urlscan.io logo urlscan.io
SecurityTrails logo

www.elfcosmetics.com Open in urlscan Pro
204.2.133.71  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cosmeticcriminal.ca/
Effective URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Submission: On August 20 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 65 IPs in 3 countries across 52 domains to perform 234 HTTP transactions. The main IP is 204.2.133.71, located in United States and belongs to YOTTAA-AS-1, US. The main domain is www.elfcosmetics.com. The Cisco Umbrella rank of the primary domain is 182297.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 25th 2023. Valid for: a year.
This is the only time www.elfcosmetics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 165.254.198.225 393259 (YOTTAA-AS-1)
1 14 204.2.133.71 393259 (YOTTAA-AS-1)
1 162.159.128.61 13335 (CLOUDFLAR...)
2 8 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42:200... 54113 (FASTLY)
1 162.159.138.60 13335 (CLOUDFLAR...)
3 151.101.2.133 54113 (FASTLY)
2 35.194.25.57 396982 (GOOGLE-CL...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:21d... 16509 (AMAZON-02)
5 2607:f8b0:400... 15169 (GOOGLE)
2 104.26.13.205 13335 (CLOUDFLAR...)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:24f... 16509 (AMAZON-02)
2 2 142.250.80.68 15169 (GOOGLE)
1 2 142.250.81.226 15169 (GOOGLE)
7 18.238.80.118 16509 (AMAZON-02)
2 2600:9000:23c... 16509 (AMAZON-02)
2 2 54.83.187.119 14618 (AMAZON-AES)
2 18.238.80.36 16509 (AMAZON-02)
2 4 68.67.160.137 29990 (ASN-APPNEX)
6 7 52.223.40.198 16509 (AMAZON-02)
1 1 142.250.80.34 15169 (GOOGLE)
1 1 69.173.151.100 26667 (RUBICONPR...)
1 2 104.18.36.155 13335 (CLOUDFLAR...)
1 204.2.50.211 393259 (YOTTAA-AS-1)
1 34.102.147.248 396982 (GOOGLE-CL...)
5 151.101.129.21 54113 (FASTLY)
1 23.204.17.176 16625 (AKAMAI-AS)
2 172.217.165.142 15169 (GOOGLE)
1 18.238.80.5 16509 (AMAZON-02)
2 2a04:4e42:77::84 54113 (FASTLY)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2a04:4e42:200... 54113 (FASTLY)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
5 34.49.124.132 396982 (GOOGLE-CL...)
27 23.44.111.16 20940 (AKAMAI-ASN1)
4 2600:9000:24f... 16509 (AMAZON-02)
2 34.120.253.250 396982 (GOOGLE-CL...)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
3 142.250.176.195 15169 (GOOGLE)
2 34.197.85.244 14618 (AMAZON-AES)
3 151.101.129.140 54113 (FASTLY)
2 34.98.67.3 396982 (GOOGLE-CL...)
5 34.227.169.231 14618 (AMAZON-AES)
4 142.250.65.198 15169 (GOOGLE)
4 8 142.251.40.230 15169 (GOOGLE)
2 151.101.3.1 54113 (FASTLY)
8 23.56.163.9 16625 (AKAMAI-AS)
4 2a03:2880:f11... 32934 (FACEBOOK)
3 104.18.15.190 13335 (CLOUDFLAR...)
13 34.98.72.95 396982 (GOOGLE-CL...)
2 192.229.210.155 15133 (EDGECAST)
1 34.149.236.175 396982 (GOOGLE-CL...)
1 34.117.107.29 396982 (GOOGLE-CL...)
1 34.102.221.243 396982 (GOOGLE-CL...)
2 34.149.130.207 396982 (GOOGLE-CL...)
1 54.229.90.86 16509 (AMAZON-02)
8 34.111.8.32 396982 (GOOGLE-CL...)
1 2600:1901:0:5... 396982 (GOOGLE-CL...)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
2 108.138.106.40 16509 (AMAZON-02)
13 192.225.157.157 30286 (THM)
2 192.225.158.1 30286 (THM)
1 192.225.158.3 30286 (THM)
1 1 142.250.65.194 15169 (GOOGLE)
2 54.216.49.186 ()
2 2 35.211.178.172 ()
1 1 207.65.37.184 ()
234 65
1    165.254.198.225 (United States)

ASN393259 (YOTTAA-AS-1, US)
PTR: d3-12-0-1-25-0.a02.nycmny01.us.ra.verio.net
cosmeticcriminal.ca
14    204.2.133.71 (United States)

ASN393259 (YOTTAA-AS-1, US)
www.elfcosmetics.com
1    162.159.128.61 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
8    2606:4700::6812:1f1b (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.media.amplience.net
2    2606:4700::6812:1888 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.static.amplience.net
3    2607:f8b0:4006:820::200e (United States)

ASN15169 (GOOGLE, US)
www.youtube.com
1    2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
3    151.101.2.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn-fsly.yottaa.net
2    35.194.25.57 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 57.25.194.35.bc.googleusercontent.com
api.retail.adeptmind.ai
12    2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
3    2600:9000:21dd:4a00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
5    2607:f8b0:4006:824::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
7    2606:4700::6812:65a (United States)

