-origin
*
content-length
120985
x-xss-protection
1; mode=block
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		150 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.9.177.190 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-9-177-190.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
c2ac7532466beef2ea338502b864a697286dfb2a61cefb19fcebe0cccc40f068
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=15768000
Vary
Accept-Encoding
Cache-Control
must-revalidate, max-age=900
Content-Encoding
gzip
Connection
keep-alive
Expires
Mon, 16 Dec 2024 14:46:24 GMT
Access-Control-Allow-Origin
*
Content-Length
53150
Date
Mon, 16 Dec 2024 14:31:24 GMT
Content-Type
application/javascript;charset=UTF-8
X-Powered-By
Express
Server
nginx
X-Frame-Options
SAMEORIGIN
js
www.googletagmanager.com/gtag/ 		317 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
42b9d7f191f308b12c08db50ae043c8d3eece5346ae81d134e0e2c024d92d492
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 16 Dec 2024 14:31:24 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
108537
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		412 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
32ad364270944bfe7e5334b8090e8a7532339f6d8d0a17005324c20369293ebf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 16 Dec 2024 14:31:24 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
134974
x-xss-protection
0
server
Google Tag Manager
iframe_api
www.youtube.com/ 		993 B
590 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::88 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8d1544bb47c74ef9a9b177a721c628aeff0be0f9f6a57b18769a7d67055c759
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
x-content-type-options
nosniff
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
expires
Mon, 16 Dec 2024 14:31:24 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
require-trusted-types-for 'script'
cache-control
private, max-age=0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
x-xss-protection
0
server
ESF
include.js
cdn8.eu.inside.chat/gtm/IN-1011171-EC/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat/gtm/IN-1011171-EC/include.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fbf274307b0005c6c7e28165828d62def90546a6395cc49c4bf08aa9a7fd2a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"066bf777448db1:0"
age
339
expires
Mon, 16 Dec 2024 15:31:24 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/javascript
last-modified
Sat, 07 Dec 2024 06:51:40 GMT
vary
Accept-Encoding
priority
u=3,i=?0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=3600
cf-ray
8f2f607c6df4ab6d-YYZ
accept-ranges
bytes
content-length
10553
server
cloudflare
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		384 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.167.88.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-167-88-57.iad55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ca3f9035e8ba12e10c6237a28f67d17f12577b2abbf143b7a675510a42d34e4e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
etag
"e17ef3c3e24685f8e07d23dfdfada12f"
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
HpsK9vDgLj0xCvEosGOjMIEGFW1J0tg_v6cGxUKIiULctQmXFbLz1A==
date
Sun, 15 Dec 2024 12:33:46 GMT
content-type
application/javascript;charset=utf-8
vary
accept-encoding, Origin
last-modified
Thu, 12 Dec 2024 12:31:57 GMT
cache-control
max-age=900
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
via
1.1 eafa30ac9eebc826d698b6b51868b24a.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
92108
x-amz-cf-pop
IAD55-P6
server
AmazonS3
x-amz-server-side-encryption
AES256
destination
www.googletagmanager.com/gtag/ 		231 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
79d5755c3ff9677849a72a3e4ed4f8c36574c8c1d7c47288809fdfe05f334782
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Mon, 16 Dec 2024 14:31:24 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 16 Dec 2024 12:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
84541
x-xss-protection
0
server
Google Tag Manager
destination
www.googletagmanager.com/gtag/ 		236 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
39b8d6e7380c33c9ff52a02a569e68aa60fe28e6a6ab5d8e982c9149d9708913
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Mon, 16 Dec 2024 14:31:24 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 16 Dec 2024 12:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
85851
x-xss-protection
0
server
Google Tag Manager
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:382::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
46811578437caf8eac61ac10112c43b46ede17063b29ac96b866c7027b6fd1d2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
86400
cache-control
max-age=7200
access-control-expose-headers
X-CDN
content-encoding
br
etag
"11c76370dfab0397b8a31fe800363638"
x-cdn
akamai
access-control-allow-methods
GET
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
access-control-allow-origin
*
content-length
1863
content-type
application/javascript
vary
Accept-Encoding, Origin
x-amz-server-side-encryption
AES256
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
240355f4e85792fb5c1e46a942e6d797a078d39f8717dfbab666e4e80cb4dd8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-gHYespax' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-gHYespax' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=23, mss=1232, tbw=4501, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
oNUdCYEluZfGXvnwxB4n7A8AIy/0thOuYg8p4gYAq9CdQmYhg5iQmk9mrGwYMlTpgWtsyv1sKKoU9xJBv6OoHA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62283
x-xss-protection
0
origin-agent-cluster
?1
pixel.js
www.redditstatic.com/ads/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
public, max-age=60
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
etag
"1a001f3a066bff47a766099b87253911"
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12220
date
Mon, 16 Dec 2024 14:31:25 GMT
last-modified
Mon, 18 Nov 2024 21:16:35 GMT
content-type
application/javascript
vary
Accept-Encoding,Origin
server
snooserv
x-amz-server-side-encryption
AES256
bat.js
bat.bing.com/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: CAA50F4A896F4A44B45BF758325CF59A Ref B: YMQ01EDGE0309 Ref C: 2024-12-16T14:31:25Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Mon, 16 Dec 2024 14:31:24 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
products
www.elfcosmetics.com/api/en-ca/v2.0/ 		2 MB
106 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-ca/v2.0/products?ids=300234%2C300229%2C70982%2C300220%2C300230%2C300237%2C57014%2C300242%2C300176%2C300240%2C81810%2C300243&phash=d698ede716cf2641&siteId=elf-us&locale=en-CA&currency=CAD
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
5e208be404e962917b2cf3e9e3ca259e70a807548bed820770ebc0250496ac62
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmM0NDBhZGVlLTY1ZTEtNGNiZC05YTIzLTAyODk2NjBiYzk3NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzQzNTk0NTMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid1hvWWtlZEl4dXNSbEh0SmtxWVl3MGhJOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNDM2MTI4MywiaWF0IjoxNzM0MzU5NDgzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzAzNDA4NDUwODcwMzM2NiJ9.iN1FHljlRz3wsddOkOLWUOC4xFZLoIXQyz_BRxyubKdq3vZvpVQ0D9-bAVM9RNhi33a9jz47EZzaEhsFV4q2Mw
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
clientid
982499-0-40048abc

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"18e844-g2L4/hgmO2HwWwecI0yIl5d8k5U"
age
0
x-content-type-options
nosniff
x-amzn-requestid
d9c46828-3668-4883-894d-3d08eda9312f
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513336 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
C431qFHIvHcEhUw=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:26 GMT
x-amzn-trace-id
Root=1-676039bd-3b3d423403bf1b8771cc58bc
x-yottaa-metrics
2521cc02858d/[1136,1135,-] 25D1cc028531/[-,1137.909]
access-control-allow-origin
*
x-powered-by
Express
events.js
analytics.tiktok.com/i18n/pixel/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BRR4GA0I9JJBU29G8GF0&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
147671adc0ae294487a897c708024fe7eecd1954bfe744ca713b1ea0920af550

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
expires
Mon, 16 Dec 2024 14:31:25 GMT
server-timing
inner; dur=5, cdn-cache; desc=MISS, edge; dur=1, origin; dur=8
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:25 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-akamai-request-id
34c55d8f
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75c3f53d3ba69f93aa0ce046dde2b7b1b4d9af0f14f7287e47c85683ef96d322af1e7b7fb021f00e0605125ef9f49cdb4a016f604ca72881c83fa4e8d93f969298
x-origin-response-time
8,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2412161431253040690AAC76037C83F8-641FFB127C6FDD11-00
content-length
2411
x-tt-logid
202412161431253040690AAC76037C83F8
server
nginx
events.js
analytics.tiktok.com/i18n/pixel/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ed353ab2902b414838e8d83cdae8ee057a48ba19aa90572c7d3ca6b1d03df4d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
expires
Mon, 16 Dec 2024 14:31:25 GMT
server-timing
inner; dur=5, cdn-cache; desc=MISS, edge; dur=0, origin; dur=7
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:25 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-akamai-request-id
34c55d8e
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75e4cdaef946a59b45b3798e0de4a60b949abdff0a3297adba2159043a168d7754f89862f09a4338a3f3105b24ff63732196e115c444ef76b359b048614b6760d9
x-origin-response-time
7,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-241216143125D29D3128A8667DEE8D63-0827A5363A240C11-00
x-tt-logid
20241216143125D29D3128A8667DEE8D63
server
nginx
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27c2:4a00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
226049a96ceaa190e0dd45980c8fba9367127b7c2b19b635ee30bb7f4fa17e52

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
M.fQKrXkVHcvymDK9D8bU4BvoS660wdj
etag
"9ee6264c1a592ca4976fb94c91ef8c87"
age
58372
via
1.1 a0d145d0791dd4e5051fa117c0e46d48.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
45384
x-amz-cf-id
HZPVkd9f_Ux-9l_UDUbNebYaB0mTucMfvEFZlmBbC_yHtLkMq_ucHg==
date
Sun, 15 Dec 2024 22:18:34 GMT
content-type
text/javascript
last-modified
Mon, 07 Oct 2024 17:19:22 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P4
x-amz-server-side-encryption
AES256
i.js
tag.wknd.ai/6664/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
d8a6f87544a3d737c7528b90820cc6ca9e042372c62bc7d530f75bc6c7ace594

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
cedf12d75173fa
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:23 GMT
content-type
text/plain; charset=utf-8
vary
Accept-Encoding
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
cache-control
public,max-age=60
timing-allow-origin
*
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
tag-router.tag-router.svc.cluster.local:80/*
via
1.1 google
access-control-allow-origin
*
content-length
5683
server
istio-envoy
x-region
us-central1
ig.js
cdn8.eu.inside.chat/ 		167 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat/ig.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf055e03c860dd88d9d4017203050548dc930d6b78749b07320c9b08f3625071
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
75fd15fd6fcf6083994b9a43ad8e8323
age
339
expires
Mon, 16 Dec 2024 15:31:25 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 16 Dec 2024 14:31:25 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
priority
u=3,i=?0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=3600
cf-ray
8f2f6080f9cbab6d-YYZ
accept-ranges
bytes
content-length
59762
server
cloudflare
collect
sgtm.elfcosmetics.com/g/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=991174587.1734359486&ecid=591609433&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=671481759.1734359484&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=1&sid=1734359485&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=8040&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
de54af57f8d83a7bf0394ad0f819596d93454b4bace23d153b120f634719ca6e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:25 GMT
content-type
text/plain
server
Google Frontend
collect
sgtm.elfcosmetics.com/g/ 		65 B
398 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=991174587.1734359486&ecid=591609433&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=671481759.1734359484&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=2&sid=1734359485&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&ep.event_id=1734359723970_173436037306020&ep.external_id=&ep.pinterest_pixel_id=549755876323&_et=7&tfd=8068&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
text/plain
server
Google Frontend
collect
sgtm.elfcosmetics.com/g/ 		65 B
463 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=991174587.1734359486&ecid=591609433&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=671481759.1734359484&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=3&sid=1734359485&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1734359723970_173436037306022&ep.email=&ep.phone=&ep.facebook_pixel_id=1638306756445368&_et=2&tfd=8068&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
text/plain
server
Google Frontend
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1753382854;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
64.233.180.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
on-in-f149.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Mon, 16 Dec 2024 14:31:25 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"10489884662367145297"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0x1fdff6fa2a080004","source_keys":["12","13","14","15","16","17","18","19","20","21","24748276","24748277","24748278","24748279","27138660","27138661","27138662","27138663","30226404","30226405","30226406","30226407","628477676","628477677","628477678","628477679","628627208","628627209","628627210","628627211","642003348","642003349","642003350","642003351","642887056","642887057","642887058","642887059","644875020","644875021","644875022","644875023","644922660","644922661","644922662","644922663"]},{"key_piece":"0xd6a6899234222bc5","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","24748276","24748277","24748278","24748279","27138660","27138661","27138662","27138663","30226404","30226405","30226406","30226407","628477676","628477677","628477678","628477679","628627208","628627209","628627210","628627211","642003348","642003349","642003350","642003351","642887056","642887057","642887058","642887059","644875020","644875021","644875022","644875023","644922660","644922661","644922662","644922663"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"24748276":32,"24748277":32,"24748278":32,"24748279":3177,"27138660":34,"27138661":34,"27138662":34,"27138663":3345,"30226404":34,"30226405":34,"30226406":34,"30226407":3345,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"642003348":32,"642003349":32,"642003350":32,"642003351":3177,"642887056":65,"642887057":65,"642887058":65,"642887059":6356,"644875020":46,"644875021":46,"644875022":46,"644875023":4540,"644922660":40,"644922661":40,"644922662":40,"644922663":3973},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"4583681547976083425","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"10489884662367145297","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"10489884662367145297","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"10489884662367145297","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"10489884662367145297","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
content-type
image/png
x-xss-protection
0
server
cafe
1638306756445368
connect.facebook.net/signals/config/ 		81 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.179&r=stable&domain=www.elfcosmetics.com&hme=b8122d5d96cd6f542162ba4f497489972d1ebe228d24c39d34f560e30ae932ce&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
12cd1711c7f4f44d2551961a2bdc9389bdf97cc252342e8b200367db6f862efb
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-vc7SwoG8' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 14:31:25 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-vc7SwoG8' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=29, rtx=0, c=71, mss=1232, tbw=70597, tp=66, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
B6CNhpmJpwuP5svU0LjlyzhpH8wCVv5lJXiM4tkP8DKYsf/zFO4Qye5ysWnzGj8wqGrcRi2rjufgQ2aC/a6H5A==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
16617
x-xss-protection
0
origin-agent-cluster
?1
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1433585259;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
64.233.180.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
on-in-f149.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Mon, 16 Dec 2024 14:31:25 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"10693071817308654575"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0x4d86a4e0a8deccd5","source_keys":["12","13","14","15","16","17","18","19","20","21","27161852","27161853","27161854","27161855","628473576","628473577","628473578","628473579","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","641998712","641998713","641998714","641998715","643969340","643969341","643969342","643969343"]},{"key_piece":"0x8d4d16a6d1d41b25","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","27161852","27161853","27161854","27161855","628473576","628473577","628473578","628473579","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","641998712","641998713","641998714","641998715","643969340","643969341","643969342","643969343"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"27161852":32,"27161853":32,"27161854":32,"27161855":3177,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"641998712":32,"641998713":32,"641998714":32,"641998715":3177,"643969340":32,"643969341":32,"643969342":32,"643969343":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"8853958775144246783","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"10693071817308654575","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"10693071817308654575","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"10693071817308654575","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"10693071817308654575","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
content-type
image/png
x-xss-protection
0
server
cafe
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4cc1v879088318z8896608294za200zb896608294&_gaz=1&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=991174587.1734359486&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sid=1734359485&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&en=page_view&_fv=1&_ss=2&ep.page_type=content&ep.page_environment=production&ep.page_country=CA&ep.page_language=EN&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=8361
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
557 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=991174587.1734359486&gtm=45je4cc1v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=991174587.1734359486&gtm=45je4cc1v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=523342361
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.111.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 16 Dec 2024 14:31:26 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
config
pixel-config.reddit.com/pixels/t2_16331p/ 		3 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/t2_16331p/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=14400
content-encoding
gzip
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
27
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/json
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
max-age=300
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
98
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/json
vary
Accept-Encoding,Origin
server
snooserv
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1734359486023&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=f27bf792802f1bbee67fdf953e596113d84b51f661ed7ab76dfb5aa844e019c7&uuid=a5320c59-f772-4fcb-9124-7ce06f9cb528&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after
0
cross-origin-resource-policy
cross-origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
content-length
42
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
image/gif
server
Varnish
local
www.paypal.com/credit-presentment/experiments/ Frame 428B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.65.2&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
69309
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1524
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
correlation-id
f75637974c2d7
date
Mon, 16 Dec 2024 14:31:26 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-tPVBkoJJLEEu1b03Td9kZikHlB0"
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f75637974c2d7
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f75637974c2d7-e7461b9f8341cf86-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f75637974c2d7-0525f06fd40aa9e9-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
18472, 325, 0
x-served-by
cache-bur-kbur8200087-BUR, cache-yul1970048-YUL, cache-yul1970048-YUL
x-timer
S1734359486.323337,VS0,VE5
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.465&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ef96fb309ad3ea8a14232a1b565d1b0c8e8e5760205f76e9354f0ecfd618d39d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-keMHhs93gewyUrdFatmiCkw2CFqtKb+HrZhqMbnEsyGgbMo9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

paypal-debug-id
f739569bb423d
content-encoding
gzip
etag
W/"368d-bw2spwmn6FRQgmYq9t1dY041b9Q"
age
63719
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
traceparent
00-0000000000000000000f739569bb423d-cc40b62093edfdfb-01
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT, HIT, MISS
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/x-javascript; charset=utf-8
x-served-by
cache-bur-kbur8200077-BUR, cache-yul1970078-YUL, cache-yul1970078-YUL
x-cache-hits
766, 105, 0
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-keMHhs93gewyUrdFatmiCkw2CFqtKb+HrZhqMbnEsyGgbMo9' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
cache-control
public, max-age=3600
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1734359486.161204,VS0,VE4
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
content-length
4802
x-xss-protection
1; mode=block
main.7d8116bd.js
s.pinimg.com/ct/lib/ 		81 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.7d8116bd.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:382::1931 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
fb322d9e801b20f445402380d99d144e674abdc4821c6b5d30936c0ecfe381ab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-max-age
86400
cache-control
max-age=1209600
access-control-expose-headers
X-CDN
content-encoding
br
etag
"b7968e6e7735284fd26091b6f049515c"
x-cdn
akamai
access-control-allow-methods
GET
accept-ranges
bytes
access-control-allow-origin
*
content-length
23467
content-type
application/javascript
vary
Accept-Encoding, Origin
x-amz-server-side-encryption
AES256
activityi;dc_pre=CJ2Y6cjArIoDFXUUiAkd57MPuQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-c...
10742279.fls.doubleclick.net/ Frame 4359
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmeti...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ2Y6cjArIoDFXUUiAkd57MPuQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfc...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ2Y6cjArIoDFXUUiAkd57MPuQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1753382854;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
403
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 14:31:26 GMT
expires
Mon, 16 Dec 2024 14:31:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 14:31:26 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJ2Y6cjArIoDFXUUiAkd57MPuQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2593053065695;npa=1;auiddc=1610136199.1734359484;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=1753382854;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CIX57MjArIoDFd81iAkdyhQXGg;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
9231397.fls.doubleclick.net/ Frame 520D
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefi...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CIX57MjArIoDFd81iAkdyhQXGg;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CIX57MjArIoDFd81iAkdyhQXGg;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1433585259;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.122.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
467
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 14:31:26 GMT
expires
Mon, 16 Dec 2024 14:31:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 14:31:26 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CIX57MjArIoDFd81iAkdyhQXGg;src=9231397;type=retarget;cat=globa0;ord=8977199547492;npa=1;auiddc=1610136199.1734359484;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1433585259;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4cc1v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102198178;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
recaptcha__en.js
www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/ 		547 KB
548 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.elfcosmetics.com
Referer
https://www.elfcosmetics.com/