ASN13335 (CLOUDFLARENET, US)
sdk.iad-05.braze.com
1    2606:4700::6812:1d7f (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    2600:9000:24f1:6400:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
2    142.250.80.68 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f4.1e100.net
www.google.com
2    142.250.81.226 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f2.1e100.net
googleads.g.doubleclick.net
7    18.238.80.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-118.jfk52.r.cloudfront.net
async-px.dynamicyield.com
2    2600:9000:23cb:e00:11:85b0:d600:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.cnnx.link
2    54.83.187.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-187-119.compute-1.amazonaws.com
pixel.pointmediatracker.com
2    18.238.80.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-36.jfk52.r.cloudfront.net
cdn.blisspointmedia.com
4    68.67.160.137 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
ib.adnxs.com
7    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
1    142.250.80.34 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net
cm.g.doubleclick.net
1    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
1    204.2.50.211 (United States)

ASN393259 (YOTTAA-AS-1, US)
qoe-1.yottaa.net
1    34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com
tag.rmp.rakuten.com
5    151.101.129.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal.com
1    23.204.17.176 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-204-17-176.deploy.static.akamaitechnologies.com
static.ordergroove.com
2    172.217.165.142 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s70-in-f14.1e100.net
www.youtube.com
1    18.238.80.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-5.jfk52.r.cloudfront.net
t.contentsquare.net
2    2a04:4e42:77::84 (United States)

ASN54113 (FASTLY, US)
s.pinimg.com
2    2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
5    34.49.124.132 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 132.124.49.34.bc.googleusercontent.com
sgtm.elfcosmetics.com
27    23.44.111.16 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-111-16.deploy.static.akamaitechnologies.com
analytics.tiktok.com
4    2600:9000:24f1:1000:a:7914:b00:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.jebbit.com
2    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
2    2607:f8b0:4006:80c::200e (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
2    2607:f8b0:4004:c0b::9c (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    142.250.176.195 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f3.1e100.net
www.google.ca
2    34.197.85.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-85-244.compute-1.amazonaws.com
api.cquotient.com
3    151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
alb.reddit.com
2    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
ut.rd.linksynergy.com
tags.rd.linksynergy.com
5    34.227.169.231 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-169-231.compute-1.amazonaws.com
c.contentsquare.net
4    142.250.65.198 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f6.1e100.net
ad.doubleclick.net
8    142.251.40.230 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f6.1e100.net
9231397.fls.doubleclick.net
10742279.fls.doubleclick.net
2    151.101.3.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
t.paypal.com
8    23.56.163.9 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-163-9.deploy.static.akamaitechnologies.com
ct.pinterest.com
4    2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    104.18.15.190 (None, )

ASN13335 (CLOUDFLARENET, US)
elfcosmetics.a.bigcontent.io
13    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
2    192.229.210.155 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
1    34.149.236.175 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 175.236.149.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.117.107.29 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 29.107.117.34.bc.googleusercontent.com
page.cdnbasket.net
1    34.102.221.243 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 243.221.102.34.bc.googleusercontent.com
view.cdnbasket.net
2    34.149.130.207 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
1    54.229.90.86 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-90-86.eu-west-1.compute.amazonaws.com
srm.ba.contentsquare.net
8    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
1    2600:1901:0:56e0:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
ids.cdnwidget.com
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
2    108.138.106.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-40.jfk50.r.cloudfront.net
cdn-scripts.signifyd.com
13    192.225.157.157 (United States)

ASN30286 (THM, US)
imgs.signifyd.com
2    192.225.158.1 (United States)

ASN30286 (THM, US)
h.online-metrix.net
h64.online-metrix.net
1    192.225.158.3 (United States)

ASN30286 (THM, US)
w2txo5aausrwrjekkmheo6cee2lch5skq5gc6nsyb10fc1a0a2c42e6asac.d.aa.online-metrix.net
1    142.250.65.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net
www.googleadservices.com
2    54.216.49.186 (None, )

ASN- ()
k-aeu1.contentsquare.net
2    35.211.178.172 (None, )

ASN- ()
x.bidswitch.net
1    207.65.37.184 (None, )