Response headers

age
82940
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Mon, 15 Dec 2025 15:29:06 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 15 Dec 2024 15:29:06 GMT
last-modified
Mon, 11 Nov 2024 05:00:22 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
560083
x-xss-protection
0
server
sffe
logger
www.paypal.com/xoplatform/logger/api/ 		968 B
889 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f74b9816dd6a7cbb941e020eb23ea70ec93e433a780ec78d81a63573ce45a95
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json
content-type
application/json

Response headers

paypal-debug-id
f7621449e02e2
content-encoding
br
etag
W/"3c8-FcosBIuBt5U0For/bIttMuZsCmQ"
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
x-content-type-options
nosniff
traceparent
00-0000000000000000000f7621449e02e2-4a747cc631643f65-01
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-cache
MISS, MISS, MISS
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/json; charset=utf-8
x-served-by
cache-bur-kbur8200138-BUR, cache-yul1970074-YUL, cache-yul1970074-YUL
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
x-timer
S1734359487.558575,VS0,VE288
access-control-allow-credentials
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
access-control-allow-origin
https://www.elfcosmetics.com
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Mon, 16 Dec 2024 14:31:26 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f8740096b7c32
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f8740096b7c32-cf842c8c57f5d5cd-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-served-by
cache-bur-kbur8200132-BUR, cache-yul1970074-YUL, cache-yul1970074-YUL
x-timer
S1734359486.405626,VS0,VE127
jsp
ut.rd.linksynergy.com/ 		148 B
405 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
81afbb0b6f6971bd4996bc255d6dfda8f588da054e2a7187b4d8b6a761c59114
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
date
Mon, 16 Dec 2024 14:31:26 GMT
x-samesite
secure
content-type
text/plain; charset=utf-8
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27c2:4a00:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
69beb39687e8656561a843b13137c292498648b7f1ae665214eb292527cd436b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-version-id
fgLtE0C.phC7FjS26Fxc9wt33wvWl9V5
etag
"c2b625a2843069c776e8a618c90b952a"
age
85978
via
1.1 a0d145d0791dd4e5051fa117c0e46d48.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
15522
x-amz-cf-id
pSp4fi9l6lmjJFaJxSvOSC5r6Rgt9AObMRHZAGsynhEbt6O27voQDQ==
date
Sun, 15 Dec 2024 14:38:29 GMT
content-type
text/css
last-modified
Mon, 07 Oct 2024 17:19:22 GMT
server
AmazonS3
x-amz-cf-pop
IAD61-P4
x-amz-server-side-encryption
AES256
launcher_configs
external-api.jebbit.com/moments/v2/ 		2 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Requested by
Host: js.jebbit.com
URL: https://js.jebbit.com/companion/v1/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.213.38.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-213-38-112.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

surrogate-control
no-store
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-content-type-options
nosniff
expires
0
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/json; charset=utf-8
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-dns-prefetch-control
off
pragma
no-cache
access-control-allow-credentials
true
x-download-options
noopen
access-control-allow-origin
https://www.elfcosmetics.com
content-length
2
x-xss-protection
1; mode=block
main.MWZiM2ZlMGNjMA.js
analytics.tiktok.com/i18n/pixel/static/ 		345 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7d60c0cd0647ecb04df42bcfd2acd351c105c2d89e2b401ba03b0845336170e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
x-tt-trace-id
00-241210133503703966E8ECC1449FA20A-2283875871EF4BB6-00
content-length
96944
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
20241210133503703966E8ECC1449FA20A
server
nginx
x-akamai-request-id
34c5632d
x-tt-trace-host
011765846845403e2e62ad86cf942530100306fceeb30d1e08a66e1bb8192909678e6d9710d208e04c580fb39e77a74d58f8d185f8e9344b3f5f7601ac8a105c2ef6552bf5f0e9f2beef241654ad5cdfd0e579f9638c80dfb009ee1c095da7bdb7
main.MWZiM2ZlMGNjMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		351 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
da2d5cc7a936d3108413875e85969ff2e0a1bc79e4c9df4fabadb1ec9198e215

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=15
x-tt-trace-id
00-241210133443324A4E04AAF536C54AE5-1C1ED574752CCD0F-00
content-length
98625
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
20241210133443324A4E04AAF536C54AE5
server
nginx
x-akamai-request-id
34c5632e
x-tt-trace-host
014d2b30f2a324615f18ba7add3fcab8977bbf1cf882e0e46a33e24868034b201443c3e980af1a9bf68730ec2ad55e4a81752b3566bc74d46de7a20ee0c3ebccb0758cba0eb63717738d38224f86d8002184f59241ef07b67d2cb0c5630669050b
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1734359486399&sw=1600&sh=1200&v=2.9.179&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1734359486387.497790286195461303&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1734359485840&coo=false&eid=1734359723970_173436037306022&tm=1&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=23, mss=1232, tbw=4549, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1734359486399&sw=1600&sh=1200&v=2.9.179&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1734359486387.497790286195461303&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1734359485840&coo=false&eid=1734359723970_173436037306022&tm=1&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7449017272012975390"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa230b3a6a6e8856b","source_keys":["1"]}],"aggregatable_values":{"1":10922},"aggregatable_source_registration_time":"exclude","filters":{"3":["1521466687872304"]},"debug_reporting":true,"debug_key":"2377826875695752881"}
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
tkzFDt9cozTcIBxq71U98AtXvMDt7Zkh7twAFQCENbKBAz4DnZxwqAlhnXJp1MVtgTUADK7J43AHzzdsPRxCDg==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7449017272012975390", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=29, rtx=0, c=23, mss=1232, tbw=4917, tp=13, tpl=0, uplat=105, ullat=0
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
collect
analytics.google.com/g/s/ 		0
268 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.google.com/g/s/collect?dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067555~102067808~102081485~102198178&_gsid=5D80LRC85NNqGrhYJZeyU9Rt__CTzCHA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:194:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:194:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=m538fUrElOJLNQP1t9a1CBonY9mLzdkWv9804llh9mE%3D.1734359486&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067555~102067808~102081485~102198178&aip=1&z=2060700183
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.111.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 16 Dec 2024 14:31:26 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
stats.g.doubleclick.net/g/ 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=m538fUrElOJLNQP1t9a1CBonY9mLzdkWv9804llh9mE%3D.1734359486&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067555~102067808~102081485~102198178&aip=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
text/plain
server
Golfe2
bd8472f5-e593-40eb-8f37-dbdaf9461f0e
https://www.elfcosmetics.com/ Frame 		0
0
ts
t.paypal.com/ 		42 B
642 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1734359486455&g=480&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
d4f2d38d2ca7a
correlation-id
d4f2d38d2ca7a
expires
Mon, 16 Dec 2024 14:31:26 GMT
traceparent
00-0000000000000000000d4f2d38d2ca7a-009e48e01e4988f0-01
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
server-timing
"traceparent;desc="00-0000000000000000000d4f2d38d2ca7a-1738669535e1bd06-01"";content-encoding;desc="",x-cdn;desc="fastly"
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
image/gif
x-served-by
cache-bur-kbur8200135-BUR, cache-yul1970073-YUL
x-cache-hits
0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-timer
S1734359487.579815,VS0,VE97
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
5013978.js
bat.bing.com/p/action/ 		363 B
422 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 03FC226366BA45D5AC922391415FCCE3 Ref B: YMQ01EDGE0309 Ref C: 2024-12-16T14:31:26Z
x-cache
CONFIG_NOCACHE
date
Mon, 16 Dec 2024 14:31:25 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-dw-request-base-id
lUpmyb45YGcBAAB_
cf-cache-status
DYNAMIC
age
0
expires
Thu, 01 Dec 1994 16:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
ty4AcQnJpTGhr2Tph0RQ-BLn0PNTakcD-Yrq6MNJAj0rJp4UatvOgA==
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
application/json
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513339 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 cb0b891eddf58d69d157d55977c68bce.cloudfront.net (CloudFront)
cf-ray
8f2f60890e615ebf-PDX
x-yottaa-metrics
2521cc02858e/[439,437,-] 25D1cc028531/[-,439.703]
access-control-allow-origin
*
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-amz-cf-pop
SFO53-P2
config
www8.eu.inside.chat/ 		231 B
697 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/config?acc=IN-1011171&pid=&c1=OK&dev=1&url=https%3A%2F%2Fwww.elfcosmetics.com&sid=14&j=1
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5848cfb1deebf7628b50ffb424a4bfcbdaec47eb0234c2183238e097c967b43b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f2f6088ed7ca2f3-YUL
expires
Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=86400
p3p
CP="insert_p3p_privacy_policy_here"
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
application/json; charset=UTF-8
last-modified
Sat, 01 Jan 2000 00:00:00 GMT
server
cloudflare
/
ct.pinterest.com/user/ 		321 B
749 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1734359486743&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.7d8116bd.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.222.169.165 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-222-169-165.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Epik,Pin-Unauth
content-encoding
gzip
x-pinterest-rid-128bit
07cfa4eb41980e76c7d8543846c52589
expires
Sat, 01 Jan 2000 00:00:00 GMT
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
0
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
pin-unauth
dWlkPVptTmhOVE0wT1RNdFltTXpNQzAwTm1JMUxUazNNbVF0WVRReVpqRTVOakJtTjJNNA
pinterest-version
6f64cf0da0cf8ebd801f8dbeb960952acb634be5
access-control-allow-origin
https://www.elfcosmetics.com
content-length
186
akamai-grn
0.0e69dc17.1734359486.274284a1
x-pinterest-rid
1440035240919938
/
ct.pinterest.com/user/ 		321 B
772 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221734359723970_173436037306022%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1734359486745&dep=5%2CEVENT_TAGS_ABSENT
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.7d8116bd.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.222.169.165 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-222-169-165.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Epik,Pin-Unauth
content-encoding
gzip
x-pinterest-rid-128bit
57d68a6b0f319d43178110c9c9f5a295
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=604800
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
0
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
pin-unauth
dWlkPU1HRmpObVJsWTJZdE1XWTFaUzAwTWpCbUxUZ3pZVEl0TmpFd01tSmpZbUUxTW1ReA
pinterest-version
6f64cf0da0cf8ebd801f8dbeb960952acb634be5
access-control-allow-origin
https://www.elfcosmetics.com
content-length
186
akamai-grn
0.0e69dc17.1734359486.274284a0
x-pinterest-rid
1693653393730806
/
ct.pinterest.com/v3/ 		35 B
546 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%227d8116bd%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1734359486812
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.7d8116bd.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.222.169.165 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-222-169-165.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-pinterest-rid-128bit
d517d5571999bef57f2300f53ff14409
expires
Sat, 01 Jan 2000 00:00:00 GMT
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
image/gif
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
1
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
pinterest-version
6f64cf0da0cf8ebd801f8dbeb960952acb634be5
access-control-allow-origin
https://www.elfcosmetics.com
content-length
35
akamai-grn
0.0e69dc17.1734359486.274284a2
x-pinterest-rid
9161167120341484
identify_45dd5971.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_45dd5971.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2adcf9fd70c1c834f4b13d732b66f4900cec9a6bbdc587b85dbc68cdd9a34be4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-cache
TCP_MEM_HIT from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
x-tt-trace-id
00-241115054234CB20E2EAAE45441E41C9-705D54DA542EE7DA-00
content-length
39593
date
Mon, 16 Dec 2024 14:31:26 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
20241115054234CB20E2EAAE45441E41C9
server
nginx
x-akamai-request-id
34c5667d
x-tt-trace-host
01b1cdb2cad4b1628becc1bdfd0d306258e9311111f262f61b01da43f164ef6f62e91d16e239e52459304b5bc7a36d4467ac91f6fc9b3c40b51043eafdbc379367ec78a80a83c7e4fa6ecb0719cc13164f03a1ab9085a596bb0ac0dee26eaa8cbd
pixel
analytics.tiktok.com/api/v2/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=153, cdn-cache; desc=MISS, edge; dur=8, origin; dur=157
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c567fa
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75e5eb5cc4bf18ad540a67926c5bf1e53674ec4eb6ba121f748ee60ad18c1ac8263dcbec3325658fc239f590c717d611773076db1853c6a62b3c4d8512af2aec17
x-origin-response-time
157,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241216143127439AD44015E0EC43C2B4-49EE73A545EFC25E-00
content-length
0
x-tt-logid
20241216143127439AD44015E0EC43C2B4
server
nginx
pixel
analytics.tiktok.com/api/v2/ 		0
721 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=19, cdn-cache; desc=MISS, edge; dur=28, origin; dur=33
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c567fb
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75e4cdaef946a59b45b3798e0de4a60b94bb05d30e8f4049835d507405b4833645fdcfd58984c7b5c2276a0b419b517c381d8579e75a56dbd79d7df4e353403fc7
x-origin-response-time
34,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241216143127D29D3128A8667DEE8E5C-62241BDEA963E639-00
content-length
0
x-tt-logid
20241216143127D29D3128A8667DEE8E5C
server
nginx
pixel
analytics.tiktok.com/api/v2/ 		0
717 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=22, cdn-cache; desc=MISS, edge; dur=7, origin; dur=28
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c567fc
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75d2c4a7e7ad1b5cf655f68f278c0984cd89b42c9b9d8f141faa220c0f9acdb4860d27d06a05af507753b1565755ba2a5524407366180bd2db45d74c1f2167898d
x-origin-response-time
28,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2412161431279EEF1A2220C05E7E9CD3-4C0035084CD52498-00
content-length
0
x-tt-logid
202412161431279EEF1A2220C05E7E9CD3
server
nginx
0
bat.bing.com/action/ 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=2da2ae4e-d00f-4200-a7b9-4008651b964e&bo=1&sid=6ec93db0bbba11ef8dfa8dec34f28896&vid=6ec98fa0bbba11efb3f7ebfc58e1461b&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=6687&evt=pageLoad&sv=1&cdb=AQET&rn=203973
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 88BBB5F29B074FB9968CE89FDDFE8AAE Ref B: YMQ01EDGE0309 Ref C: 2024-12-16T14:31:26Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Mon, 16 Dec 2024 14:31:26 GMT
runtime_c81e76ee00d795b1eebf8d27949f8dc5.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		908 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_c81e76ee00d795b1eebf8d27949f8dc5.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
546e554a3c51ce180d022de9ff5506f14603b38d40ece9f2be43c88328358a52

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=zwy9lg==, md5=HCxXU9+1dkCoulTxEZNLMA==
etag
"1c2c5753dfb57640a8ba54f111934b30"
age
234998
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
509
date
Fri, 13 Dec 2024 21:14:49 GMT
last-modified
Fri, 13 Dec 2024 20:51:08 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC5fmkSZziD1x7pGz8FI9_u1iod7eR6qRBtoAx_piFNKED6TCswvIprmCjOYESpIrnLVN_HU6Uk
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1734123068468998
content-length
509
server
UploadServer
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=34, cdn-cache; desc=MISS, edge; dur=6, origin; dur=38
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c567fd
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75f63e88dd8938e48953df3edb64c5a1e0263abde2b91bf7ca0794e8fcb66dc07479d729b22ec3f911e5c3a1aa646846ae5d77d1f1e9f49b0d38dba6abbad79051
x-origin-response-time
38,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2412161431272BF18280BE9144DBF622-5F038D569F7735C6-00
content-length
0
x-tt-logid
202412161431272BF18280BE9144DBF622
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=28, cdn-cache; desc=MISS, edge; dur=9, origin; dur=48
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c567fe
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75eed70fc7058fce6631c4b5cc11fbfbbab155376000dddecb8b78c024bda2d1ee7d1c1c8fece67e42d80c7d83f4d4e519795ca165d6d2b787937185b219d6be97
x-origin-response-time
48,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2412161431274F3B4EEE3AC2AE9DEA42-57832995A3A0B3C8-00
content-length
0
x-tt-logid
202412161431274F3B4EEE3AC2AE9DEA42
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=27, cdn-cache; desc=MISS, edge; dur=7, origin; dur=31
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c567ff
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75083dad36c82bb7e67ededf8d8f30dd6177a507abe40040aa3572d7e62f8769cfd7582441fc7c41734181008d8397a7b194f68f9fae3b0d1585149ea8aeed5c41
x-origin-response-time
31,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241216143127CAD56EFFAC139F7C8C82-5E7BD3A76FC636BE-00
content-length
0
x-tt-logid
20241216143127CAD56EFFAC139F7C8C82
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
717 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=26, cdn-cache; desc=MISS, edge; dur=11, origin; dur=44
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c56800
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75c3f53d3ba69f93aa0ce046dde2b7b1b4d05f6783e711fbfb5312a1aa7df92823723cf1d2de20868a2225f8e63f2a8ea172f2827b89af11032ca1b0cd8520f4b0
x-origin-response-time
46,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2412161431273040690AAC76037C8476-1B80848D89601109-00
content-length
0
x-tt-logid
202412161431273040690AAC76037C8476
server
nginx
act
analytics.tiktok.com/api/v2/pixel/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=25, cdn-cache; desc=MISS, edge; dur=7, origin; dur=29
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c56801
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75a2f08d65995f9a77ef771203820139d9849bb047b582941f931c7e1382e948b0ad5cc78290a75f6e1d810314aff4bff6b80b4ed9add1c581eaf55bb95a8bc9da
x-origin-response-time
29,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-241216143127F955DD1B64C73A7FA69C-6B6B25B48FD0ACAF-00
content-length
0
x-tt-logid
20241216143127F955DD1B64C73A7FA69C
server
nginx
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D10C) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

paypal-debug-id
54b14e6059c82
content-encoding
br
etag
"64f25363-daa8"
x-content-type-options
nosniff
expires
Mon, 16 Dec 2024 15:31:27 GMT
traceparent
00-000000000000000000054b14e6059c82-a52794c9f8bb33f1-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
application/javascript
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges
bytes
content-length
15742
server
ECAcc (nyd/D10C)
/
ct.pinterest.com/v3/ 		35 B
65 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221734359723970_173436037306022%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1734359486989&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPVptTmhOVE0wT1RNdFltTXpNQzAwTm1JMUxUazNNbVF0WVRReVpqRTVOakJtTjJNNA%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%227d8116bd%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.7d8116bd.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
173.222.169.165 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-222-169-165.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-pinterest-rid-128bit
a347d3bd1e42528143f8f16cca070e57
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=604800
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
image/gif
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
no-cache,no-store,must-revalidate,max-age=0
pragma
no-cache
x-envoy-upstream-service-time
2
x-cdn
akamai
access-control-allow-credentials
true
referrer-policy
origin
quic-version
0x00000001
pinterest-version
3d92257897107be8ea2c6613dcfb8dbea319fa46
access-control-allow-origin
https://www.elfcosmetics.com
content-length
35
akamai-grn
0.1169dc17.1734359487.51452479
x-pinterest-rid
4897930044313636
main-v2_44fe2c098b60c8c639efcfedbd11da35.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		526 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_44fe2c098b60c8c639efcfedbd11da35.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d912942513f9f5243a8ba8caa5b9324c9f27db28699eab7bb21eb981bbd31639