ASN- ()
simage2.pubmatic.com
Apex Domain
Subdomains		 Transfer
27 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 963
256 KB
19 elfcosmetics.com
www.elfcosmetics.com — Cisco Umbrella Rank: 182297
sgtm.elfcosmetics.com — Cisco Umbrella Rank: 360708
327 KB
17 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
cm.g.doubleclick.net — Cisco Umbrella Rank: 363
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
ad.doubleclick.net — Cisco Umbrella Rank: 210
9231397.fls.doubleclick.net — Cisco Umbrella Rank: 526628
10742279.fls.doubleclick.net — Cisco Umbrella Rank: 580909
3 KB
15 signifyd.com
cdn-scripts.signifyd.com — Cisco Umbrella Rank: 10828
imgs.signifyd.com — Cisco Umbrella Rank: 8265
74 KB
14 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 3941
api.bounceexchange.com — Cisco Umbrella Rank: 4107
307 KB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 554
188 KB
11 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 11274
st.dynamicyield.com — Cisco Umbrella Rank: 10445
async-px.dynamicyield.com — Cisco Umbrella Rank: 10756
263 KB
10 amplience.net
cdn.media.amplience.net — Cisco Umbrella Rank: 17159
cdn.static.amplience.net — Cisco Umbrella Rank: 57868
6 MB
9 contentsquare.net
t.contentsquare.net — Cisco Umbrella Rank: 4388
c.contentsquare.net — Cisco Umbrella Rank: 5416
srm.ba.contentsquare.net — Cisco Umbrella Rank: 27196
k-aeu1.contentsquare.net
83 KB
8 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 1235
4 KB
7 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 3679
642 B
7 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3677
t.paypal.com — Cisco Umbrella Rank: 4582
127 KB
7 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 1486
match.adsrvr.org — Cisco Umbrella Rank: 505
5 KB
7 braze.com
sdk.iad-05.braze.com — Cisco Umbrella Rank: 3003
1 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
499 KB
5 youtube.com
www.youtube.com — Cisco Umbrella Rank: 84
14 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
4 KB
4 jebbit.com
js.jebbit.com — Cisco Umbrella Rank: 73557
external-api.jebbit.com Failed
60 KB
4 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 764
ib.adnxs.com — Cisco Umbrella Rank: 383
4 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 10
analytics.google.com — Cisco Umbrella Rank: 238
249 B
4 yottaa.net
cdn-fsly.yottaa.net — Cisco Umbrella Rank: 35589 Failed
qoe-1.yottaa.net — Cisco Umbrella Rank: 13943
1 MB
3 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 4355
h64.online-metrix.net — Cisco Umbrella Rank: 2866
w2txo5aausrwrjekkmheo6cee2lch5skq5gc6nsyb10fc1a0a2c42e6asac.d.aa.online-metrix.net
837 B
3 cdnwidget.com
pd.cdnwidget.com — Cisco Umbrella Rank: 5354
ids.cdnwidget.com — Cisco Umbrella Rank: 5623
idr.cdnwidget.com — Cisco Umbrella Rank: 10862
1 KB
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 6963
page.cdnbasket.net — Cisco Umbrella Rank: 6969
view.cdnbasket.net — Cisco Umbrella Rank: 6981
1014 B
3 bigcontent.io
elfcosmetics.a.bigcontent.io — Cisco Umbrella Rank: 309547
8 KB
3 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 3241
alb.reddit.com — Cisco Umbrella Rank: 1969
859 B
3 google.ca
www.google.ca — Cisco Umbrella Rank: 9677
190 B
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 534
15 KB
2 bidswitch.net
x.bidswitch.net
1 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 689
837 B
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 3281
16 KB
2 linksynergy.com
ut.rd.linksynergy.com — Cisco Umbrella Rank: 12290
tags.rd.linksynergy.com — Cisco Umbrella Rank: 8300
699 B
2 cquotient.com
api.cquotient.com — Cisco Umbrella Rank: 54198
515 B
2 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 4990
6 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1561
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
75 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 1417
25 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1102
1 KB
2 blisspointmedia.com
cdn.blisspointmedia.com — Cisco Umbrella Rank: 13225
1 KB
2 pointmediatracker.com
pixel.pointmediatracker.com — Cisco Umbrella Rank: 16688
899 B
2 cnnx.link
js.cnnx.link — Cisco Umbrella Rank: 13109
1 KB
2 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2512
257 B
2 adeptmind.ai
api.retail.adeptmind.ai
676 B
2 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 3381
12 KB
1 pubmatic.com
simage2.pubmatic.com
526 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 176
23 B
1 ordergroove.com
static.ordergroove.com — Cisco Umbrella Rank: 42859
51 KB
1 rakuten.com
tag.rmp.rakuten.com — Cisco Umbrella Rank: 9936
15 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 555
2 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 1019
304 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
24 KB
1 cosmeticcriminal.ca
cosmeticcriminal.ca
2 KB
234 52
Domain Requested by
27 analytics.tiktok.com www.elfcosmetics.com
analytics.tiktok.com
14 www.elfcosmetics.com 1 redirects www.elfcosmetics.com
cdn-fsly.yottaa.net
t.contentsquare.net
13 imgs.signifyd.com www.elfcosmetics.com
imgs.signifyd.com
13 assets.bounceexchange.com www.elfcosmetics.com
12 cdn.cookielaw.org cdn-fsly.yottaa.net
cdn.cookielaw.org
www.elfcosmetics.com
8 ct.pinterest.com t.contentsquare.net
www.elfcosmetics.com
8 cdn.media.amplience.net 2 redirects www.elfcosmetics.com
7 events.bouncex.net
7 async-px.dynamicyield.com cdn.dynamicyield.com
7 sdk.iad-05.braze.com cdn-fsly.yottaa.net
5 c.contentsquare.net t.contentsquare.net
5 sgtm.elfcosmetics.com www.googletagmanager.com
t.contentsquare.net
5 www.paypal.com www.elfcosmetics.com
www.paypal.com
5 match.adsrvr.org 4 redirects
5 www.googletagmanager.com www.elfcosmetics.com
5 www.youtube.com www.elfcosmetics.com
4 www.facebook.com
4 10742279.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 9231397.fls.doubleclick.net 2 redirects www.elfcosmetics.com
4 ad.doubleclick.net
4 js.jebbit.com www.elfcosmetics.com
3 elfcosmetics.a.bigcontent.io
3 www.google.ca