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=YPJsgQ==, md5=tUVOEAbqEqPxVjB9SqxBSw==
etag
"b5454e1006ea12a3f156307d4aac414b"
age
113127
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
116737
date
Sun, 15 Dec 2024 07:06:00 GMT
last-modified
Fri, 13 Dec 2024 22:37:25 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC40xjZXvbibOpMZLrac4FJZUBPrg0kP9XuqjQyoBzD0kTvSXl2wiY0WFTfLlDpVHw0PqGF361s
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1734129445471395
content-length
116737
server
UploadServer
cjs_min_6ef1802500d8367a80105e664862d0d7.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
56aea4e78cf1538541603e3c8f14b15dfc9bfee27cadb946f8b3017ebe8abe3b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
gzip
x-goog-hash
crc32c=6P9MLA==, md5=6BERCLAZEJG3E4hTDg5sSQ==
etag
"e8111108b0191091b71388530e0e6c49"
age
53569
ad-auction-allowed
true
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
15758
date
Sun, 15 Dec 2024 23:38:38 GMT
last-modified
Wed, 06 Nov 2024 14:57:41 GMT
content-type
text/javascript; charset=utf-8
x-guploader-uploadid
AFiumC7IcV0RNabgsHltAPegOkO2JIQW3FRVSgL0u_lpFpxHPrrgInRTguY6SCd56g8H83je0wwmhno
cache-control
public,max-age=31536000,no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730905061873049
content-length
15758
server
UploadServer
cf
www8.eu.inside.chat/page/ 		175 B
226 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/page/cf?_=1734359487026.1975
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a588969da06c7db822106f599c7992df8239c8227dd0591aa9a67ed4a43cf3d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-encoding
br
cf-cache-status
DYNAMIC
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f2f608a880ba2f3-YUL
expires
Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
application/json
last-modified
Sat, 01 Jan 2000 00:00:00 GMT
vary
Accept-Encoding
server
cloudflare
index.html
www.paypalobjects.com/muse/analytics/ Frame CF7B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D191) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
br
content-length
16057
content-type
text/html
date
Mon, 16 Dec 2024 14:31:27 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"671aa070-db19"
expires
Mon, 16 Dec 2024 15:31:27 GMT
last-modified
Thu, 24 Oct 2024 19:30:56 GMT
paypal-debug-id
2c305a3d9131f
server
ECAcc (nyd/D191)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-00000000000000000002c305a3d9131f-bbac8e8641eb11d5-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.98.106.171 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
171.106.98.34.bc.googleusercontent.com
Software
/
Resource Hash
f3ee233d8819e508bb5518fe58a3109712e1162aaec3a3470ca19e48e1a91db2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Mon, 16 Dec 2024 14:31:27 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.190.20.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.20.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4a970797076346b140129a69e017d8d2370f6bbb2ce9ba4c1b5a398f3366a202

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Mon, 16 Dec 2024 14:31:27 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_6ef1802500d8367a80105e664862d0d7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.227.248.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
175.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
066a1d0ca8739927212da5ca749914d066de699b9aae2614a4165eeecd11f0d8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
keep-alive
Expires
0
Access-Control-Allow-Origin
*
Date
Mon, 16 Dec 2024 14:31:27 GMT
Content-Type
application/json
Access-Control-Allow-Headers
Origin, Content-Type, Accept
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWZiM2ZlMGNjMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.249.23 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-212-249-23.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Mon, 16 Dec 2024 14:31:27 GMT
server-timing
inner; dur=18, cdn-cache; desc=MISS, edge; dur=56, origin; dur=41
x-cache
TCP_MISS from a23-220-105-22.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (-)
date
Mon, 16 Dec 2024 14:31:27 GMT
x-akamai-request-id
34c568cc
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d94386604136c3274bac89b2ba99c403837e75eabe30643f0f6eaa75a81ecdc579f6889205eb13be0056c909b9502e7739841f1380df4e28c6d551e802b10f434f3d06aea1dfce3f0bfc852dcd5caaf7c924bb
x-origin-response-time
42,23.220.105.22
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24121614312758C70A61141C6C83B58F-77FFD14D4FAADEAB-00
content-length
0
x-tt-logid
2024121614312758C70A61141C6C83B58F
server
nginx
inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_75060a85c1a4aebcc6f779b9e84db722.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=df/Fww==, md5=CihY9k4bsokmzU8kBOwKQw==
etag
"0a2858f64e1bb28926cd4f2404ec0a43"
age
53568
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
5475
date
Sun, 15 Dec 2024 23:38:39 GMT
last-modified
Fri, 13 Dec 2024 22:37:19 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC6pJieMrS2wnlAg7ZlKM3claKJ06AUzilKnuxEVkfX6dOYiwbLa7Lx9_f22_SPlCGxafzvtiIo
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1734129439865485
content-length
5475
server
UploadServer
onsite-v2_abbdf7a49be9b52b097917b7b527b262.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_abbdf7a49be9b52b097917b7b527b262.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a8b68b46f44aac34f59d2926e8db6bdae4bc3b7fe3aad60948e97f428b087531

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
br
x-goog-hash
crc32c=YWhgXQ==, md5=E+t6bCqMhb3KnLqECwDbLA==
etag
"13eb7a6c2a8c85bdca9cba840b00db2c"
age
500186
ad-auction-allowed
true
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
5039
date
Tue, 10 Dec 2024 19:35:01 GMT
last-modified
Mon, 09 Dec 2024 19:55:19 GMT
content-type
text/javascript
x-guploader-uploadid
AFiumC7kfXh9oEqmj9YIKAaT0EFTQJ0hVopl5gjcsUFYkV54YOECYPHgQSUZvkfaJfKsL6wcW1k9MYI
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1733774119660817
content-length
5039
server
UploadServer
collect
sgtm.elfcosmetics.com/g/ 		912 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=991174587.1734359486&ecid=591609433&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=671481759.1734359484&sst.etld=google.ca&sst.adr=1&sst.ude=0&sid=1734359485&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=4&tfd=10259&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
ae4473634c431ad9f967c6f8d8011562526f973baa8834afc79fefd66d4934c5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
text/plain
server
Google Frontend
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je4cc1v879088318z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=991174587.1734359486&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=MA&_s=2&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&sid=1734359485&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tfd=10313
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c&gtm=45He4cc1v896608294za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.elfcosmetics.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
text/plain
server
Golfe2
event
www.elfcosmetics.com/api/en-ca/v2.0/ 		105 B
672 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/en-ca/v2.0/event?locale=en-CA
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/ Express
Resource Hash
dae2962d0ad512373f5e70c5bd6b0a106ad88a7d00f6722d6dcdd46f196555c6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

content-encoding
gzip
x-amzn-remapped-connection
keep-alive
etag
W/"69-x2cUsGggasDhH8lm5ldQzkoCh0c"
age
0
x-content-type-options
nosniff
x-amzn-requestid
669de1ad-674b-45db-a1a8-c5aa81fb1bda
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513340 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-os
200
x-amz-apigw-id
C432DGFtvHcEBmg=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:28 GMT
x-amzn-trace-id
Root=1-676039bf-0e4dd7104324d51f248a7e62
x-yottaa-metrics
2521cc02858c/[165,164,-] 25D1cc028531/[-,166.629]
access-control-allow-origin
*
content-length
109
x-powered-by
Express
new-9FAEE5
cdn.media.amplience.net/i/elfcosmetics/ 		722 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/new-9FAEE5?%24Desktop%24=&fmt=auto&w=22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
8df9e9875419d2c0d1bc8af23e63949a7e20b1ff5cd2f57c7958fc65a7be8b56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
MMzgg5zba,l4p5bDg2e,mF-g78ke7,tJjh4FgGa,WepA0szpz
x-amp-source-width
112
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
image/avif
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
2L96xQzsaU
x-amp-source-height
96
accept-ranges
bytes
access-control-allow-origin
*
content-length
722
x-amp-published
Thu, 30 May 2024 19:09:02 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
badge-holiday-blue-background
cdn.media.amplience.net/i/elfcosmetics/ 		197 KB
197 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/badge-holiday-blue-background?%24Desktop%24=&fmt=auto
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
16c9b20cc559c1c9146dcd9c4915775b66d6728e4bba2714f3bfbe45218402d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
NltkwMH7-,l4p5bDg2e,mF-g78ke7,MjU8swIY_,DtzGFM5oJ
x-amp-source-width
237
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
image/webp
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
AhhBhipsS5
x-amp-source-height
237
accept-ranges
bytes
access-control-allow-origin
*
content-length
201390
x-amp-published
Sun, 24 Nov 2024 15:28:42 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
holyGrail-FFAE62
cdn.media.amplience.net/i/elfcosmetics/ 		735 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/holyGrail-FFAE62?%24Desktop%24=&fmt=auto&w=22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
c78f8435e7b99d460a79994b0ff71a74985547ce2991a67559831f3ed143b0e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
Mev91fF6Q,l4p5bDg2e,mF-g78ke7,41UJNF_BE,WepA0szpz
x-amp-source-width
112
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
image/avif
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
HgL9UjZZDX
x-amp-source-height
96
accept-ranges
bytes
access-control-allow-origin
*
content-length
735
x-amp-published
Wed, 08 Nov 2023 14:59:25 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
staffPicks-white
cdn.media.amplience.net/i/elfcosmetics/ 		656 B
979 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/staffPicks-white?%24Desktop%24=&fmt=auto&w=22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:e::17cd:6a1a Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Unknown /
Resource Hash
b02a020f88f0cd42fad80078f958d9a87a2f83cee756d5fb426a40bc9823da92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-tag
L4yuHL3IH,l4p5bDg2e,mF-g78ke7,4MizThq0Q,WepA0szpz
x-amp-source-width
112
x-content-type-options
nosniff
date
Mon, 16 Dec 2024 14:31:27 GMT
content-type
image/avif
x-frame-options
DENY
cache-control
max-age=1800, s-maxage=86400
x-req-id
z39YGaffQv
x-amp-source-height
96
accept-ranges
bytes
access-control-allow-origin
*
content-length
656
x-amp-published
Thu, 09 Nov 2023 14:42:35 GMT
x-amp-srv
A
x-xss-protection
1; mode=block
server
Unknown
84641_OPENA_v4_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw81e17a61/2024/CamoLiquidBLUSHExt/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw81e17a61/2024/CamoLiquidBLUSHExt/84641_OPENA_v4_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
f89ecfe895e92414e7dc009d8c1eb6c3a642307fa86f9c8ff2f498368ae73df6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
3279124
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Hit from cloudfront
x-amz-cf-id
vNcAD2Z_xgPNkdDw6YE9oIIhX-aUMuLVL30pdTufyHTyfGZxEQeSyA==
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Tue, 18 Nov 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028531-1730834774-9238055973 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 c601f966b37ebf3a1ddf28f033b35904.cloudfront.net (CloudFront)
cf-ray
8df6911ac83c232b-SJC
x-yottaa-metrics
2521cc028a8b/[3,-,1731079433426] 25D1cc028531/[hit]
access-control-allow-origin
*
content-length
3216
x-amz-cf-pop
SFO53-C1
x-amz-server-side-encryption
AES256
82013_OPENA_v5_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw286e5dc4/2024/GlowReviverLipOilEXT/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw286e5dc4/2024/GlowReviverLipOilEXT/82013_OPENA_v5_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
a9cee4ae5c5bfb20c25f86bf00116525f9051fabb4e582fd0682305e6e592fc4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
1146100
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Miss from cloudfront
x-amz-cf-id
WTc2M982K7bemk7Z4zDDVdhN_kZKnkNRfEnV2rzGdYt6p5_zDYP1AA==
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Sat, 03 Jan 2026 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028531-1732636694-2717061184 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 04e6cfc6f03b8f5e6f5459aacc86b372.cloudfront.net (CloudFront)
cf-ray
8ec210783d3ccfb8-SJC
x-yottaa-metrics
2521cc028522/[2,-,1733213259615] 25D1cc028531/[hit]
access-control-allow-origin
*
content-length
4041
x-amz-cf-pop
SFO5-P2
x-amz-server-side-encryption
AES256
70982_HLGFT_InPack_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw576d8aa0/2021/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw576d8aa0/2021/70982_HLGFT_InPack_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e4d664226d33e07026830341e27f86bd29cd5edeb37de67d0752066809bb1ba6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
3117420
x-cache
Miss from cloudfront
x-amz-cf-id
p-QsYJg_giLapRZ4E9dZapKGpYvCBrMcOmBeHfsRz5OLSye5X_Dr1w==
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Mon, 09 Dec 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028531-1730834774-9240142692 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 62c71b579b931f194fbc7abcc843d132.cloudfront.net (CloudFront)
cf-ray
8e05ce643af07abc-SJC
x-yottaa-metrics
2521cc028527/[3,-,1731239230135] 25D1cc028531/[hit]
access-control-allow-origin
*
content-length
13997
x-amz-cf-pop
SFO53-C1
x-amz-server-side-encryption
AES256
84700_OpenA_V3_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwe1a90346/2023/HaloGlowWandBlush/ShadeExtensions/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwe1a90346/2023/HaloGlowWandBlush/ShadeExtensions/84700_OpenA_V3_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
254e48ee430d6d16e7bab2efbcc141f472111d25e8a522a966d3f93ff7f43297

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
3278852
x-cache
Hit from cloudfront
x-amz-cf-id
gxJavUIiDFNais-J2Ptgux0ScA0tlW5GIKb838fJsR4FV_xDRTtMVg==
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Mon, 09 Dec 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028531-1730834774-9238058181 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 f8e39b59dd045139140ce58fd7a75258.cloudfront.net (CloudFront)
cf-ray
8df693095d377ad0-SJC
x-yottaa-metrics
2521cc028534/[2,-,1731079512548] 25D1cc028531/[hit]
access-control-allow-origin
*
content-length
3411
x-amz-cf-pop
DFW57-P9
x-amz-server-side-encryption
AES256
22092_OpenB_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwaefd226e/2023/CreamGlideLipLiner/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dwaefd226e/2023/CreamGlideLipLiner/22092_OpenB_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3737cc343524433d59bc1654afbddd4ef5036667f946f9b432e1b9e472d5a28

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
3280022
x-cache
Miss from cloudfront
x-amz-cf-id
IZclbUH3v8gOFvElS9k3gb4w98axvOe-6g36tFbWEiEF3z64ICPw9g==
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Mon, 09 Dec 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028531-1730834774-9238048976 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 d2fb2c2e894a4859713eb3b4c93f9826.cloudfront.net (CloudFront)
cf-ray
8df6919b78562289-SJC
x-yottaa-metrics
2521cc028a79/[3,-,1731079454011] 25D1cc028531/[hit]
access-control-allow-origin
*
content-length
2171
x-amz-cf-pop
DFW57-P9
x-amz-server-side-encryption
AES256
82292_OpenA_V3_R.jpg
www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw1218c1df/2023/PoutCloutLipPlumpingPen/PinkyOut/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.elfcosmetics.com/dw/image/v2/BBXC_PRD/on/demandware.static/-/Sites-elf-master/default/dw1218c1df/2023/PoutCloutLipPlumpingPen/PinkyOut/82292_OpenA_V3_R.jpg?sfrm=png&sw=252
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e2e68d3c30718c583fa70c9f64080e1199155a4a3db901d740792af72e523720

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals

Response headers

cf-bgj
h2pri
cf-cache-status
HIT
age
3279124
x-amz-storage-class
INTELLIGENT_TIERING
x-cache
Miss from cloudfront
x-amz-cf-id
GXkQcaGPKJR2jmLRPecb7ViYcehFH-ekPQn39nqSsB9bJAEGqeYDWw==
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
image/jpeg
x-amz-meta-cleanquerystring
sfrm=png&sw=252
x-amz-expiration
expiry-date="Tue, 18 Feb 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
x-yottaa-optimizations
ob/101 si/25D1cc028531-1730834774-9238055977 tts/1731079396337 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-yottaa-forcecache
true
cache-control
public, max-age=31104000
via
1.1 ac3f0425be668a2439884bb8cbd3ccd8.cloudfront.net (CloudFront)
cf-ray
8df6919b7d177ad0-SJC
x-yottaa-metrics
2521cc028a8d/[3,-,1731079454016] 25D1cc028531/[hit]
access-control-allow-origin
*
content-length
2891
x-amz-cf-pop
SFO53-C1
x-amz-server-side-encryption
AES256
frontend-framework.js.bundle
cdn8.eu.inside.chat//js/ 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat//js/frontend-framework.js.bundle?v=a741df0-5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ada904b348f3aec8423f2b8a1335f55aa68d2d8d636da40fb02a2ac7cd4b193
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
cf-bgj
minify
etag
W/"b3dc4c62828cfc4d4eb3792ee171d025"
age
18
cf-cache-status
HIT
expires
Tue, 24 Dec 2024 14:31:28 GMT
cf-polished
origSize=317309
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
text/javascript
vary
Accept-Encoding
priority
u=3,i=?0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=691200
cf-ray
8f2f60900ee8ab6d-YYZ
server
cloudflare
heap_config.js
cdn.us.heap-api.com/config/1042782804/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.us.heap-api.com/config/1042782804/heap_config.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-103-75.iad61.r.cloudfront.net
Software
nginx / Express
Resource Hash
974f64bede7bfa0bbd7ebbeb0c6123ea1551023c2f01b3407bc6c24e542f8465
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
gzip
etag
W/"4a1-khVWgibEFY+tOqwYBmK7vvo13QU"
age
107
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
3b47Bueln2I5BLb_nhdOjzxCbGZbWvDHjKSvzpiLiCm-fIcx-WPobA==
date
Mon, 16 Dec 2024 14:29:59 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=120
cross-origin-resource-policy
cross-origin
via
1.1 9bba1485ff47cf63bc393925f38d12fc.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P1
x-powered-by
Express
server
nginx
ts
t.paypal.com/ 		42 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1734359488094&g=480&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
e99d746ca4377
correlation-id
e99d746ca4377
expires
Mon, 16 Dec 2024 14:31:28 GMT
traceparent
00-0000000000000000000e99d746ca4377-a1e58eae35a69513-01
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
server-timing
"traceparent;desc="00-0000000000000000000e99d746ca4377-d1b3186d5603da94-01"";content-encoding;desc="",x-cdn;desc="fastly"
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
image/gif
x-served-by
cache-bur-kbur8200054-BUR, cache-yul1970073-YUL
x-cache-hits
0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-timer
S1734359488.104158,VS0,VE125
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
173.222.169.165 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-222-169-165.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
85ab852bfb2016bce3933a1c7107b1bce807179f46364db291ab1f86b89addbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
cache-control
max-age=7200
content-encoding
gzip
etag
"6d0ca67bea866259c359c2d1e93bf622"
x-cdn
akamai
quic-version
0x00000001
alt-svc
h3=":443"; ma=604800
content-length
2092
date
Mon, 16 Dec 2024 14:31:28 GMT
akamai-grn
0.1169dc17.1734359488.51452dcb
content-type
application/javascript
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
ct.html
ct.pinterest.com/ Frame 918B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443";ma=604800
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 14:31:28 GMT
pinterest-version
6f64cf0da0cf8ebd801f8dbeb960952acb634be5
referrer-policy
origin
x-cdn
fastly
x-envoy-upstream-service-time
1
x-pinterest-rid
1646311486731136
x-pinterest-rid-128bit
8938187fdf52207816d8df931c412fd6
anchor
www.google.com/recaptcha/api2/ Frame 8CF1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu&co=aHR0cHM6Ly93d3cuZWxmY29zbWV0aWNzLmNvbTo0NDM.&hl=en&type=image&v=pPK749sccDmVW_9DSeTMVvh2&theme=light&size=invisible&badge=bottomright&cb=7hmg46cjbdps
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.179.147 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
pd-in-f147.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Uqlj-pCyPyvl3IMYlHRBtA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Uqlj-pCyPyvl3IMYlHRBtA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 14:31:28 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=693843137&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115...
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=1229160044&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=1229160044&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z88966...
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=1229160044&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z889660...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/698270988/?random=1229160044&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1610136199.1734359484&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIh-nxycCsigMVLQqICR2LMzstMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdMel91Z1lRaFBPNzY0TFd4czFVRWkwQVNsYmZQMHVIQV9YbHM2c0hFMWF5WFJ0YlZ5M3NxSm9Cb0hER1h2NDRBWnNPemJUQk9iYkVCc2V3UWtR&is_vtc=1&cid=CAQSKQCa7L7du2VfrMF7pbWEWvefhFJ-9FxI9bwjIXisc25s_2X_QIZrQh34&eitems=ChAIgLz_ugYQhsK70YnlyZZCEh0ADbz98zT0UuCpoI64JQlEQ7HXc69sW-6gulBUrQ&random=2904600337&ipr=y
Protocol
H3
Server
142.251.111.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 16 Dec 2024 14:31:29 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.ca/pagead/1p-conversion/698270988/?random=1229160044&fst=1734359487948&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=1610136199.1734359484&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&tag_exp=101925629~102067555~102067808~102081485~102198178&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAkondHJpZ2dlciwgZXZlbnQtc291cmNlO25hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMIh-nxycCsigMVLQqICR2LMzstMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tL0JXQ2hBSWdMel91Z1lRaFBPNzY0TFd4czFVRWkwQVNsYmZQMHVIQV9YbHM2c0hFMWF5WFJ0YlZ5M3NxSm9Cb0hER1h2NDRBWnNPemJUQk9iYkVCc2V3UWtR&is_vtc=1&cid=CAQSKQCa7L7du2VfrMF7pbWEWvefhFJ-9FxI9bwjIXisc25s_2X_QIZrQh34&eitems=ChAIgLz_ugYQhsK70YnlyZZCEh0ADbz98zT0UuCpoI64JQlEQ7HXc69sW-6gulBUrQ&random=2904600337&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 16 Dec 2024 14:31:29 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
jquery-3.7.1.min.js
assets.bounceexchange.com/assets/bounce/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.7.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=fsBEgw==, md5=LIctvmD0unD7hTVhE9izXg==
content-encoding
br
etag
W/"2c872dbe60f4ba70fb85356113d8b35e"
age
113101
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
87533
date
Sun, 15 Dec 2024 07:06:27 GMT
last-modified
Fri, 13 Dec 2024 22:37:03 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
x-guploader-uploadid
AFiumC4M7AMCLJj-b1ePce_7SiFFjg3SmngEbvb1qW7QbpQzwdmkcY-prb4D_igxpo-1b__o
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
none
access-control-allow-origin
*
x-goog-generation
1734129423126708
content-length
31009
server
UploadServer
negotiate
www8.eu.inside.chat/signalr/ 		391 B
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/signalr/negotiate?clientProtocol=2.1&k=IN-1011171%3A24478549-3889abe27c5766da3eebff9bc8fabba9a7e3a197bed8d49f08b10ca10436ff63-5-5%3A128585262%3A1082574&c=84249b9bb3ca9abd1850c3fcc19dbf48&nc=0&connectionData=%5B%7B%22name%22%3A%22insidesocialhub%22%7D%5D&_=1734359486370
Requested by
Host: cdn8.eu.inside.chat
URL: https://cdn8.eu.inside.chat/ig.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a33829c39b1a9ff45ceb69c2435b62a1dd3b43c03e493cb0b59e3f1fa5667f70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
text/plain, */*; q=0.01
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
expires
-1
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
application/json; charset=UTF-8
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
no-cache
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f2f60918fae3a05-YYZ
access-control-allow-origin
https://www.elfcosmetics.com
server
cloudflare
ig.css
cdn8.eu.inside.chat// 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn8.eu.inside.chat//ig.css?dev=1&_a741df0-5
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a506503adb523ec7fd71e1cd5b953922dea386950cf0ea6355d1037bd7c6d1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

content-encoding
br
cf-bgj
minify
etag
W/"467ac5f0ff9ddafc490fa480f5fdb10b"
age
2532
cf-cache-status
HIT
expires
Tue, 24 Dec 2024 14:31:28 GMT
cf-polished
origSize=12828
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
public, max-age=691200
cf-ray
8f2f60915ff7ab6d-YYZ
server
cloudflare
388f713c9de3b8ed7cf80b3cbc
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/388f713c9de3b8ed7cf80b3cbc
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/vendor.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
357123db40fdde96dd9e4b478ce677d3e43f8fdeb86c67381cba2071273f9278
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmM0NDBhZGVlLTY1ZTEtNGNiZC05YTIzLTAyODk2NjBiYzk3NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzQzNTk0NTMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid1hvWWtlZEl4dXNSbEh0SmtxWVl3MGhJOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNDM2MTI4MywiaWF0IjoxNzM0MzU5NDgzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzAzNDA4NDUwODcwMzM2NiJ9.iN1FHljlRz3wsddOkOLWUOC4xFZLoIXQyz_BRxyubKdq3vZvpVQ0D9-bAVM9RNhi33a9jz47EZzaEhsFV4q2Mw
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
c_x-pwa-request
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/json

Response headers

x-dw-resource-state
dd2ca8921a00975c59818bac78dbc8023969540b433e6166c3877b42855d39c5
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
content-encoding
gzip
x-dw-request-base-id
lUrUycA5YGcBAAB_
etag
dd2ca8921a00975c59818bac78dbc8023969540b433e6166c3877b42855d39c5
age
0
x-dw-version-status
obsolete
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
x-yottaa-profileid
5a0c9b7632f01c35d4210220
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
zWPO5KYyEnE4LMeKzO25HG_XhoZahE0pZ9tf0eZsKliiEf8qdtYMVw==
date
Mon, 16 Dec 2024 14:31:28 GMT
content-type
application/json;charset=UTF-8
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513348 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
sfdc_customization
HOOK
x-yottaa-os
200
access-control-allow-credentials
true
allow
DELETE,GET,HEAD,OPTIONS,PATCH
cf-ray
8f2f6091eee22f2b-PDX
x-yottaa-metrics
2521cc02859f/[218,216,-] 25D1cc028531/[-,219.951]
via
1.1 497698df4d6305ce41e0409e999a35b6.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
997
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/388f713c9de3b8ed7cf80b3cbc
x-amz-cf-pop
SFO53-P2
shoppercontext
www.elfcosmetics.com/api/v1/ 		155 B
920 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us&method=PATCH
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/mobify/bundle/12737/main.js?yocs=Z_14_1K_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.49 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiJmN2YwN2I5ZC03MWUxLTQ2YTYtOGM3Yi02Y2UzYmQ4NjU1MzQiLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmM0NDBhZGVlLTY1ZTEtNGNiZC05YTIzLTAyODk2NjBiYzk3NCIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MzQzNTk0NTMsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid1hvWWtlZEl4dXNSbEh0SmtxWVl3MGhJOjpjaGlkOmVsZi11cyIsImV4cCI6MTczNDM2MTI4MywiaWF0IjoxNzM0MzU5NDgzLCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMxMzAzNDA4NDUwODcwMzM2NiJ9.iN1FHljlRz3wsddOkOLWUOC4xFZLoIXQyz_BRxyubKdq3vZvpVQ0D9-bAVM9RNhi33a9jz47EZzaEhsFV4q2Mw
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

x-amzn-remapped-content-length
155
content-encoding
gzip
x-amzn-remapped-connection
close
etag
W/"9b-kxf9yVg30tXuCGFtxK1Gzr92WYg"
age
0
x-amzn-requestid
e8710c49-91d3-4e68-89ac-2c574d3ac917
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
skigyxwhnxUyRlyZ5YVI73PlZ8OrbFS1WEOV81KygQhSY-BFfK4mzA==
date
Mon, 16 Dec 2024 14:31:29 GMT
content-type
application/json; charset=utf-8
x-yottaa-optimizations
ob/1000 si/25D1cc028531-1733930865-6327513350 tts/1731597410018 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
strict-transport-security
max-age=15552000; includeSubDomains
x-yottaa-os
200
x-amz-apigw-id
C432MH7biYcEkBA=
x-amzn-remapped-date
Mon, 16 Dec 2024 14:31:29 GMT
x-amzn-trace-id
Root=1-676039c0-338805b14f59aa37283f1049;Parent=5f910f4a51281d94;Sampled=0;Lineage=1:2b75b0e9:0
via
1.1 700aa70ccd1c08dc97b84e1db700ae96.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028537/[530,529,-] 25D1cc028531/[-,531.437]
access-control-allow-origin
*
content-length
131
x-amz-cf-pop
SFO53-P2
ts
t.paypal.com/ 		42 B
342 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfo&cust=9TG8HQ6LLAJMU&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&unsc=6&identifier_used=DFP&e=im&t=1734359489222&g=480&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-expose-headers
Server-Timing
paypal-debug-id
fd8199d8ae519
correlation-id
fd8199d8ae519
expires
Mon, 16 Dec 2024 14:31:29 GMT
traceparent
00-0000000000000000000fd8199d8ae519-42df103fb3fb8f5a-01
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
server-timing
"traceparent;desc="00-0000000000000000000fd8199d8ae519-b019eb93b20e5856-01"";content-encoding;desc="",x-cdn;desc="fastly"
date
Mon, 16 Dec 2024 14:31:29 GMT
content-type
image/gif
x-served-by
cache-bur-kbur8200059-BUR, cache-yul1970073-YUL
x-cache-hits
0, 0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-timer
S1734359489.232131,VS0,VE110
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
rcomEvent
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/rcomEvent?cnst=1&_=593172&uid=81065031250229691&sec=8772046&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1004416.1092373.1426804.1443347.1182144.799438.799440&expSes=40189&p=1&cl=dk.l.c.ws.fst.&ses=0edca45e106429e432aca24ce8de687b&data=%7B%22ctx%22%3A%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D%2C%22widgets%22%3A%7B%22199244%22%3A%7B%22fId%22%3A16887%2C%22fallbackData%22%3Atrue%2C%22expData%22%3A%7B%22expId%22%3Anull%2C%22varId%22%3Anull%7D%2C%22events%22%3A%5B%7B%22type%22%3A%22PIMP%22%2C%22pId%22%3A%5B%22300234%22%2C%22300229%22%2C%2270982%22%2C%22300220%22%2C%22300230%22%2C%22300237%22%2C%2257014%22%2C%22300242%22%2C%22300240%22%2C%2281810%22%2C%22300243%22%5D%2C%22strId%22%3A9%2C%22md%22%3A%7B%7D%7D%2C%7B%22type%22%3A%22WIMP%22%2C%22strId%22%3A9%7D%2C%7B%22type%22%3A%22WRIMP%22%2C%22strId%22%3A9%7D%2C%7B%22type%22%3A%22PRIMP%22%2C%22pId%22%3A%5B%22300242%22%2C%2257014%22%2C%22300237%22%2C%22300230%22%2C%22300220%22%2C%2270982%22%2C%22300229%22%2C%22300234%22%5D%2C%22strId%22%3A9%2C%22md%22%3A%7B%7D%7D%5D%7D%7D%7D&reqts=1734359489266&rri=5102585
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.45.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.160.18.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-160-18-41.iad12.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
POST, GET, OPTIONS
via
1.1 f05e3afde72874082b3c4e5699bc66ba.cloudfront.net (CloudFront)
expires
0
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
rbcU2MhuCowK2QVwHbYQW6UZ__dUfc6OpYFt95P_37T0Ng80EpEBMw==
date
Mon, 16 Dec 2024 14:31:29 GMT
x-amz-cf-pop
IAD12-P4
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.64.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-64-85.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
cache-control
max-age=1800
content-encoding
gzip
etag
W/"73ca6f23f3e08738233832c7a7a0c30c"
age
1766
via
1.1 a1a074529ccb9ea97acd7d95c506f336.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
-TbytGMRYDWHX4-xNouh9LSBOo3V9gta1ZXHT64StE5NHz9YhSmZfA==
date
Mon, 16 Dec 2024 14:02:04 GMT
content-type
application/javascript
last-modified
Tue, 23 Apr 2024 14:51:40 GMT
server
AmazonS3
x-amz-cf-pop
IAD12-P1
x-amz-server-side-encryption
AES256
heap.js
cdn.us.heap-api.com/v5/heapjs-static/5.2.3/core/ 		300 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.us.heap-api.com/v5/heapjs-static/5.2.3/core/heap.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.103.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-103-75.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3e2be12954d30ece9147fb4d6d37c7d1e632138807880bdcd4cff7ad9768d11b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-amz-cf-pop
IAD61-P1
content-encoding
gzip
etag
W/"80a44fa3f9e10ab0d98fb77704bc395a"
age
1515
cross-origin-resource-policy
cross-origin
via
1.1 9bba1485ff47cf63bc393925f38d12fc.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
ALD-u3Ge1z826F_7sQoPFdbQCoWx93m6yVSRxiAbNXdEhh0K4JOxBw==
date
Mon, 16 Dec 2024 14:06:14 GMT
content-type
application/javascript; charset=utf-8
vary
accept-encoding
server
AmazonS3
last-modified
Mon, 11 Nov 2024 17:52:43 GMT
x-amz-server-side-encryption
AES256
pageview
c.contentsquare.net/ 		0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&dt=266&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6797&ww=1600&wh=1200&sw=1600&sh=1200&uu=c641d70c-cc79-a8f2-8fcb-ed8e4b7b0bdb&sn=1&hd=1734359489&v=15.39.6&pid=1926&pn=1&happid=1042782804&hsid=3563219146157446&huu=1372268356111312&r=168966
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.205.99.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-99-155.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Mon, 16 Dec 2024 14:31:29 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
add_user_properties
c.us.heap-api.com/api/capture/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/add_user_properties
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.214.145.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-214-145-44.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
allow
POST
content-length
4
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 14:31:29 GMT
etag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
add_user_properties
c.us.heap-api.com/api/capture/v2/ 		2 B
286 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/add_user_properties
Requested by
Host: cdn.us.heap-api.com
URL: https://cdn.us.heap-api.com/v5/heapjs-static/5.2.3/core/heap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.214.145.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-214-145-44.compute-1.amazonaws.com
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/octet-stream
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
content-length
2
date
Mon, 16 Dec 2024 14:31:29 GMT
content-type
text/plain; charset=utf-8
server
nginx
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
track
c.us.heap-api.com/api/capture/v2/ 		2 B
286 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/track
Requested by
Host: cdn.us.heap-api.com
URL: https://cdn.us.heap-api.com/v5/heapjs-static/5.2.3/core/heap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.214.145.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-214-145-44.compute-1.amazonaws.com
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/octet-stream
Referer
https://www.elfcosmetics.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
content-length
2
date
Mon, 16 Dec 2024 14:31:29 GMT
content-type
text/plain; charset=utf-8
server
nginx
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
track
c.us.heap-api.com/api/capture/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.us.heap-api.com/api/capture/v2/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.214.145.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-214-145-44.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
POST, PUT, GET
access-control-allow-origin
*
allow
POST
content-length
4
content-type
text/html; charset=utf-8
date
Mon, 16 Dec 2024 14:31:29 GMT
etag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
dvar
c.contentsquare.net/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=15.39.6&pid=1926&pn=1&sn=1&uu=c641d70c-cc79-a8f2-8fcb-ed8e4b7b0bdb&happid=1042782804&hsid=3563219146157446&huu=1372268356111312&dv=H4sIAAAAAAAAA43PTUvDQBAG4L8yBLzZkK%2BaxluaSCloEVuEnsK6O2m3bHdDMiEG9b87gaKgHjztMMz77Mybly%2Brcl%2BtjHsRBgpnqXUGdtiRd%2Bv90YV3KEcrzlpeRcFeo1H83r022Gq0Ejvv%2BiI%2BoRylQZgB%2BsavfShEix08ONVzN8hmURDF%2FMd3FkLGNzgwOGg6up640vaEciqkU%2FiFXxbbakLI1anv6IyWut%2Fcs2i1IO0sC%2BHP%2BM41sBTWYgvbo24abQ9Q9OTq%2Br9QrhQrjBymw5jkq6ct7t0Aa0u8E0cfXdMbjtM45TbVKq8KwzKtSx7NsjBMk%2Fki9cM0TuJ5lixuvI9PZgCNOZgBAAA%3D&ct=2&r=897053
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.205.99.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-99-155.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Mon, 16 Dec 2024 14:31:29 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.64.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-64-85.iad12.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

vary
accept-encoding
cache-control
max-age=1800
content-encoding
gzip
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
age
307
via
1.1 a1a074529ccb9ea97acd7d95c506f336.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
Q8mF6rFI73CWi1MZ9GBcmO_EnotY1E3PVjOY5bUPK_2SktDuO5xPmA==
date
Mon, 16 Dec 2024 14:26:23 GMT
content-type
application/javascript
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
IAD12-P1
x-amz-server-side-encryption
AES256
start
www8.eu.inside.chat/signalr/ 		25 B
276 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www8.eu.inside.chat/signalr/start?transport=webSockets&clientProtocol=2.1&k=IN-1011171%3A24478549-3889abe27c5766da3eebff9bc8fabba9a7e3a197bed8d49f08b10ca10436ff63-5-5%3A128585262%3A1082574&c=84249b9bb3ca9abd1850c3fcc19dbf48&nc=0&connectionToken=UqN2iSGxmmAGRxelDBLKroAUUZPU3qXF%2B1mPH4UcN6LSSYlfTdTu87aaucuGVEKhg0WtLB7Jy2BcnYQIvqB0npQwcqqXZ8Z1iAk1jYyB419eADRfbyayA9z06v1OlYTk&connectionData=%5B%7B%22name%22%3A%22insidesocialhub%22%7D%5D&_=1734359486371
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.9.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
text/plain, */*; q=0.01
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
expires
-1
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Mon, 16 Dec 2024 14:31:30 GMT
content-type
application/json; charset=UTF-8
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
no-cache
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f2f609e2aaf3a05-YYZ
access-control-allow-origin
https://www.elfcosmetics.com
server
cloudflare
bframe
www.google.com/recaptcha/api2/ Frame 189B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=pPK749sccDmVW_9DSeTMVvh2&k=6LcA2G4UAAAAAK-fHuRDYBsNQoJlqlDqQvrjGwQu
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.179.147 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
pd-in-f147.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-pC2LP7BPjcBMOzxsIiKraw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-pC2LP7BPjcBMOzxsIiKraw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 16 Dec 2024 14:31:30 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
6ig0q1apdvdi7bky.js
imgs.signifyd.com/ 		98 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/6ig0q1apdvdi7bky.js?p60vq5kxffx830iv=w2txo5aa&se5ptb04d3pbcpt6=L2VuX0NBLzM4OGY3MTNjOWRlM2I4ZWQ3Y2Y4MGIzY2Jj
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
b94bd2f70b48b693fb3ade8334959327f1d84234487856c2a8eb0cc4846600da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