3 bat.bing.com www.elfcosmetics.com
3 secure.adnxs.com 1 redirects
3 cdn.dynamicyield.com www.elfcosmetics.com
3 cdn-fsly.yottaa.net www.elfcosmetics.com
2 x.bidswitch.net 2 redirects
2 k-aeu1.contentsquare.net t.contentsquare.net
2 cdn-scripts.signifyd.com www.elfcosmetics.com
2 idsync.rlcdn.com 2 redirects
2 www.paypalobjects.com www.elfcosmetics.com
2 t.paypal.com
2 alb.reddit.com
2 api.cquotient.com cdn-fsly.yottaa.net
2 stats.g.doubleclick.net www.googletagmanager.com
2 analytics.google.com www.googletagmanager.com
2 tag.wknd.ai www.elfcosmetics.com
2 www.redditstatic.com www.elfcosmetics.com
www.redditstatic.com
2 connect.facebook.net www.elfcosmetics.com
2 s.pinimg.com www.elfcosmetics.com
2 dsum-sec.casalemedia.com 1 redirects
2 insight.adsrvr.org 2 redirects
2 cdn.blisspointmedia.com
2 pixel.pointmediatracker.com 2 redirects
2 js.cnnx.link www.googletagmanager.com
2 googleads.g.doubleclick.net 1 redirects www.elfcosmetics.com
2 www.google.com 2 redirects
2 api.ipify.org cdn-fsly.yottaa.net
2 api.retail.adeptmind.ai cdn-fsly.yottaa.net
2 cdn.static.amplience.net www.elfcosmetics.com
2 player.vimeo.com www.elfcosmetics.com
1 simage2.pubmatic.com 1 redirects
1 www.googleadservices.com 1 redirects
1 w2txo5aausrwrjekkmheo6cee2lch5skq5gc6nsyb10fc1a0a2c42e6asac.d.aa.online-metrix.net
1 h64.online-metrix.net imgs.signifyd.com
1 h.online-metrix.net imgs.signifyd.com
1 idr.cdnwidget.com
1 tags.rd.linksynergy.com
1 ids.cdnwidget.com t.contentsquare.net
1 api.bounceexchange.com www.elfcosmetics.com
1 srm.ba.contentsquare.net t.contentsquare.net
1 pd.cdnwidget.com t.contentsquare.net
1 view.cdnbasket.net t.contentsquare.net
1 page.cdnbasket.net t.contentsquare.net
1 data.cdnbasket.net t.contentsquare.net
1 ut.rd.linksynergy.com www.elfcosmetics.com
1 pixel-config.reddit.com www.redditstatic.com
1 t.contentsquare.net www.elfcosmetics.com
1 static.ordergroove.com www.elfcosmetics.com
1 tag.rmp.rakuten.com www.elfcosmetics.com
1 qoe-1.yottaa.net www.elfcosmetics.com
1 pixel.rubiconproject.com 1 redirects
1 ib.adnxs.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 st.dynamicyield.com www.elfcosmetics.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 code.jquery.com www.elfcosmetics.com
1 cosmeticcriminal.ca 1 redirects
0 external-api.jebbit.com Failed js.jebbit.com
234 80
Subject Issuer Validity Valid
*.elfcosmetics.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-25 -
2024-10-25		 a year crt.sh
player.vimeo.com
WE1		 2024-07-25 -
2024-10-23		 3 months crt.sh
dm.amplience.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-05 -
2025-08-14		 a year crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
*.yottaa.net
GlobalSign RSA OV SSL CA 2018		 2023-09-13 -
2024-10-14		 a year crt.sh
api.retail.adeptmind.ai
R11		 2024-07-29 -
2024-10-27		 3 months crt.sh
cookielaw.org
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
*.dynamicyield.com
Amazon RSA 2048 M03		 2024-08-18 -
2025-09-16		 a year crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
ipify.org
WE1		 2024-07-18 -
2024-10-16		 3 months crt.sh
sdk.iad-05.braze.com
WE1		 2024-08-15 -
2024-11-13		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
js.cnnx.link
Amazon RSA 2048 M02		 2024-06-09 -
2025-07-08		 a year crt.sh
tag.rmp.rakuten.com
WR3		 2024-07-28 -
2024-10-26		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-08 -
2025-02-08		 a year crt.sh
*.ordergroove.com
Go Daddy Secure Certificate Authority - G2		 2024-08-09 -
2025-08-20		 a year crt.sh
t.contentsquare.net
Amazon RSA 2048 M03		 2024-08-13 -
2025-09-10		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-05 -
2025-08-07		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-05-29 -
2024-08-27		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-23 -
2024-11-18		 6 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-19 -
2024-12-16		 6 months crt.sh
sgtm.elfcosmetics.com
WR3		 2024-07-09 -
2024-10-07		 3 months crt.sh
*.tiktok.com
RapidSSL TLS ECC CA G1		 2024-07-15 -
2025-07-15		 a year crt.sh
*.jebbit.com
Amazon RSA 2048 M02		 2024-04-23 -
2025-05-21		 a year crt.sh
tag.wknd.ai
R10		 2024-07-17 -
2024-10-15		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google.ca
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.cquotient.com
Amazon RSA 2048 M02		 2024-03-05 -
2025-04-02		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-05-30 -
2024-11-26		 6 months crt.sh
*.rd.linksynergy.com
ZeroSSL RSA Domain Secure Site CA		 2024-01-23 -
2025-01-22		 a year crt.sh
dep.bf.contentsquare.net
Amazon RSA 2048 M03		 2024-02-18 -
2025-03-19		 a year crt.sh
*.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2025-06-20		 a year crt.sh
*.bigcontent.io
GeoTrust TLS RSA CA G1		 2024-04-02 -
2025-05-03		 a year crt.sh
assets.bounceexchange.com
WR3		 2024-07-17 -
2024-10-15		 3 months crt.sh
data.cdnbasket.net
WR3		 2024-07-02 -
2024-09-30		 3 months crt.sh
page.cdnbasket.net
WR3		 2024-07-10 -
2024-10-08		 3 months crt.sh
view.cdnbasket.net
WR3		 2024-07-11 -
2024-10-09		 3 months crt.sh
pd.cdnwidget.com
R11		 2024-07-10 -
2024-10-08		 3 months crt.sh
srm.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-11-07 -
2024-12-06		 a year crt.sh
*.wunderkind.co
R10		 2024-08-02 -
2024-10-31		 3 months crt.sh
ids.cdnwidget.com
R11		 2024-07-10 -
2024-10-08		 3 months crt.sh
cdn-scripts.signifyd.com
Amazon RSA 2048 M02		 2024-06-02 -
2025-06-30		 a year crt.sh
imgs.signifyd.com
Go Daddy Secure Certificate Authority - G2		 2023-10-20 -
2024-11-20		 a year crt.sh
idr.cdnwidget.com
R11		 2024-07-10 -
2024-10-08		 3 months crt.sh
online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-03-20 -
2024-10-21		 7 months crt.sh
*.aa.online-metrix.net
Viking Cloud Organization Validation CA, Level 1		 2024-03-20 -
2024-10-21		 7 months crt.sh
dep-malka.ba.contentsquare.net
Amazon RSA 2048 M02		 2023-10-11 -
2024-11-08		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2024-02-14 -
2025-03-16		 a year crt.sh