X-Robots-Tag
noindex, nofollow
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
P3P
CP=IVAa PSAa
Keep-Alive
timeout=2, max=100
Date
Mon, 16 Dec 2024 14:31:31 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Server
Apache
dvar
c.contentsquare.net/ 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=15.39.6&pid=1926&pn=1&sn=1&uu=c641d70c-cc79-a8f2-8fcb-ed8e4b7b0bdb&happid=1042782804&hsid=3563219146157446&huu=1372268356111312&dv=H4sIAAAAAAAAA6tWcvSL93B1DIh3LChQ8HRRslIyNDAxMrcwsjAwUaoFAAixYhsfAAAA&ct=2&r=129492
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.205.99.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-99-155.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
timing-allow-origin
*
pragma
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Sun, 24 Oct 1982 23:00:00 GMT
access-control-allow-origin
*
date
Mon, 16 Dec 2024 14:31:30 GMT
content-disposition
inline
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=5273e0f7-6387-4c43-89b3-8d69ad5fc2f0
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDUyNzNlMGY3LTYzODctNGM0My04OWIzLThkNjlhZDVmYzJmMBAAGg0Iw_OAuwYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=7325a8626ff4d8cb8101083bc33f4a41a57f9ffaba21686e3c07943c712794ef6ac34734d8e453ee
37 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=7325a8626ff4d8cb8101083bc33f4a41a57f9ffaba21686e3c07943c712794ef6ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
date
Mon, 16 Dec 2024 14:31:31 GMT
x-samesite
secure
content-type
image/gif

Redirect headers

cache-control
no-cache, no-store
timing-allow-origin
*
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=7325a8626ff4d8cb8101083bc33f4a41a57f9ffaba21686e3c07943c712794ef6ac34734d8e453ee
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
0
date
Mon, 16 Dec 2024 14:31:31 GMT
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=15.39.6&pid=1926&pn=1&sn=1&uu=c641d70c-cc79-a8f2-8fcb-ed8e4b7b0bdb&happid=1042782804&hsid=3563219146157446&huu=1372268356111312
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.170.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-170-225.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-origin
*
content-length
2
date
Mon, 16 Dec 2024 14:31:31 GMT
content-type
application/json
vWZRnuhIMT9umJU8
imgs.signifyd.com/ Frame DAD0 		319 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/6ig0q1apdvdi7bky.js?p60vq5kxffx830iv=w2txo5aa&se5ptb04d3pbcpt6=L2VuX0NBLzM4OGY3MTNjOWRlM2I4ZWQ3Y2Y4MGIzY2Jj
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
4ee6d6632797b71b86432ea94f20e05512ab60ed9d6c6103211fe9f64aa0314d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

X-Robots-Tag
noindex, nofollow
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Date
Mon, 16 Dec 2024 14:31:31 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
tmx-nonce
6042f88ccad5596f
X-XSS-Protection
1; mode=block
Server
Apache
pUf9Jr5h9DVeU2Kg
imgs.signifyd.com/ Frame DAD0 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/pUf9Jr5h9DVeU2Kg?f2335ce010708c6e=1hEnm6GecWnxQk3lJ7p4xof4L_U74apTLYf9cHbWuf1u3rDklfS6lBa0FPvEHl6yz29LvtrfQDwixX5R3hJRzXKjBnozhaZ--NhnHcPAjqi73GKK5w0RgOh275jaB6aCHo4X-OgOgeiW-E4-nj48m7K5q_KV1fQvVWNmO-8TtVQZRov3RA
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Mon, 16 Dec 2024 14:31:31 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
aKyUimq66TvBVI0V
imgs.signifyd.com/ Frame DAD0 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/aKyUimq66TvBVI0V?21f3db1343a7b1cc=uYfOdVpB4BJjzcMU-0k6mdsxpp4ijLY7YvCpiRXkKnEAXxjdPmJZZOy8AASKSNeMtATKE68bYU6lscOiIU6IYCw88W8EmTnbpR6paeFvt9fEhCGHZ5SZu8lrfT5blSntOcvqkrvTNy30YqlnFqcoVOlsyae9Ag5HX5EsKd1fAP599mf2Dg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Mon, 16 Dec 2024 14:31:31 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 1451 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
ad-auction-allowed
true
age
437602
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Wed, 11 Dec 2024 12:58:09 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Tue, 10 Dec 2024 19:50:20 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1733860220068539
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
AFiumC6S-PfVLXftSAvLz5z2Rxvenn10geTg2uDweLQGaRFnWVZgSLx4STBmY2u_CfipRZhTegg
clear.png
imgs.signifyd.com/fp/ Frame DAD0 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
*/*, w2txo5aa/6042f88ccad5596fl2vux0nblzm4ogy3mtnjowrlm2i4zwq3y2y4mgizy2jj
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
private, must-revalidate, max-age=0
Etag
b0cc790f01af459db949185af6c83662
Connection
Keep-Alive
Expires
Sat, 15 Dec 2029 14:31:31 GMT
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Content-Length
81
Keep-Alive
timeout=2, max=100
Date
Mon, 16 Dec 2024 14:31:31 GMT
Last-Modified
Mon, 16 Dec 2024 14:31:31 GMT
Content-Type
image/png
Server
Apache
lad22hzpvIjVI-w-
imgs.signifyd.com/ Frame FFAC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/lad22hzpvIjVI-w-?c675294c535acde8=KQmxnKapzgR5SgXlxzE6mYR8Fa-w0WCg2YWiYzgQFn2vIo_lBq9ECJvvafCoBrz580LPq4QavZFF23ukeON9VpIlRqChfIFf0Xy5YbItSmX5TY9G1DkzOiGaeqj3-HC5xQiBiT_9jf0lV5yvfR8bxu-FP_afgYVaEQxlnVlHTumuLxQ76RYjWNuwVfM_TpRh5A7VHeAXwXajfba5qEzGSvLDqh_h8A
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Mon, 16 Dec 2024 14:31:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
fGtyoKm3pD5kO9wk
imgs.signifyd.com/ Frame DAD0 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fGtyoKm3pD5kO9wk?ff9884ec84c37d5d=HFtwA0TZ3Aj_isRKnMYFAA4WliDh8dg7Q6T62jLIG7i0HYpIRiQb9buKgrLhwIe8SzHePBnGA4ZDC8jPj3euFeF9fvK1bY8u7lOFu7DBgc3CQUAV4uXRw7UyfeOpPv4gY5ZwPJ8I7tiEhFguNMpPyab8pXo_NsLywT1fUw&jb=3b34246c7b613737696b313532313d633b386e3e333b37696d313f623b3b6564303b39343e3b38
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=98
Date
Mon, 16 Dec 2024 14:31:31 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
Eq7gpb7TBpoic1OV
imgs.signifyd.com/ Frame DAD0 		134 B
653 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/Eq7gpb7TBpoic1OV?96c902a916a7a0cf=sieYGzwu4HEtgMVG3VYFTXFd9xBAqjiB2CwxJ6n3WJxJz4Gwv0MACldXUBi89zwd8fqwqjBKgxBV5jFLoKOfhO3ScxpOLfyHLgdZUnI6BuOofWwJ4GfbWGBX1UMmoNCCr7ecew3uNqEdX58vgAWZ9-XZzIRqr-uo
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
87579ccea729246682d0c4696345bba7a3fc2e6c9cc187ff04a42880bc622f23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Content-Encoding
gzip
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=99
Date
Mon, 16 Dec 2024 14:31:31 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Server
Apache
FRyF2cFag09IJbJq
h.online-metrix.net/ Frame 2894 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/FRyF2cFag09IJbJq?2ecacce74a818b99=wNcyTTOcA_ZG6AM9KWKTbsczH7WcmuI9ualA34adc1rPxim8J2diX3VgkZYPt2bFV6oK7a1XskwJSMjeSmdGYymC7X6wRC0rMx1aYuwk1l_2kkouHgWIc1X6Mwnv4Y9cZO7zcGmQ-IYIqtlPyBUWgGkUmKD5uYjXpQJBcWN2sBm6yYRkHCwHdZP1YzCCeKQz2TrSN0oeV-3CuCT6VDFYM3MOsEXD6eM
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Mon, 16 Dec 2024 14:31:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
ECMSzhUVL4rL07xv
imgs.signifyd.com/ Frame 217A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/ECMSzhUVL4rL07xv?03914f92ad4d450b=6gw6GR6tw1QtKGaLATYd5NHrUqHonxXHW_KqGEWI8bHyZByiJqdWhFz0yMr49x9Cwrn9svpuBSfD5b2MUDYPLKsZvdI9MFZyRZTCY5QV1--gOW160KRga90S-FBKYILhwCYCLdjscTFRGSNC8LBuk7qkul0d3HJxv5kB5n6KaL-GwY7ZKqNY5kXeJDQSczayLwouw-A2A0CZ8r1KhMChQlxLuL4KAlE
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Mon, 16 Dec 2024 14:31:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
banhvlT01e2nwnXz
h64.online-metrix.net/ Frame DAD0 		0
399 B 		Script
General
Check archive.org
Download Go to
Full URL
https://h64.online-metrix.net/banhvlT01e2nwnXz?230d85031f56b257=igfgdm9H7th8emZWJUz1myMZAkgjTTMwmeOKFJje6NbCgRYTGgQlnajw6lQ0_RjwDIfBMg0DbeMYfxlOM7mjvTg4l3bYBud4_cguI3253OrksjpX6iJtAdz52g6RJbNU5-u8LXfgYko5vhMEsRV7W-TnmEh46fn1OIX6cjDLPQk
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=100
Date
Mon, 16 Dec 2024 14:31:32 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
fGtyoKm3pD5kO9wk
imgs.signifyd.com/ Frame DAD0 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fGtyoKm3pD5kO9wk?ff9884ec84c37d5d=HFtwA0TZ3Aj_isRKnMYFAA4WliDh8dg7Q6T62jLIG7i0HYpIRiQb9buKgrLhwIe8SzHePBnGA4ZDC8jPj3euFeF9fvK1bY8u7lOFu7DBgc3CQUAV4uXRw7UyfeOpPv4gY5ZwPJ8I7tiEhFguNMpPyab8pXo_NsLywT1fUw&ja=3a3231342e26693f253e30302c78353438266c373b34323870333a303a24616435333e30387a393838322c79707b3f3131307233313a2e647a70353324313c3a3a2e333a383224313c32302e3930383024333e3a382e3b3838322e313e303a2e39383035263331322431333a2c6f76353a356e353b6633333c3b6d366a643a3a31603c3c6a6631383f623a636e396b342c6f663f3a2679696e3f303c2e6e603d627674727b273b412d304e2f3a447d7d7f2c676c6e636571656f7c6969712661676d2f384c676c574b432d324c676c642561677365677c636b2f6978616f6b6e696c7924786635352c72603f6d383a386e64633d3d373939396434676a67303931316d683c6333333a3b32642e68623f31383a313f676c643a663e3a3c30666b31676a363931643069306b663d3a6c6b2e687965354e6b6e7d782c687b6835436270676f6d25383a3b31332e62716775374e696c7d7a2e6a7b607d374b6a78656567246e606337333e2c6664673f3024666d7e7a3732247c726635416767726b6b632d324e5469646b6d7f7c6d70246d69746270353e3830396639613a626f693a30673e6b613d363a323830696639353d36383b6e663e3f303a333439643c67696b3a346e6131366966686e3d3031393b3331366b246470356a7c7478712d394927384c2d3044777f772467646c6b6f796f6d7661637924696d6f2d3a446d6e554141273a446d6c6e2f6b657b6f6f7e61612f637a69676b666b64732c72357264756d63645d6464697160253f47666364716d21786e7d6d616c557d616c666f7f73556f6d6e6161557264637165782f3f47646964716d217a6e7565616c57616c6d6a6f57636978676063742d354f6469667b652b7264776f6964557b776b6b6376616d6f2735476e6364736d2378667d65636457716a6f6b6b7d637e6f2d354f64696e7b652b7a66776561665d7a656b6e706e697b6d722d374d6c696e796f29726e756f69645d7e666b5f7a6e697b6d722f3f4f6463647b6729706677676b665d6c657e63647c7a273f4f6e636e736d217a6e7d6d616e55717e655776636f7d67702d3d476e6166716523786e7d67616c576069746b2f3d47646164736f246f66576337756d606f6c5d6f68454e2d3a32392e3a273232204d78656645442f3a324f592d30323226302f3038496072656f617765295d6f68454e2d3a324f4c594e253038475b253a3239243827383a204d7265664746273a3a4d532f3038454453462f3832475b2d3038312432253038416072676f617f652b5d6f6a496b745f656849617e2d323a556d604f4c4b444d4e4757616c7b746b6c63676c5d69727a6371792d31482f3a3247585c5f686e6d646c5f676b666f69782f39482730384d5a5c5f696e69725761676e7c7067662d31482f3a3247585c5f696d64657a5f68776e646d7255626b6e64576e6e67617e2733402d3038455056576e6d727e6257616e6165702f314a2f3a304f5a5c5d6e6c656b7e5d60646d6c6c25394025303847505457647a6b6f5d6e6f78766a253b422f30384f50545572676e71676564556d646e7b677c5f696e616f78273b422d30384f50565579606366657a5f7e67707e7d726f5d646d6c2539482f30324d505657746f7a74777a675763676f78786d717963676c5d62787469273b482d323a47505657746f727e77706d5761676d7a7065717b6b676e57706f7e6b2739482d303245505455766d727c7578675764616c7e6f785d636661716774786d706b6b273b422d30384f5056557e6d7a76757a65556f61787a6f785d6b6e696d7a557e6d5d6d6c656d25394025303847505457715a4d4a2739482d30324f4d535567646f65656476576b66646f7255776b667c273b422f30304d4d5157666a6d57786d6c6e6f7a5d6f69786d6b722d394a25383247475b5f797e6b6c66697a6657646f706974697661766d712d394a27383a4747515f7c6572767d786d5f6c6e67637c2539482f3032474d5157746f7a74777a675766646d697e576e63646d6370253b422f3038454d5355766d7a7c75786f556a63646e5d6e6c656374273b402d32384d4d5957766f727c77706557686b6e6e556e6c65637c5d6469646f6b70273b4a273a304547535d7e677a746d7a576b7a706b73576d606a6d637e273b482d323a554d404f4c5569656e6d7a57607d666c67725d6e6e67617c273b482d303a5d4d40454c5763656f78786d7379676c5d7c65727e7f70675769717c632f3142273a325f454a4544556b6d677a7a6771736d6455766d727c75786757677c632f39482730385f474a47465d636d65727a657b716d6e57766f727c77706557657e61392f3b422f3038554d424d4655616d6578706d737967645d7c6770747d706d557b317e692d3140253a305d474a4d445f696d65727a6579796f665d7c6d7a7c7578675f713b766b5f7b706f682d31482f3a3255454a47465d6c6f6a756d5d7a6766646f786f705d61666467253940253038554d424f4e576e6d607f6d57716a616c6578712d394a2538325f474a4746556e67727c605d7c65727675706d273b422d30385d4d404d46576670617f5f68776e6c6d7279273b402d323a5d4f404544576e67736f5d636d66766d787c273b482d303a5d4d40454c576d7f6e7c63576478637f273b422f383a55474a4f4e5770656e7965676c576d67666d3b3e246d66576a3f383e663961303e69383d336a3630656b6e3236343169663c613d6035613e32306230636c3f3d333c2c7f656e76354964766d662d323a4b666126267d6d66703f4166766d6c2f30304b7a6b7b253a32477a6d6c4d462d3032456667636c6d2c6b636e3f39&jb=393136266471374f6770616c66632d304e35243a2f3032205033392539402530384e616e7d7a2d38387a323c573436292d323a43787a64655d676a4961742f384c37313f26313e25383228494056454c2d304b2f3a3266636367273238476f616365212538324b6a7a6f676f2f3044393b33263024322e322d303853696469786127384c3d31352e3b36
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Keep-Alive
timeout=2, max=99
Date
Mon, 16 Dec 2024 14:31:31 GMT
Content-Type
text/javascript;charset=UTF-8
Server
Apache
Connection
Keep-Alive
uyYFZ1IHJzOwl7ts
w2txo5aa5n6mkspifita3hfskautk64megamdpff6042f88ccad5596fsac.d.aa.online-metrix.net/ Frame DAD0 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aa5n6mkspifita3hfskautk64megamdpff6042f88ccad5596fsac.d.aa.online-metrix.net/uyYFZ1IHJzOwl7ts?7c86f55903ed8b7f=RBoVi_WQb_yXj8CJjGLvLo5Am1cS9Fn5mQylKVywCceUsMSAfFDW0MRXLTaufmWW-PaL4LayWXoIjJoyyl5JmlP-R-ICNNXuowvFyxgUYu22o525hPQ6dtrZmbwKo39xg5iZ_OU16qoQqP3lu8kfkV77WKjM7iwYZ-ZcCKQ4fTRczVg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
close
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
81
Date
Mon, 16 Dec 2024 14:31:31 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png
Server
Apache
OTlc8kJRHKFlXHlk
imgs.signifyd.com/ Frame DAD0 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/OTlc8kJRHKFlXHlk?86f02c34b14f31f0=b1tMVMCH0_UCdZjEn_WCg9e5iVbrxH55XSkKmK77gaq6nZT5Z_JNnSTwuZiWePh-OYJzqMkhKydfB-y-mNsUfhXPR2EZtiQN0iZdTk05niKj7DQMxqLq6DYgcPcv6hi_ObaBH213SUvr-IKIwqGMVrQTOvNAQx4hlBSNua-wNyWn42gzNyMcBAHB6PzI3U3xYzJqajuKBdTv0k5i5VoSAlVi5eov7w&jac=1&je=3036242665656e6a35223b25384139273a43392f3841613d6c603c33396636343a6139363f6169393b6468683f6733613c3469636e396d613a316a3a39613d3c6f3b3b6e3a366e34383535336b303c376a3a383a303523
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Keep-Alive
timeout=2, max=98
Date
Mon, 16 Dec 2024 14:31:31 GMT
Content-Type
text/javascript;charset=UTF-8
Server
Apache
Connection
Keep-Alive
lookup
pd.cdnwidget.com/ 		74 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=undefined&bxwid=6664&bxdid=3458078080621057010&visitID=1734359491585938&enableUID2=false
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-envoy-upstream-service-time
4
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74
date
Mon, 16 Dec 2024 14:31:31 GMT
content-type
application/json
server
istio-envoy
HDyQVW8y2uTB79zq
imgs.signifyd.com/ Frame DAD0 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/HDyQVW8y2uTB79zq?35103f8414fa1f19=_d4BSBeIo7kX9LfSd7Wt-vpiZnMiv3Zs3C0zjqQjudH-3lnyWRVawcK--hrjMfISFmAJpjctj8fPw-uOB1bI51PXaf21Z1ifJ5e730GMCMwME-GdXp12qyOb9BV3kqY-ysO1Hy-v_9U0JFr4h5pX4v_psFXxPK77Skl-04CJkgW9kO5xvpdolupXfkt9yUx5HaWrej8VZMJ7J7s_sh7CdceZF7RvfQ&jf=3c3336267b696e5d7a646c3d7e667a5d637252657e6a405b78515b345d6666552e7161645766697e6d3f3b3d3b363135313433332e796164557671726d3d7d6f6838676b6c716926796b645d6367713d3b323d333b323b39383432373a6132343c326b653966383038313a3c3a3a306930343c386967336638313831383538393c303a3a383634353f393d63393b31323f663d3b3d333a3a6e60663e3e61303338363663693a386339363c3f3c676c386e3031366d376e363b3a3b32333569303964693a6832343f6b343b37323b38313b323035393569333c313c3e3a6060383136323a6b383f32383b39356e616f6b6f6131303c3169316863326431676e366a373c3d3f632c7961665d7361673731383e3c30383038303831333e3d3b3a6e31376c346e306463396331633861306831603e6e6b3361343d323a373f3f6c6669313c3669633c3d6b67343a6c606a336c643737306431303a30383b6a636f383c323a313a393d333f683134683b3e3a6b32323f3e66303c38633b303d3538346e603d306d673e3a69663f3b6c3163653e623d6169393b663c3438247b696c783732
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive, Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=97
Date
Mon, 16 Dec 2024 14:31:31 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/png;charset=UTF-8
Server
Apache
c
ids.cdnwidget.com/ 		438 B
776 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=002101042&GCS2=MTcyLjE3LjAuMiwxMC4xLjE2LjI0NSxmZGJmOjFkMzc6YmJlMDo6MTc6OmY1LGZkYmY6MWQzNzpiYmUwOjoxNzo6ZjU=&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22ydgLxARkghpRJV4%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A6%2C%22IDStageStart%22%3A6%2C%22obsReqdata%22%3A920%2C%22obsReqview%22%3A928%2C%22obsReqpage%22%3A928%2C%22netComplete%22%3A1064%2C%22IDStagePrefire%22%3A1064%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-8%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%223458078080621057010%22%2C%22visitid%22%3A%221734359491585938%22%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
9e9491aa4ab12f7e7e28036bd764a4dd1124b16cb34cc1a542d7fb0e44e3d63e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
438
date
Mon, 16 Dec 2024 14:31:31 GMT
content-type
application/json
vary
Origin
website.js
assets.bounceexchange.com/cache/6664/ 		155 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/cache/6664/website.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
afe089ccc02c3bafec407eb0b451cfc0fcad209e9c45e916093db954b7cf5414