This page contains 15 frames:

Primary Page: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Frame ID: 1E801F79993134A3E2EC6B83C5CD8902
Requests: 206 HTTP requests in this frame

Frame: https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Frame ID: 84E2D99F5C62FA265A64C6D37DFA012E
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Frame ID: AB66AB421AA2919B2D950B3002C3940B
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.9&integrationType=SDK
Frame ID: 301E9915BDB515E7E713834916EE762F
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=COOhg6Wag4gDFeUl0AQdTFo1wA;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1435387824;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: B82E7178FAA75F60AD41FDE8BDB9DB05
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CO27hKWag4gDFcEX0AQdpYAT5Q;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=620697308;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 27600D523D9008C4E880C9AB43FFB044
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 30D8D7DEF5E820996BDDE67ADE08F8A6
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 4E68BB887B5BD9FDFAC1DFCC0F529782
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: C773AB67A60F5404457BE2FA2EE09A61
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Frame ID: FA5B5DC41E27E54634AB3C80698EDB06
Requests: 12 HTTP requests in this frame

Frame: https://imgs.signifyd.com/jHZexkzPaVL81WRv?7f89b3f11676f836=YcFIkD1BE7uHIzQZ5UjhpB19dZAJd6s2L7gIjoANGdi8WgBfn5D9YNdQqbCGTu3prKvhxaHyew3t7pJ9b9wSO5gi3Ws-u9vuCD22xc4O04lxDUIyQrp02MGTTIa8Fje1MW2fnJgozQdyZSVvd-h0HVHZ4fJPWD5xnqAoCDYpK3SNHAYHDW1m2uPqBaXxll2MrsjZhAOOAv3H5XVTrZbc1GOCbf2OQw
Frame ID: DBBD48700DEBF056B7162C8DEB7CB7FB
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/IjfNQ09a93DHdLge?2490ee4ce660b9a3=OrFOT_i4OGIzGf_mPc_PXyLoleJtJpNs5z4mBLmltbB5jl5p3qpypG3urxY1TjSq7KVrn18qrQaDCXJvgEOXv_DjDaZVTVBkSQCY1KqyUm4-Yf6NhR_NMWGxnb5x9SvncMIS8-hako-4F6XBujyg3UKhdxAN9VWOt7h1LBZ2M41SotTtEM41UkBNpqHLIwYPeSQKK_9WCNXcG4Xe_J3z-XT6d-M0oZg
Frame ID: 23D3901C6AAA5C2E3BA6EC73E21EA976
Requests: 1 HTTP requests in this frame

Frame: https://imgs.signifyd.com/2nE9Ne4otrTkzgDz?871fde9e7a3dea73=cJAiNsUdmgg6egoTTuvZ9JtC13VbQWCKwRSu-xjSYnS6VxXxYYiSJBLEsaoWP1l5YmQwp1B7WdjOObExCn3u1EFePTSwJw0KgHR9BdaxAQF_R7sA5iTFFeSQ5mp38XzAGmDNn39_ozarjZMoM3E49YAh9TR0h9gmRtfhMuKdU1VMKoL1zFavvwJbrTzCeE2bq8kiChTB2_YEBBpamyaY_gk84F_fI4Q
Frame ID: 85374664069FC2340F819FEEF639B776
Requests: 1 HTTP requests in this frame

Frame: https://9231397.fls.doubleclick.net/activityi;dc_pre=CKrgpqiag4gDFaYT0AQdZ9UXsg;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=307212226;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 151908EC7B73B1DA9C0C8D8EB5331ED1
Requests: 1 HTTP requests in this frame

Frame: https://10742279.fls.doubleclick.net/activityi;dc_pre=CJWBp6iag4gDFdgC0AQdfr8BeQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=184909572;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Frame ID: 75B1BDC7F0FF4A8723CBE252CEAF170B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cosmetic Criminals | e.l.f. Cosmetics

Page URL History Show full URLs

  1. https://cosmeticcriminal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • tag\.rmp\.rakuten\.com
Overall confidence: 10%
Detected patterns
  • basket.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