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=zwgQHg==, md5=4T13EFY9Rza87X/8Y+cuLw==
content-encoding
br
etag
W/"e13d7710563d4736bced7ffc63e72e2f"
age
150
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
159042
date
Mon, 16 Dec 2024 14:29:01 GMT
last-modified
Wed, 04 Dec 2024 14:22:02 GMT
content-type
text/plain; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AFiumC6M3_QDwqpuyTNB8ukE8fLqPJ45ZZPnkC4uUkZcM9wyyEMpwanq23VyvPgjFRUWNJoQGS9hgBc
cache-control
public,max-age=120
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
none
access-control-allow-origin
*
x-goog-generation
1733322121940751
content-length
24702
server
UploadServer
campaign-index-live-3d34f289519b3884d6a55d6dc90b8e8b.js
assets.bounceexchange.com/cache/6664/ 		19 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/cache/6664/campaign-index-live-3d34f289519b3884d6a55d6dc90b8e8b.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7c0ab8e5aab439186d891ac01079f56d693b9e60786f37b0209d1a8371ff0506

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=Y6x+gQ==, md5=zy/hqfBqQHQDl7fyC+JrUQ==
content-encoding
br
etag
W/"cf2fe1a9f06a40740397b7f20be26b51"
age
431519
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
19615
date
Wed, 11 Dec 2024 14:39:32 GMT
last-modified
Wed, 04 Dec 2024 14:11:06 GMT
content-type
text/plain; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AFiumC4pewzFNb0_YFHFcFjuOnxD92rCZ4hCPmk3lanjuK1uS_khO8OPfPlBVCvP2K-idA6TuRU
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
none
access-control-allow-origin
*
x-goog-generation
1733321466076519
content-length
2054
server
UploadServer
js
api.bounceexchange.com/state/ 		682 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/state/js?website_id=6664&device_id=3458078080621057010&visit_id=1734359491796046
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
8cc6ae4326825eb9c1ff708759c52ab206f2a94f3b0e0bbd76c7509cca799c0d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-envoy-upstream-service-time
0
x-envoy-decorator-operation
tag-state-service.tag-state.svc.cluster.local:80/*
request-id
ctg3jh65ajcgaclttv70
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
682
date
Mon, 16 Dec 2024 14:31:32 GMT
content-type
text/plain; charset=utf-8
vary
Origin
fGtyoKm3pD5kO9wk
imgs.signifyd.com/ Frame DAD0 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fGtyoKm3pD5kO9wk?ff9884ec84c37d5d=HFtwA0TZ3Aj_isRKnMYFAA4WliDh8dg7Q6T62jLIG7i0HYpIRiQb9buKgrLhwIe8SzHePBnGA4ZDC8jPj3euFeF9fvK1bY8u7lOFu7DBgc3CQUAV4uXRw7UyfeOpPv4gY5ZwPJ8I7tiEhFguNMpPyab8pXo_NsLywT1fUw&jac=1&je=3e3131262e77636b353b3f3224333f2c382e38263b322c3926333e2e383635247f67613d39343f2439333e243a323b2e393039247f633e3d6c666a6432316e393d38606a6d3232303033373832643d26786f35646724686b7c71763d2d3748273a3864657c6764273a322f394b332c3838273a432f3032717c637c757b273a382d314b2f3a30616869726d6b666d2d3238273f462e617f6e623f61693f6031653c67363a39616b616b346e386935693b31303b333e333e346a3f6b333b3531346a346e326e6636303e323833326465366e323b666b66303e3d3b2c6f70313f63393369366d3a3d396f3a396638373d6c3964666a386630383d63393a3c3669386a676b396b31682c6d7a363d6b3732353c383a386b636e3b3a373e3a6b31606e3d673839686766343f646b302e77696235273d482d3030617a63626b7c6f6b747f706d273a322f394b27303a2d303a25384125303a60617466677b792d30382f3b4327323a2538302d384b2538306a70696e6e792f30302d3b432d35482735462d304b253a306e7f646e5c6f7a716b6f664c63717c2f3a322f3149273d422f3f4e27304b2d303a6d6560696e6d273a322d31496c696e796f2d3041253a32676d6c6f642538302d31492538382f30302d3a412d3238726c637c64677265273a382d314b2f3a3027323a2538412d383a7066637c646772675c6f707161676c2d32382733432d303a253a302d384b2738387f6d75363c2538302d3949666b6e7b672d374e2c7f636e352d354a2538306270696c6c732d303a2f3b432f3f4a2737442d3249273a38656f686b64672d32382f3943646964716d25384125303a7264617c646778652738382d3143253a322f303a2f3f442c716066356f7a6f64
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/vWZRnuhIMT9umJU8?018456f23a63d682=JRSCpEuLORhTn6JedOcTDumljwq3QE2tt_05UrV_Ymw5vuNQbje1MOgOACOthIgvYMU5VWuQ7UWUJbXVeho1TvoCirzCJRxDxw2JkXTP5PA8_Zw93oQTXLIUMr1R7HJvMPyYTiuOXHnic2gASzXeqs5AYDqi8_a5_YQI157VFlkgDH5xgl1A6PobrKTa_QIBaGHwnoCcVlPV3YccbX9N4mQmxVM&jb=3d322426627365773546616e7f7a2e687b6f3746636c77702e687b627f3f436a7a6d65652e687b6835416278676f67253a303b3139
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

Strict-Transport-Security
max-age=31536000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Keep-Alive
timeout=2, max=98
Date
Mon, 16 Dec 2024 14:31:31 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
Server
Apache
2762948-d6cd216d21815278138fb43707e286e9.js
assets.bounceexchange.com/cache/6664/campaigns/ 		38 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/cache/6664/campaigns/2762948-d6cd216d21815278138fb43707e286e9.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2dffa799d4d787807163d02ef323efac2e47d7480e302d800a76a98020f32d11

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=0FJY9A==, md5=V4Dr/XfPmmzp88cMtsfHgg==
content-encoding
br
etag
W/"5780ebfd77cf9a6ce9f3c70cb6c7c782"
age
231909
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
38493
date
Fri, 13 Dec 2024 22:06:23 GMT
last-modified
Wed, 04 Dec 2024 14:16:55 GMT
content-type
text/plain; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AFiumC41Eegb50AQ2iRT1-GYzs-kHNkNiKOWolxsKij6BIaGoLG_ZdwHvO-fcEHG1T47rfbPeFYPPZ0
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
none
access-control-allow-origin
*
x-goog-generation
1733321815198395
content-length
7273
server
UploadServer
2764387-18acb947010de3b1ce10e90a0b8faa48.js
assets.bounceexchange.com/cache/6664/campaigns/ 		50 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/cache/6664/campaigns/2764387-18acb947010de3b1ce10e90a0b8faa48.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cca573311de5fd7dd1be411ebcfd901a4765ae438c0bebd21e91fab13a0f8dd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=yIY3ZQ==, md5=dPIQzmHqALOcFtCgUZcMVQ==
content-encoding
br
etag
W/"74f210ce61ea00b39c16d0a051970c55"
age
41586
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
51226
date
Mon, 16 Dec 2024 02:58:26 GMT
last-modified
Wed, 04 Dec 2024 14:12:09 GMT
content-type
text/plain; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AFiumC750xdjHiWsAUUPrhvjF5-ne58JC4cEozRKhNN1J5HVdV1AB5WETeIMh0bJOOU89mYb2_j-atQ
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
none
access-control-allow-origin
*
x-goog-generation
1733321529465396
content-length
8579
server
UploadServer
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
content-encoding
gzip
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
age
437154
ad-auction-allowed
true
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
6053
date
Wed, 11 Dec 2024 13:05:38 GMT
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
content-type
text/css
vary
Accept-Encoding
x-guploader-uploadid
AFiumC6Sr885ETiP7pYDcJOQrr7CRCUQAbV-hapkJDaEIkTEZYVYvfENaEHyI8Qh1cHKO2hcfQ
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1670951542233151
content-length
6053
server
UploadServer
visit
events.bouncex.net/track.gif/ 		42 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoANARm8oGYAQmwAyITLAAebSQA4AbAH15AFgCUbAIIAHbaQQB1BACMA0lBoN+Adkb95bdqYASAFTwiaAYTakQAawQ2AHEEAGN-Ag1qZi8ACyQCAFsgum5+bhYs1hiAZRQAMxQkEEt6Gzt5ADJQCBgkBALkBqQcGvAoaApMABNxNG10BFgkUhw4yEhtMAFNS0sAdyXGBFICsIIwFMgQMLBGDaTLLEUvObpVgoBaDa2EHbCbkqTxFFIwdrroBrACUlgdgRMJIcNx5MxmJ9Oj8-gCQECAJ6gmKQ2qdMLwSDJYDFEAoYz6MA4SjWYTUaikAhoDA9RTiGjUWYMorvVKM6g+ckIYDIRSU6kIWn08lM8ksxAM7wMsLFSCKACOkARkv45xiko5DLAsGML0mgsUQLqbNF1HFJs15P5NLpmDpPSwOwKIEFKrV5o1nOoMqQkDdzLeEpFlu9ssUOP+JtVAdZnoZgwwiiV2ij7sDJusABEoTANgR-C7iaStQtgG6PSG+j1-eT+Cp6LJmNZG435NRuMx6NZmB24+TQNWRaruNY6-x6ABOFQTkcT8EqBwhstDubFrNS8naHq0EBIMCQEQEFCDxmqyBIWCpL09ND+4vk8AABQaoAI8C8mOSyHL6Y31HAuQ6mAYQlMY34rhWXrgK4CCSJAgHGMBoHgaemiQdKKBhHECBJjMK4jmOk7TgR-Akpmf4FMAfr4aOKjjlOM5-igBBujkXqkNoNbUBMUwzNGdCLMsly3Nsuz7Icxx2mcxxrDcmyiY8IEgC8mCBn21AoHhqFsQywDaMuqF8EuWmzDp5JIFx6lhFRboEXRRGMSGEAnrMVxGV6aAgW6k5-kcK5mRSNk0YRDHuQycTFD0ACS5Ergy1DylFBCcEktAAKpmJIABWpAAJoAGr+GEIB4AAcgAWuVUVhLBKjqb8BSQDFXEJUlnCkF4BDyMEzicF4uSuLlIA9MEBjMFFtAAFJYuy7LXlxLkhjKSSDCAaCYCZ0b3uS1htlOsh3mS1DAAZpl-qQQWGbR9HEWRf7ULtdGyNYh26adqoBRd1FXSFt3rv92bwMgQzYNAxiJAsiCtPEiQpFUQOoBgoM8nu8KYKCGTZCw8NQyDMB6CgkAFAQSBJDgYgSJIOPA0jMAOqANXJggOAOmA-hYtoVQYvuX5INAEXAUCKOQIKOCQhgBDQNomyQG8GwOjgziqlUEvQMVSr4EC54IG8KsIJLGzYOIjry8zpWaHrksNGgaM4AAil4lvfAgNtAqpKT25eYFhE7GywNgSAIu7zNeCgqk9CgvtvgHCKmzgZxR-756xwQDr8PHmilU7FA7JAsAK-WjD0NnQI23nCtXKOjDVA0lLHqHK0oGtG35dQoJVEkqfM5CCwmMaw04PIQ8qDmA92TdM7WHOzALlU9O7AgA91g2TYtswbYdl2PaQgm3IugsY9VIg8qXpgNUD5CYR+I6OwpPuKAraC10OeS5Rc9f2AoNoIAoxAQI4LLNA-A557xqizKokA4i7lpIMX0CJFA80RjhPoYB8T6B6Dgc0ECiAEBwCoRsR83xIDAb3YwVQ8Y4ARoQxq9ocCtWSh1LqPU+oDSGiNMaE1poEGoFUCKSAhQYPoSldKmUcoFSKiVCqVUaqSBUEAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
2
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Mon, 16 Dec 2024 14:31:32 GMT
content-type
image/gif
pageview
events.bouncex.net/track.gif/ 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmAAbAAOACM-zMQMsIEkgyEBhw+CIBVo9EY8BY7DU-EEwlEdgkMnkEnYqh4FM0HG0un0hhRgIsIPBL1sXAyjkgmG23PMwK4YLgr3q70wpGAXOekss0v50ihMIALLCvFQjGJgJZeMBMC0jXYTbgOGwLVazShCObLcbEGBgK6jKhWFwQCFZCAzSAYGAhgA1KiYZG8LjLB3wCDOYajJZw2GwnVGWCp9OIrykHWkACsAE4dWWC2XYS09UZlrAOBB00WS-CWl4Ox3YVRES0S14Wv2JUD80Z4jUbpJm+OOOg4JJ8Dp3Lhg+aC0XSxWy3lB0aFysQMAYFA0sNBpg12BSA3Ac3MCEjLhsDBUGFQAd6lrbKgAdIQhgQgXDcEIxROZ9IS4TAdQ7CcuDQB8k2cIwASXTBrDSeC2GqdMqBqABJLgAA10FkLhYQAcQACWI2QAGUABUAE0lkogB1FoCJoAApWxDWwRwcjA-CiOI3gaAAVWcABpAAPAArdBmIjUEOBgABZAA5AAtHSCObOSdSAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Mon, 16 Dec 2024 14:31:32 GMT
content-type
image/gif
0860ab24f45bc22b8f13cc8d6647caaa.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		84 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/0860ab24f45bc22b8f13cc8d6647caaa.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
cef923d56729944b2ae70b4e78b864efbb81a1db323d25882483aa8d935f9528