234
Requests

94 %
HTTPS

27 %
IPv6

52
Domains

80
Subdomains

65
IPs

3
Countries

9913 kB
Transfer

19699 kB
Size

88
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticcriminal.ca/ HTTP 301
    https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Request Chain 12
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p HTTP 302
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Request Chain 28
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=2OhJMn_qv_cd5OOsHWegd6r-9qo3HYW8fUe_2hHLkPI HTTP 303
  • https://www.elfcosmetics.com/callback?usid=a625bb0d-2cfc-4595-9dd2-bf131524342c&code=Y30yJPGSfZwUNPVAbSNBD-2HPcDy00CEXxDmBFeC14M
Request Chain 34
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=479386843.1724144367&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48e0n81WL3STMXv896608294za200&auid=2037272841.1724144367 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=479386843.1724144367&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48e0n81WL3STMXv896608294za200&auid=2037272841.1724144367
Request Chain 48
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=f9fc2552-68d8-48ac-8079-f5985e31875b&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=undefined&gtmcb=1596116231 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 49
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Request Chain 50
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=YjQzMDkxOWQtYzcyMS00MjVlLTk0Y2YtOTUzMTA0MGQ2ZmMx&gdpr=0&gdpr_consent=&ttd_tdid=b430919d-c721-425e-94cf-9531040d6fc1 HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=b430919d-c721-425e-94cf-9531040d6fc1&google_gid=CAESELGE2ejGLFytFzmcrgcldHE&google_cver=1 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=b430919d-c721-425e-94cf-9531040d6fc1 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=5334358241829722528&ttd_tdid=b430919d-c721-425e-94cf-9531040d6fc1 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=b430919d-c721-425e-94cf-9531040d6fc1&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=b430919d-c721-425e-94cf-9531040d6fc1&expiration=1726736368&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=b430919d-c721-425e-94cf-9531040d6fc1&expiration=1726736368&gdpr=0&gdpr_consent=&C=1
Request Chain 114
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1435387824;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=COOhg6Wag4gDFeUl0AQdTFo1wA;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1435387824;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 115
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=620697308;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CO27hKWag4gDFcEX0AQdpYAT5Q;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=620697308;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 187
  • https://idsync.rlcdn.com/458359.gif?partner_uid=81cf70ed-6e8a-4669-855b-6b49b99c639e HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDgxY2Y3MGVkLTZlOGEtNDY2OS04NTViLTZiNDliOTljNjM5ZRAAGg0I8rWRtgYSBQjoBxAAQgBKAA HTTP 307
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=ae365c1dbc5bbb4c996fc94d85970f272ae96d2d95178da19557d463460492f56ac34734d8e453ee
Request Chain 209
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=55246363&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=2037272841.1724144367&bttype=purchase&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=743609444&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=2037272841.1724144367&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&eitems=ChAI8P2QtgYQ5_uMjfLJs_gJEh0AZfecL8KgnTUubLkiOX_rcy3E_hxvQGTlhmUSrA&pscrd=IhMIioSGp5qDiAMV2FhHAR0t2ggOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw HTTP 302
  • https://www.google.com/pagead/1p-conversion/698270988/?random=743609444&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=2037272841.1724144367&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIioSGp5qDiAMV2FhHAR0t2ggOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw&is_vtc=1&cid=CAQSKQDpaXnfNHIKC8VxlQi-VGrGd2gb9hgUSdUgVKvuj_ipbv0WvgF6WVof&eitems=ChAI8P2QtgYQ5_uMjfLJs_gJEh0AZfecL1cEDeFfVzXHqauqDK5TU-BRC9rj4TH6kg&random=1960521842 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=743609444&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=2037272841.1724144367&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIioSGp5qDiAMV2FhHAR0t2ggOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw&is_vtc=1&cid=CAQSKQDpaXnfNHIKC8VxlQi-VGrGd2gb9hgUSdUgVKvuj_ipbv0WvgF6WVof&eitems=ChAI8P2QtgYQ5_uMjfLJs_gJEh0AZfecL1cEDeFfVzXHqauqDK5TU-BRC9rj4TH6kg&random=1960521842&ipr=y
Request Chain 222
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=f9fc2552-68d8-48ac-8079-f5985e31875b&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=New&gtmcb=646504931 HTTP 302
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
Request Chain 227
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3 HTTP 302
  • https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=b430919d-c721-425e-94cf-9531040d6fc1&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch HTTP 302
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=93&user_group=1&user_id=b430919d-c721-425e-94cf-9531040d6fc1&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=b430919d-c721-425e-94cf-9531040d6fc1&r=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dpubmatic HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
Request Chain 232
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=307212226;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CKrgpqiag4gDFaYT0AQdZ9UXsg;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=307212226;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals
Request Chain 233
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=184909572;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals HTTP 302
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJWBp6iag4gDFdgC0AQdfr8BeQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=184909572;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals

234 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request elf-cosmetic-criminals
www.elfcosmetics.com/en_CA/
Redirect Chain
  • https://cosmeticcriminal.ca/
  • https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
1 MB
264 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4d80daad2ba0393c339632b5bb7de63b83477100f14aad12f577b487b9cf4221
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, must-revalidate, s-maxage=900
content-encoding
gzip
content-length
269238
content-type
text/html; charset=utf-8
date
Tue, 20 Aug 2024 08:59:23 GMT
etag
W/"101296-hsstZDvK1/YQogyMD3tfDieaFRU"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
via
1.1 bcbc5b46216015493e082cfbcf77ef10.cloudfront.net (CloudFront)
x-amz-apigw-id
czMkmEldCYcEC4A=
x-amz-cf-id
EIaQ34npGN65abp8zJ-VtssR94utrG4Pa2nF0iV-Dk0QT8UMzwQZaQ==
x-amz-cf-pop
SFO53-P2
x-amzn-remapped-connection
close
x-amzn-remapped-content-length
1053334
x-amzn-remapped-date
Tue, 20 Aug 2024 08:59:23 GMT
x-amzn-requestid
3975a6c7-a744-4da9-a325-f093d4e29c04
x-amzn-trace-id
Root=1-66c45ae9-47e13b985f2b70bb408b6333;Parent=2f81db4480503005;Sampled=0;lineage=2b75b0e9:0
x-cache
Miss from cloudfront
x-yottaa-metrics
2521cc02851e/[1968,1921,-] 25D1cc028547/[-,2017.811]
x-yottaa-optimizations
ob/1000000100001000 si/25D1cc028547-1724077673-6243326077 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-yottaa-os
200