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=MTqQwQ==, md5=CGCrJPRbwiuPE8yNZkfKqg==
etag
"0860ab24f45bc22b8f13cc8d6647caaa"
age
1146229
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
86329
date
Tue, 03 Dec 2024 08:07:43 GMT
last-modified
Fri, 01 Nov 2024 19:19:11 GMT
content-type
image/jpeg
x-guploader-uploadid
AFiumC4WJKxPNoFEDrq268lzAR-5tH1c51mADoPmEe0DU21o-HYVdIY6d4157kku1ifg8JJXKhrbKVo0Pw
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730488751388465
content-length
86329
server
UploadServer
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
etag
"59a941c096f98029341d8c56b7b89113"
age
542089
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
18352
date
Tue, 10 Dec 2024 07:56:43 GMT
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
content-type
image/png
x-guploader-uploadid
AFiumC4f_pYKcz9VqlkpRy71xxiKy03QRS00bCZOy37tP3PwGa_PWWovUzYJalkllS-DrPhG1AyfA8s
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1598371060392963
content-length
18352
server
UploadServer
16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
etag, Content-Type
x-goog-hash
crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
etag
"16f45df19355361dc1c101036c0035b0"
age
507427
ad-auction-allowed
true
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
2419
date
Tue, 10 Dec 2024 17:34:25 GMT
last-modified
Thu, 01 Apr 2021 03:01:32 GMT
content-type
image/png
x-guploader-uploadid
AFiumC7eQWvycmJIlXTeoqgT3FwoOpIqHmsCwA0GIEkQBBw71brlfEnPm1m0lQ2IkQJxY3q1J_diWG4
cache-control
public,max-age=31536000
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1617246092060079
content-length
2419
server
UploadServer
eligible
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=E4UwNg9ghgJgwlAtgBygSwOYDsDOA1AJgF4BGAMhgwC40cBlAVwCMcBjYNJkYIgMyjA4QFarQAKoAG5oIDHHDkAXCIm58BQkVVZRWACxAAVOqQDsAZgAs5gKwBOS3ZIXzZBgEdSZIRlVZFAPpoMDhEZDoo6NjBRASmAGzWABym3rLArCBETLJYmQAeZFAYIP5EAFY4ZIgQMFkADGQA7iAsaIogMfHdlmTSOO0xzla2Dk6mdvH1lvEUINKZMVY2SfWmq6vxBCT1Nqb1O2SoJdIgTUPeIO4MpYswseFgaKWKimiqOIpIyGYj9o4EZaPZ7+KDINCSbgDCBYIhfDCuOoLLIwMiKPRoYAwAKoYCKACeAU+EGAxRAARgtCgTDAIHu-EEwkUAC8IERLKs0rxAjECO4AJIQAAaYDgEHiAHEABJCuB0QwATWCEoA6vV+QAxABSygIZD0UCxQXufMFQsQGoAqkwANL5cpgBV4ADWrDQAFkAHIALW9-IKliAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Mon, 16 Dec 2024 14:31:32 GMT
content-type
image/gif
eligible
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=E4UwNg9ghgJgwlAtgBygSwOYDsDOA1AJgF4BGAMhgwC40cBlAVwCMcBjYNJkYIgMyjA4QFarQAKoAG5oIDHHDkAXCIm58BQkVVZRWACxAAVOqQDsAZgAs5gKwBOS3ZIXzZBgEdSZIRlVZFAPpoMDhEZDoo6NjBRASmAGwEDgAc3rLArCBETLJYmQAeZFAYIP5EAFY4ZIgQMFkADGQA7iAsaIogMfHdlmTSOO0xzla2Dk6mdvH1lvEUINKZMVY2yfWmq6uJJPU2pvXbZKgl0iBNQ94g7gylizBErqxgaKWKimiqOIpIyGYj9o4EWyNR7PfxQZBoSTcAYQLBEL4YVx1BZZGBkRR6NDAGABVDARQATwCnwgwGKIACMFoUCYYBAd34gmEigAXhAiJZVmleIEYgR3ABJCAADTAcAg8QA4gAJYVwOiGACawUlAHV6gKAGIAKWUBDIeig2KCd35QuFiE1AFUmABpfLlMCKvAAa1YaAAsgA5ABaPoFBUsQA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Mon, 16 Dec 2024 14:31:32 GMT
content-type
image/gif
pop
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMn1wBsRIATAYUm2EngHM0BnANQCYMBGQp3CHDR0CNLjSwRlXBgByAQX6DwJJvHQYAitWVCRAV0n4AntNnUlBgI69C0Og2Zp4lDJwDsANk4BOACwAHISsIAb40LIARmFokQAehJACkhgAVqyE2CAyGAAMhADuuFGs8LC4rhheNf6EiPBlCG48HgDM-m0ArAG+rb5eef5ehDINkVUdXYF5HjMzPjx5XR55S4QMAg24hVV8rLjWBhITbnXQpPASsDi4rLCOvO2dPf6+nN2c9pfXkMBIBDKmgeTDao1w41klEIsAAFvB8JQAPoMfCwExI+4gfDJXBIyiNSBRUi4NwAM0gpAOMIAXiAMEECqEybAkVVONYAJIgAAapGoIC8AHEABI86gAZQAKgBNVxCgDqeU5ADEAFKwEBfWGQRFstwc7k87AqgCqUQA0vE0qQZewANbQeAAWTkAC03ZyEv4gA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Mon, 16 Dec 2024 14:31:32 GMT
content-type
image/gif
graph
idr.cdnwidget.com/ 		0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2qIoXmFUbKxjlYVkciMNZZIcex4&deviceID=2qIoXlCo6GHXCSTYidGW0IFJto2&bxdid=3458078080621057010&bxvid=1734359491796046&bxwid=6664&gm=true&apikey=2^HIykD&loadID=ydgLxARkghpRJV4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

x-envoy-upstream-service-time
0
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 16 Dec 2024 14:31:32 GMT
server
istio-envoy
collect
sgtm.elfcosmetics.com/g/ 		440 B
459 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je4cc1v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=991174587.1734359486&ecid=591609433&ul=en-ca&sr=1600x1200&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=MA&sst.rnd=671481759.1734359484&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=5&sid=1734359485&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&tfd=15268&richsstsse
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e1e60980934d9efb0633cdd3786ccb6acea4394f99fcc03672c9cba70b46e50b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache
x-accel-buffering
no
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
https://www.elfcosmetics.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 16 Dec 2024 14:31:32 GMT
content-type
text/plain
server
Google Frontend
id_sync
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2qIoXlCo6GHXCSTYidGW0IFJto2&source=web&agent=cjs&deviceid=3458078080621057010&visitid=1734359491796046&websiteid=6664&pageviewid=1&sequenceid=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
x-envoy-upstream-service-time
0
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
expires
Tue, 01 Jan 2001 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Mon, 16 Dec 2024 14:31:32 GMT
content-type
image/gif
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=m538fUrElOJLNQP1t9a1CBonY9mLzdkWv9804llh9mE%3D.1734359486&gtm=45j91e4c50v9125640115z8896608294z99175401888za200zb896608294&tag_exp=101925629~102067555~102067808~102081485~102198178&aip=1&z=2060493800
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.111.94 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.elfcosmetics.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 16 Dec 2024 14:31:33 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/
Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/
Domain
www.elfcosmetics.com
URL
blob:https://www.elfcosmetics.com/bd8472f5-e593-40eb-8f37-dbdaf9461f0e

Verdicts & Comments Add Verdict or Comment

226 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host function| $ function| jQuery object| Vimeo boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended boolean| VimeoCheckedUrlTimeParam object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ object| regeneratorRuntime function| _ function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive object| DataLayer object| dataLayer function| getDataLayerEvent object| DY object| viewedProductIdsForPage boolean| BRAZE_SETUP_COMPLETE boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom string| personalizationHash object| OtTrustedType object| DYExps object| DYO object| contextManager object| DYJSON object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| DYWork function| $dy function| getProductNamesEval object| DYCS function| getProductSkusEval object| _uxa object| Optanon object| OneTrust number| gtmPageLoadId function| create_UUID function| createCookie function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer number| j boolean| otLastAcceptAllValue object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| _inside boolean| _insideLoaded function| _insideJQ function| _insideViewUpdate object| a object| m object| gaGlobal function| ___rmuid object| ___RMCMPW object| CS_CONF object| CS_INTEGRATIONS_CONF function| csSetTimeout function| csQueueMicrotask function| csClearTimeout function| csSetInterval function| csClearInterval function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen function| csRegExp object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| CSCurrentScript function| redditNormalizeEmail object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG object| UXAnalytics function| UET function| UET_init function| UET_push object| bouncex object| insideFrontInterface object| _insideGraph string| _insideProtocol string| _insideCluster string| _insideGraphUrl string| _insideSocialUrl string| _insideCDN string| _insideCDN2 string| _insideScriptVersion boolean| _insideLive boolean| _insideIsLive object| paypalDDL string| PaypalOffersObject function| ppq object| ueto_5e756757f9 object| uetq object| heapReadyCb object| heap object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| tagConfig object| webpackChunksmart_tag object| __post_robot_10_0_44__ object| PAYPAL object| bxgraph object| recaptcha object| closure_lm_47195 object| insideAPI object| insideStreamingCheck object| insideCreditCard string| imageurl string| offerurl object| fbQueue function| fbAsyncInit function| processFbQueue function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie function| a0_0x3eec function| a0_0x20c7 object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| threatmetrix boolean| usingChatPanev2 object| cti110221 function| tmx_post_session_params_fixed function| tmx_run_page_fingerprinting boolean| tmx_profiling_started string| td_4Y function| close_bouncex_ad

92 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09AJNbFnciiE_4mMPbSnhI5u4UuZSL8jSXc436ewfLGVjmLJDqE56bDh0oMCRyPd8iiRGgi2isg7Vk4LIy7CK9d8c
.bounceexchange.com/state Name: bounceClientVisit6664c
Value: %7B%22vid%22%3A1734359491796046%2C%22did%22%3A%223458078080621057010%22%7D
.youtube.com/ Name: YSC
Value: nw6iuO5lYm8
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 29TDX2gm0_4
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJDQRIEGgAgHg%3D%3D
.vimeo.com/ Name: _cfuvid
Value: MeAwvnA4.IgoaW.fhmqD02ep_5fTS8AHFORNBr8GbkU-1734359480933-0.0.1.1-604800000
.vimeo.com/ Name: vuid
Value: pl542696709.170364896
.vimeo.com/ Name: __cf_bm
Value: QEgf6hJWnAV52W8fXY2RETxgZf3t_zfzLeyT3m_alA8-1734359481-1.0.1.1-xMFkdDKEVTNAyCKq.B_tM_mH37xfREbkQ6wK.emUCuqWh42p9J.3ijQdmkZqhtpk
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3Ad536c6f2-d081-0fde-d811-09bbfc06d3e9%7Ce%3A1734361282276%7Cc%3A1734359482276%7Cl%3A1734359482276
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A3c0b1830-6173-3d42-d3ed-1f1d114db908%7Ce%3Aundefined%7Cc%3A1734359482278%7Cl%3A1734359482278
.elfcosmetics.com/ Name: _dyjsession
Value: r6ehhq799airbv42m6lr8fag151muzs2
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: r6ehhq799airbv42m6lr8fag151muzs2
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.1610136199.1734359484
.dynamicyield.com/ Name: DYID
Value: 81065031250229691
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _dyid
Value: 81065031250229691
.elfcosmetics.com/ Name: _dycst
Value: dk.l.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: CA.NA.CA_.CA__
.elfcosmetics.com/ Name: _dy_df_geo
Value: Canada..
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
.elfcosmetics.com/ Name: _dy_soct
Value: 1734359483!1652212.0'1654610.0'1750272.0'2589855.0!r6ehhq799airbv42m6lr8fag151muzs2~1248068.0
www.elfcosmetics.com/ Name: dwsid
Value: -Jv2lVqxHjqAb_O6-UA_NostGABP_4G0wMUk6L3bn4YoCTvy6DqREeoU1d7hum9wjkWPVUVXGDAIPLZc7E0huw==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: abwXoYkedIxusRlHtJkqYYw0hI
www.elfcosmetics.com/ Name: FPC
Value: 68297b2d-beea-451a-96e4-79cf876a9f9f
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Mon+Dec+16+2024+06%3A31%3A24+GMT-0800+(Pacific+Standard+Time)&version=202406.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=25be11d1-e641-4207-a130-f501981df40a&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
.adsrvr.org/ Name: TDID
Value: 701306dd-118b-41da-a7f7-835f826c2911
.adnxs.com/ Name: XANDR_PANID
Value: aQpIcdsUyB_smH3XkjsCuXNXcOeQziKIZvKN_f0goVWaqOrmwOvNk-cnPLDFxi1jPgvWdqTgyTIXJpeR3Q4196bshqmJXvjDBTdo1IJHH1Q.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 4886300268077266109
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2In4AqZJc!@wnf-Te9(>wL5L!!'wp%%%#K
.pointmediatracker.com/ Name: c
Value: c904f772-6073-464e-8957-0eb4fa020f1d
.doubleclick.net/ Name: IDE
Value: AHWqTUmwpWeP4wScDe0IGIMJMuiMy0dbnyMAhx9GLXmJZCLfjEcj373QX6NN3MW9RDk
.tiktok.com/ Name: _ttp
Value: 2qIoX0elfUaLk2FkiIejkIkK73f
.elfcosmetics.com/ Name: _ga
Value: GA1.1.991174587.1734359486
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.elfcosmetics.com/ Name: FPID
Value: FPID2.2.m538fUrElOJLNQP1t9a1CBonY9mLzdkWv9804llh9mE%3D.1734359486
.elfcosmetics.com/ Name: FPAU
Value: 1.1.1610136199.1734359484
.elfcosmetics.com/ Name: FPGSID
Value: 1.1734359485.1734359485.G-5D80LRC85N.NqGrhYJZeyU9Rt__CTzCHA
.doubleclick.net/ Name: ar_debug
Value: 1
.rubiconproject.com/ Name: audit_p
Value: 1|JkkCnY8x7zPIJop4Nq7jzcbX7F4ZMw8wqb6MrdP4zmM7wCFCn6f3ehBFRnuP13odb+FMgl1jSHkwHTRO1/p4iHX0qfg68IpFQAPcN3ARK84fSLLuobAfA/4aNwilHdQy4T1Y92/r/Friai1aRBuTd7kINtwjLQov+FNY0L+HtS/REvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.rubiconproject.com/ Name: khaos
Value: M4R4UW46-19-FWMZ
.rubiconproject.com/ Name: khaos_p
Value: M4R4UW46-19-FWMZ
.rubiconproject.com/ Name: audit
Value: 1|JkkCnY8x7zPIJop4Nq7jzcbX7F4ZMw8wqb6MrdP4zmM7wCFCn6f3ehBFRnuP13odb+FMgl1jSHkwHTRO1/p4iHX0qfg68IpFQAPcN3ARK84fSLLuobAfA/4aNwilHdQy4T1Y92/r/Friai1aRBuTd7kINtwjLQov+FNY0L+HtS/REvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1734359486020.a5320c59-f772-4fcb-9124-7ce06f9cb528
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGZ29vZ2xlEgsI7oC4pov6zj0QBRIXCghhcHBuZXh1cxILCL6w_KmL-s49EAUSFgoHcnViaWNvbhILCJjY_KmL-s49EAUSFQoGY2FzYWxlEgsIitG5rIv6zj0QBRgFIAMoATILCPCGxMuh-s49EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.casalemedia.com/ Name: CMID
Value: Z2A5vtHM6q0AAEjKAfU9WQAA
.casalemedia.com/ Name: CMPS
Value: 3811
.casalemedia.com/ Name: CMPRO
Value: 3811
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1734359486387.497790286195461303
.elfcosmetics.com/ Name: _cs_c
Value: 0
.linksynergy.com/ Name: rmuid
Value: 5273e0f7-6387-4c43-89b3-8d69ad5fc2f0
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: OAy9v9C2NCHuUFbA31865N1y2LE.tt.1
.undertone.com/ Name: UTID
Value: 80e34127028e4f9a9a1c00f8f2832de2
.undertone.com/ Name: UTID_ENC
Value: 7mp2ybvo9vasjy75g9dvfnmqq
.elfcosmetics.com/ Name: _uetsid
Value: 6ec93db0bbba11ef8dfa8dec34f28896
.elfcosmetics.com/ Name: _uetvid
Value: 6ec98fa0bbba11efb3f7ebfc58e1461b
.pinterest.com/ Name: ar_debug
Value: 1
.bing.com/ Name: MUID
Value: 3A12B13FF48F603A0441A468F5596114
.bat.bing.com/ Name: MR
Value: 0
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPVptTmhOVE0wT1RNdFltTXpNQzAwTm1JMUxUazNNbVF0WVRReVpqRTVOakJtTjJNNA
.elfcosmetics.com/ Name: inside-eu8
Value: 24478549-3889abe27c5766da3eebff9bc8fabba9a7e3a197bed8d49f08b10ca10436ff63-0-0
.ct.pinterest.com/ Name: _pinterest_ct_ua
Value: "TWc9PSY1OUJiV0Y0ZUxoQnFEQjZRK1lBUFg1aHhjeWpNYlVuZUt2NDdNRVA5Q0Q0b1J2KzhXY2cvSVI0a29rd2tTQjVFSEFOQlJIMjlYTHlTblUyV3BLNzQ1NCtjT2pDT1BIVWFCMm05WVJRTU94RT0mRTkyd00wRThkczBEdzJZQ0pVQXF4aFQxdk5BPQ=="
www.elfcosmetics.com/ Name: esw.currency
Value: CAD
www.elfcosmetics.com/ Name: sid
Value: _royrVi3aY8cZRWiBSUTYI0M3DhN-fYBXM8
www.elfcosmetics.com/ Name: _dyid_server
Value: 81065031250229691
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: true
www.elfcosmetics.com/ Name: esw.location
Value: CA
www.elfcosmetics.com/ Name: currentLocale
Value: en_CA
www.elfcosmetics.com/ Name: esw.sessionid
Value: abwXoYkedIxusRlHtJkqYYw0hI
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_CA
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.elfcosmetics.com/ Name: _ga_5D80LRC85N
Value: GS1.1.1734359485.1.1.1734359487.0.0.591609433
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1734359485.1.0.1734359487.58.0.0
.elfcosmetics.com/ Name: FPLC
Value: 4w83zYsJxp%2FXyPY7RX7H9jfyDJxtPSm6RjFLdB2sMmMtAht1v%2FYxBaLqXAKqOzabG5c70RWdIZfjW%2BTxQi22kLiLK6uRPdFO5QDJl0GVuD808CwM7LTrfnROnEkChg%3D%3D
.elfcosmetics.com/ Name: _scid
Value: 6c242368-8e7f-4445-1ebc-15d876b21118
.elfcosmetics.com/ Name: _hp5_meta.1042782804
Value: %7B%22setPath%22%3A%7B%7D%2C%22userId%22%3A%221372268356111312%22%2C%22sessionId%22%3A%223563219146157446%22%2C%22lastEventTime%22%3A1734359489413%2C%22sessionProperties%22%3A%7B%22time%22%3A1734359489413%2C%22referrer%22%3A%22%22%2C%22id%22%3A%223563219146157446%22%2C%22search_keyword%22%3A%22%22%2C%22utm%22%3A%7B%22source%22%3A%22%22%2C%22medium%22%3A%22%22%2C%22term%22%3A%22%22%2C%22content%22%3A%22%22%2C%22campaign%22%3A%22%22%7D%2C%22initial_pageview_info%22%3A%7B%22time%22%3A1734359489413%2C%22id%22%3A%227692114363801079%22%2C%22title%22%3A%22Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics%22%2C%22url%22%3A%7B%22domain%22%3A%22www.elfcosmetics.com%22%2C%22path%22%3A%22%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22query%22%3A%22%22%2C%22hash%22%3A%22%22%7D%2C%22source_properties%22%3A%7B%22screen_height%22%3A1200%2C%22screen_width%22%3A1600%7D%2C%22properties%22%3A%7B%22Page%20Type%22%3A%22content%22%7D%7D%7D%7D
.elfcosmetics.com/ Name: _cs_id
Value: c641d70c-cc79-a8f2-8fcb-ed8e4b7b0bdb.1734359489.1.1734359489.1734359489.1558384338.1768523489422.1
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.9.1734361289862
.elfcosmetics.com/ Name: _hp5_event_props.1042782804
Value: %7B%22Contentsquare%20Replay%22%3A%22https%3A%2F%2Fapp.contentsquare.com%2Fquick-playback%2Findex.html%3Fpid%3D1926%26uu%3Dc641d70c-cc79-a8f2-8fcb-ed8e4b7b0bdb%26sn%3D1%26pvid%3D1%26recordingType%3Dcs%26vd%3Dhe%22%7D
.rlcdn.com/ Name: rlas3
Value: gfiqE9e0IZ/odvgPWRoSviUc7Hu6m+XGDcYIwvisVWw=
imgs.signifyd.com/ Name: thx_guid
Value: 94ddbfe11c9f44193444a228b55cf6ae
imgs.signifyd.com/ Name: tmx_guid
Value: AAzOLMWoMjPhNxHaFwqC5kkoX7AXdaKFt5KMabv8pOW6kUQZwK7JUDL4DmFCB7HwNao_dMjBWSFi46-1hgUChb8FOkoF6w
.rlcdn.com/ Name: pxrc
Value: CMPzgLsGEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-12-16T14:31:31Z
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2qIoXmFUbKxjlYVkciMNZZIcex4","deviceID":"2qIoXlCo6GHXCSTYidGW0IFJto2","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJxSW9YbUZVYkt4amxZVmtjaU1OWlpJY2V4NCIsImRldmljZUlEIjoiMnFJb1hsQ282R0hYQ1NUWWlkR1cwSUZKdG8yIiwiaXYiOiIiLCJ2IjoiIn0%3D
www.elfcosmetics.com/ Name: bounceClientVisit6664v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QKBGoQUYoACYUAbhwqC2VgxgAsAVgAcABgDsvr4AbLgAjD4efj7hRgDmVhD60NQaKBS6tGooYDAICgCu6SD5WsmpRTb2tBbQoABGCvTEaUkgwnCNLEa2FAoobPT8BqEYoWQ+4+NGEGBm1PQKTAYAMqr5AB5GlQ6CCACeEDUgNigA1gj0ULoNavwusEbEFHX2FMQwKZoUAL66-PSCU6qCj9Up5Qq6BQUACOhRMu3opwErkibisQSCFA8tA81Aofg8GB81SCXhxAE4bH4rNjQqFyUEGbgvHVQh4PBQMOS1LgPLg6l5Qn5cLhqD43F52WoPD4jEx6HU2GAap80rp7FBYKEgn4yHS3GRcD5yXqfBg4hR6JYQAx8vw8nsDKIjAAvNiakAACWw00YpjAggYNgM3qwRlobH2BgAsoM8hQNOG48D7YH6MHYAA5MOQiixAZDWAARWERih+cGgnUXWLhTqFFoSbtDqrahrbVuaisaib9oUezTGbaOZt9Gb-cHnKdWEzRjUULUk4MWyYi6DNR8uhYeQB65gm-AZkj+QznjIHl0YEG+YQJ5qkj8GDIQV+IHo1GoDg+5V0CELQvcDAPHJNxyVCX9EQEAA1Nh+gQABJe4QAAtwgJAsC-AZcUgi2OwHHggARVxPF8AIfGCMIIiiGJ1VgyNCOGR9UOA0ChSwtwcO+b4gA