Redirect headers

age
0
content-length
1197
content-type
text/html; charset=utf-8
date
Tue, 20 Aug 2024 08:59:21 GMT
location
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
vary
User-Agent
x-yottaa-fw
fb/100000 tid/658f1d39d931403bb4ae34ac rid/658f270fd931403bb4ae60d5 stid/5ad7b08e2bb0ac0c5ba3d38c
x-yottaa-metrics
32D1a5fec6e1/[-,0.397]
x-yottaa-optimizations
ob/0 si/32D1a5fec6e1-1724077672-9202802462 tts/1724144361575 ti/0 ai/658f1d39d931403bb4ae34ac
/
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/ 		0
0
985935623
player.vimeo.com/video/ Frame 84E2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/985935623?h=0fd60177fc&badge=0&autopause=0&player_id=0&app_id=58479
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.61 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm-gke.vhx.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://mimir.cloud.vimeo.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

CF-Cache-Status
DYNAMIC
CF-Ray
8b612fe58f0bac2d-YYZ
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 20 Aug 2024 08:59:24 GMT
Expires
Fri, 15 Dec 1985 19:30:00 GMT
Link
<https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin, <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin
Server
cloudflare
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 varnish
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm-gke.vhx.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://mimir.cloud.vimeo.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*
x-backend-server
player-backend-edge-entry
x-bapp-server
player-backend-7fd994f9f9-t4dwg
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-host
player-backend-7fd994f9f9-t4dwg
x-player-backend
g
x-served-by
cache-yyz4536-YYZ
x-timer
S1724144364.425294,VS0,VE302
x-xss-protection
1; mode=block
PWT_STORY_HEADER_DESKTOP_BG-min
cdn.media.amplience.net/i/elfcosmetics/ 		630 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_BG-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1f1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6600
x-amp-srv
CF
edge-cache-tag
w9DHDE47J,l4p5bDg2e,2orsu9Nt2,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
aCnAGg5mKk
alt-svc
h3=":443"; ma=86400
content-length
644728
x-xss-protection
1; mode=block
x-amp-source-height
1249
last-modified
Tue, 20 Aug 2024 07:09:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
3199
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
8b612fe67e66a2c4-YUL
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
PWT_STORY_HEADER_DESKTOP_CC-min
cdn.media.amplience.net/i/elfcosmetics/ 		205 KB
205 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_HEADER_DESKTOP_CC-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1f1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6600
x-amp-srv
CF
edge-cache-tag
-5msXeyiT,l4p5bDg2e,HwG53bbZp,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
9wBIOw987P
alt-svc
h3=":443"; ma=86400
content-length
209440
x-xss-protection
1; mode=block
x-amp-source-height
340
last-modified
Tue, 20 Aug 2024 07:09:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
800
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
8b612fe67e67a2c4-YUL
x-amp-published
Wed, 20 Dec 2023 20:47:39 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
cdn.media.amplience.net/i/elfcosmetics/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_SOCIALLISTENING_DESKTOP_5-blurred-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1f1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6595
x-amp-srv
CF
edge-cache-tag
uSQ4fd5W5,l4p5bDg2e,hUXp-ygcH,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
4aJ5Rsa7KK
alt-svc
h3=":443"; ma=86400
content-length
2085695
x-xss-protection
1; mode=block
x-amp-source-height
1484
last-modified
Tue, 20 Aug 2024 07:09:29 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
3080
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
8b612fe67e68a2c4-YUL
x-amp-published
Wed, 03 Jan 2024 21:02:28 GMT
PWT_STORY_DETECTIVES_DESKTOP_6-min
cdn.media.amplience.net/i/elfcosmetics/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_DETECTIVES_DESKTOP_6-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1f1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6600
x-amp-srv
CF
edge-cache-tag
I1ONKWRk2,l4p5bDg2e,q-jdDBY1E,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
YXeEkx6bmH
alt-svc
h3=":443"; ma=86400
content-length
338113
x-xss-protection
1; mode=block
x-amp-source-height
1062
last-modified
Tue, 20 Aug 2024 07:09:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
2806
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
8b612fe67e6aa2c4-YUL
x-amp-published
Wed, 27 Dec 2023 17:21:33 GMT
PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
cdn.media.amplience.net/i/elfcosmetics/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_ON_THE_CASE_DESKTOP_BTS-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1f1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6600
x-amp-srv
CF
edge-cache-tag
2sqD6qrVA,l4p5bDg2e,O8QiTHpoz,k4NPUWi7z
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
Ic9d5ZeNlI
alt-svc
h3=":443"; ma=86400
content-length
184181
x-xss-protection
1; mode=block
x-amp-source-height
1108
last-modified
Tue, 20 Aug 2024 07:09:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
x-amp-source-width
1952
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
8b612fe67e69a2c4-YUL
x-amp-published
Fri, 29 Dec 2023 07:51:47 GMT
PWT_STORY_CRIME_TAPE_DESKTOP_7-min
cdn.media.amplience.net/i/elfcosmetics/ 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.media.amplience.net/i/elfcosmetics/PWT_STORY_CRIME_TAPE_DESKTOP_7-min
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1f1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6600
x-amp-srv
CF
edge-cache-tag
b3Qpf3tPI,l4p5bDg2e,N2xhcEEJW,UyB2-aY-L
x-amp-cf-worker
true
edge-control
max-age=86400
x-req-id
Du3WyGsIql
alt-svc
h3=":443"; ma=86400
content-length
628288
x-xss-protection
1; mode=block
x-amp-source-height
525
last-modified
Tue, 20 Aug 2024 07:09:24 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
x-amp-source-width
3200
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
8b612fe67e6ba2c4-YUL
x-amp-published
Thu, 28 Dec 2023 16:15:28 GMT
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d