6 Console Messages

Source Level URL
Text
security error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 430)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ from frame with URL https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals. Domains, protocols and ports must match.
security error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 430)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ from frame with URL https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals. Domains, protocols and ports must match.
security error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 430)
Message:
Unsafe attempt to load URL https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d4210220/www.elfcosmetics.com/v~4b.aa/en_CA/ from frame with URL https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals. Domains, protocols and ports must match.
rendering warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0F01C00641C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0204107641C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0C04007641C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ad.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.ipify.org
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
c.us.heap-api.com
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.blisspointmedia.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cdn.us.heap-api.com
cdn8.eu.inside.chat
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
cosmeticscriminal.ca
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel-config.reddit.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
player.vimeo.com
qoe-1.yottaa.net
rcom.dynamicyield.com
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
use.fontawesome.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aa5n6mkspifita3hfskautk64megamdpff6042f88ccad5596fsac.d.aa.online-metrix.net
www.elfcosmetics.com
www.facebook.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
www8.eu.inside.chat
cdn-fsly.yottaa.net
www.elfcosmetics.com
104.18.27.193
104.18.38.107
104.18.9.17
108.138.64.85
13.249.39.52
142.251.111.94
142.251.163.155
142.251.179.147
15.197.193.217
151.101.1.21
151.101.129.140
151.101.129.21
151.101.194.133
151.101.3.1
151.101.64.84
151.101.65.140
162.159.128.61
172.253.122.149
172.253.122.155
172.253.63.154
172.67.74.152
173.222.169.165
18.160.18.41
18.205.99.155
18.214.145.44
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
2001:4860:4802:34::181
204.2.133.238
204.2.133.49
216.239.38.181
23.212.249.23
23.9.177.190
2600:1408:c400:13::17d4:f8cb
2600:1408:c400:1f::17d4:fbcc
2600:1408:c400:382::1931
2600:1408:c400:e::17cd:6a1a
2600:1901:0:56e0::
2600:9000:2305:3a00:1c:df99:ffc0:93a1
2600:9000:2479:6000:11:85b0:d600:93a1
2600:9000:27c2:4a00:a:7914:b00:93a1
2600:9000:27c2:8200:15:ad21:c740:93a1
2600:9000:28a9:9800:a:b89d:a6c0:93a1
2606:4700:3036::6815:1b98
2606:4700:4400::ac40:9b77
2606:4700::6812:562a
2606:4700::6812:811
2607:f8b0:4004:c09::5e
2607:f8b0:4004:c09::61
2607:f8b0:4004:c09::88
2607:f8b0:4004:c0b::9c
2607:f8b0:4004:c21::5d
2620:1ec:33:1::10
2a04:4e42::396
2a04:4e42::649
3.162.103.75
3.167.88.57
3.213.38.112
31.13.66.19
31.13.66.35
34.102.147.248
34.111.8.32
34.120.253.250
34.149.130.207
34.49.124.132
34.98.106.171
34.98.67.3
34.98.72.95
35.190.20.211
35.227.248.175
35.244.154.8
52.208.170.225
52.70.202.166
64.233.180.149
68.67.160.132
68.67.160.184
69.173.146.5
99.83.184.193
0459d92439b00a45ee64b06b3332d2d9ff6f1ab8b44ff970b7874bbe874a2477
066a1d0ca8739927212da5ca749914d066de699b9aae2614a4165eeecd11f0d8
0781116351275f1c9d97818c6b40d4b90f97fc3a015d22bcb8e6ac1c8ac1562e
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
12cd1711c7f4f44d2551961a2bdc9389bdf97cc252342e8b200367db6f862efb
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
147671adc0ae294487a897c708024fe7eecd1954bfe744ca713b1ea0920af550
14939503c8a97bef459ce94218f0e65933ab569f7b1d726bcb0b3c1031ebccf9
16c9b20cc559c1c9146dcd9c4915775b66d6728e4bba2714f3bfbe45218402d3
17a69af059441e3bf2dda19d5d28a0f95ab8d239db61d2c54a01a0c43124d598
183ae143a7f66c133f3948bdf61a0a9f97eb326be7de5947c1f19b93f3b9db24
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
1c2b78660856b99c7f32fc4318ce7bfc448adda9297018fd43e9ae63334ebe00
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
226049a96ceaa190e0dd45980c8fba9367127b7c2b19b635ee30bb7f4fa17e52
240355f4e85792fb5c1e46a942e6d797a078d39f8717dfbab666e4e80cb4dd8d
254e48ee430d6d16e7bab2efbcc141f472111d25e8a522a966d3f93ff7f43297
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2adcf9fd70c1c834f4b13d732b66f4900cec9a6bbdc587b85dbc68cdd9a34be4
2dffa799d4d787807163d02ef323efac2e47d7480e302d800a76a98020f32d11
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
32ad364270944bfe7e5334b8090e8a7532339f6d8d0a17005324c20369293ebf
357123db40fdde96dd9e4b478ce677d3e43f8fdeb86c67381cba2071273f9278
359722b660d0b4a5afb34561728a3918b96bdccf3a3cddc4291ee4cd15f65c3f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
39b8d6e7380c33c9ff52a02a569e68aa60fe28e6a6ab5d8e982c9149d9708913
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
3e2be12954d30ece9147fb4d6d37c7d1e632138807880bdcd4cff7ad9768d11b
42b9d7f191f308b12c08db50ae043c8d3eece5346ae81d134e0e2c024d92d492
46811578437caf8eac61ac10112c43b46ede17063b29ac96b866c7027b6fd1d2
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
495b6c4a195f2e48f175b6e86696578e7716c3053ef82277f81290025eb7d5b1
498a41eab15456686643b139ae2c289c961bb02da852aaad698540831d0e9bb5
4a970797076346b140129a69e017d8d2370f6bbb2ce9ba4c1b5a398f3366a202
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
4ee6d6632797b71b86432ea94f20e05512ab60ed9d6c6103211fe9f64aa0314d
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f74b9816dd6a7cbb941e020eb23ea70ec93e433a780ec78d81a63573ce45a95
50d93a2c186cbd1032ed973e133713a6dfbbd5f7fba4fb89069350f228ce4d81
546e554a3c51ce180d022de9ff5506f14603b38d40ece9f2be43c88328358a52
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56aea4e78cf1538541603e3c8f14b15dfc9bfee27cadb946f8b3017ebe8abe3b
572ddd2acf0e670af32546012da3e46055a0ff12b7a9454ccd275473cb2e7686
5848cfb1deebf7628b50ffb424a4bfcbdaec47eb0234c2183238e097c967b43b
5a80b10ec0c44ff82a283f3d78f81623e15d8381656a111ad9211878700f89c2
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
5d6d87deb0262a268b1656036f7d55c1cd917354fccfd9792f106deff1cddf27
5dc0d7bd68b30ae8330274f08b4f3424d474fa1f10bc1abfcceaa89901bb3c08
5e208be404e962917b2cf3e9e3ca259e70a807548bed820770ebc0250496ac62
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
5fbf274307b0005c6c7e28165828d62def90546a6395cc49c4bf08aa9a7fd2a2
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69beb39687e8656561a843b13137c292498648b7f1ae665214eb292527cd436b
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6ada904b348f3aec8423f2b8a1335f55aa68d2d8d636da40fb02a2ac7cd4b193
6c496fcbe60fec78dc1b86a9136644d9a97cae20df32be3e9a4a62ce7bd0e6a6
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
79d5755c3ff9677849a72a3e4ed4f8c36574c8c1d7c47288809fdfe05f334782
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7a506503adb523ec7fd71e1cd5b953922dea386950cf0ea6355d1037bd7c6d1c
7c0ab8e5aab439186d891ac01079f56d693b9e60786f37b0209d1a8371ff0506
7d60c0cd0647ecb04df42bcfd2acd351c105c2d89e2b401ba03b0845336170e7
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
7e3dc02a0e24d7014bce91d1c2c1cff39e4056903aa9c069257f9ab3338dee34
81afbb0b6f6971bd4996bc255d6dfda8f588da054e2a7187b4d8b6a761c59114
85ab852bfb2016bce3933a1c7107b1bce807179f46364db291ab1f86b89addbb
87579ccea729246682d0c4696345bba7a3fc2e6c9cc187ff04a42880bc622f23
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8cc6ae4326825eb9c1ff708759c52ab206f2a94f3b0e0bbd76c7509cca799c0d
8df9e9875419d2c0d1bc8af23e63949a7e20b1ff5cd2f57c7958fc65a7be8b56
8e685313112279f592a7ee9ef45c43481f9db088f258fae8322751776a43aa26
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
911894783ee4fd2bdbea04f4cf5c1ccfa3cab4be816e5ebed6c5d2c2cb6d38a3
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
974f64bede7bfa0bbd7ebbeb0c6123ea1551023c2f01b3407bc6c24e542f8465
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
9e9491aa4ab12f7e7e28036bd764a4dd1124b16cb34cc1a542d7fb0e44e3d63e
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a33829c39b1a9ff45ceb69c2435b62a1dd3b43c03e493cb0b59e3f1fa5667f70
a588969da06c7db822106f599c7992df8239c8227dd0591aa9a67ed4a43cf3d7
a8b68b46f44aac34f59d2926e8db6bdae4bc3b7fe3aad60948e97f428b087531
a9cee4ae5c5bfb20c25f86bf00116525f9051fabb4e582fd0682305e6e592fc4
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
aca990e4ea5c882dcfe05c1b6de93300cc4e0ed49fe61d511422b67c9953ec0d
ae4473634c431ad9f967c6f8d8011562526f973baa8834afc79fefd66d4934c5
afe089ccc02c3bafec407eb0b451cfc0fcad209e9c45e916093db954b7cf5414
b02a020f88f0cd42fad80078f958d9a87a2f83cee756d5fb426a40bc9823da92
b12820211823098b4d8f580aabc41bdc00210bc7c8f0addab8aade7b6ce263fe
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b94bd2f70b48b693fb3ade8334959327f1d84234487856c2a8eb0cc4846600da
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb378098ee9eb555df3b46abb37f65c770427b74147322c7707da6f623b28144
bf055e03c860dd88d9d4017203050548dc930d6b78749b07320c9b08f3625071
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
c2ac7532466beef2ea338502b864a697286dfb2a61cefb19fcebe0cccc40f068
c31826b9b61e051e0f0c582d9963e9f7835ec7249ed88cc651ce10b349496b8c
c50a0366bab0d95bd0dfbbf67ed889b5fd383ee7464a77660088c32e4ef91c20
c78f8435e7b99d460a79994b0ff71a74985547ce2991a67559831f3ed143b0e0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca3f9035e8ba12e10c6237a28f67d17f12577b2abbf143b7a675510a42d34e4e
cca573311de5fd7dd1be411ebcfd901a4765ae438c0bebd21e91fab13a0f8dd7
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
cef923d56729944b2ae70b4e78b864efbb81a1db323d25882483aa8d935f9528
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b
d5f741b0b06c38fb534139add094284920efd63fe1882c389bdf8354634c5f29
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d7d6f2d3cc5c5e3b057e899b45fb372d18890b7b61e0df9ced47891f9bbf0061
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
d8a6f87544a3d737c7528b90820cc6ca9e042372c62bc7d530f75bc6c7ace594
d912942513f9f5243a8ba8caa5b9324c9f27db28699eab7bb21eb981bbd31639
da2d5cc7a936d3108413875e85969ff2e0a1bc79e4c9df4fabadb1ec9198e215
dae2962d0ad512373f5e70c5bd6b0a106ad88a7d00f6722d6dcdd46f196555c6
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
de54af57f8d83a7bf0394ad0f819596d93454b4bace23d153b120f634719ca6e
e1e60980934d9efb0633cdd3786ccb6acea4394f99fcc03672c9cba70b46e50b
e2e68d3c30718c583fa70c9f64080e1199155a4a3db901d740792af72e523720
e35ebb7e01dda1bdb1fbb86be8bb4163c3b3a0b1353a0b90d573d1ebb913eddd
e3737cc343524433d59bc1654afbddd4ef5036667f946f9b432e1b9e472d5a28
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d664226d33e07026830341e27f86bd29cd5edeb37de67d0752066809bb1ba6
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e79dea9b0707ff2fa615359bdb9683037505ddb2a00daae13de4ae1a80055adf
e92913c2b11fc1e9e7c4f84628362d1c9660e7f7e88904d124c9ebbbef9d4e48
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
ed353ab2902b414838e8d83cdae8ee057a48ba19aa90572c7d3ca6b1d03df4d3
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef96fb309ad3ea8a14232a1b565d1b0c8e8e5760205f76e9354f0ecfd618d39d
f0edb4a37158b523856d03b9219f18d1e7235d7e546452808aa15a91d9edf8c3
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55
f3ee233d8819e508bb5518fe58a3109712e1162aaec3a3470ca19e48e1a91db2
f89ecfe895e92414e7dc009d8c1eb6c3a642307fa86f9c8ff2f498368ae73df6
f8d1544bb47c74ef9a9b177a721c628aeff0be0f9f6a57b18769a7d67055c759
fb322d9e801b20f445402380d99d144e674abdc4821c6b5d30936c0ecfe381ab
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fe94d8c5399189327e9bef23c9a122573f8c7daa36b12f9775301e982c76b23d