Request headers

Referer
Origin
https://www.elfcosmetics.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac

Request headers

Referer
Origin
https://www.elfcosmetics.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_CRIMESCENE_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700::6812:1888 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-amz-version-id
null
cf-cache-status
HIT
x-amz-request-id
WSS7M7RFGNMD3WZG
age
6600
Content-Range
bytes 0-1060947/1060948
Content-Length
1060948
x-amz-id-2
IBGu2ejc2TgD+xY9k5bFMP1wFY4DKhehBQFwpJzH2LOunTUmyLsfMIYRvYN55VmiEKCSFcHpgjk=
last-modified
Fri, 22 Dec 2023 15:50:27 GMT
server
cloudflare
etag
"dd3676819bd88a250c875a11e38c307d"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
8b612fe78ad3a2ba-YUL

Redirect headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6600
x-amp-srv
CF
edge-cache-tag
Cee65qnsn,l4p5bDg2e,bgWw7nQ29
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_crimescene_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/8dfa5d11-77b7-4333-9d42-c08b194a927c.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
8b612fe68e6ea2c4-YUL
c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/
Redirect Chain
  • https://cdn.media.amplience.net/v/elfcosmetics/PWT_STORY_COSMETIC_CRIMINALS_VID/mp4_720p
  • https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
2606:4700::6812:1888 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-amz-version-id
null
cf-cache-status
HIT
x-amz-request-id
WSS0Z13QYR6HSK6F
age
6600
Content-Range
bytes 0-1262366/1262367
Content-Length
1262367
x-amz-id-2
QOaCLeWsmI/Sq68kMe9jbv+sbvJ1IwiV+XF9One7VH4Es8tUlqa5DlgPcn5WaumWAeJt3oOWlVA=
last-modified
Fri, 22 Dec 2023 17:43:50 GMT
server
cloudflare
etag
"91a2cbc7ca143aac79d0312d84bb77fb"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
content-type
video/mp4
cf-ray
8b612fe78ad4a2ba-YUL

Redirect headers

date
Tue, 20 Aug 2024 08:59:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6600
x-amp-srv
CF
edge-cache-tag
Tz4691wJ9,l4p5bDg2e,fH6Lo3_5e
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/html; charset=UTF-8
location
https://cdn.static.amplience.net/elfcosmetics/_vid/pwt_story_cosmetic_criminals_vid/0171df9d-95f8-4fdc-8266-8ebb30d7ebca/video/c5334fb2-6c51-41eb-8d3b-28107083bcd2.mp4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
8b612fe68e71a2c4-YUL
rZPCKoUReO0
www.youtube.com/embed/ Frame AB66 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/rZPCKoUReO0?enablejsapi=1
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:24 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
jquery-3.7.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.1.slim.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2250999
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
24036
x-served-by
cache-lga21942-LGA, cache-yul1970043-YUL
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1724144365.555885,VS0,VE0
etag
W/"28feccc0-11278"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
774, 3327
player.js
player.vimeo.com/api/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5656b956526bf96de683aa746af22d8758085cdb423a957ee00d99e8ab3dab9c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-cache-hits
37
Date
Tue, 20 Aug 2024 08:59:24 GMT
content-security-policy
default-src 'none'; style-src 'unsafe-inline'
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
via
1.1 varnish
Age
179
x-cache
HIT
Connection
keep-alive
x-backend-server
player-backend-edge-entry
Content-Length
11428
x-served-by
cache-yyz4574-YYZ
x-player-backend
g
Server
cloudflare
x-timer
S1724144364.499226,VS0,VE0
vary
Accept-Encoding
Content-Type
application/javascript;charset=utf-8
access-control-allow-origin
*
Cache-Control
max-age=1800
x-bapp-server
accept-ranges
bytes
CF-RAY
8b612fe60918ac8e-YYZ
expires
Tue, 20 Aug 2024 05:26:25 GMT
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
db8ff54c7ede6c7506c62f5cbc74e12acad04d65d6a5f3dd9ca231d2bf4ca472
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script';report-uri /cspreport
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type
text/javascript; charset=utf-8
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 20 Aug 2024 08:59:24 GMT
vendor.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/ 		2 MB
627 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1c837b83e593f154428f1615709ad1146a51818f6973ad5ea0d24c2bb619670

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
via
1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
608172
x-yottaa-optimizations
ob/1001 si/3211a5fec6ec-1721912154-643682248 tts/1722866558018 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
829240
content-length
641170
x-amz-meta-bundle
11800
x-served-by
cache-yul1970050-YUL
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1724144365.542157,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3221a5fec612/[123,48,-] 3211a5fec6ec/[hit]
accept-ranges
bytes
x-amz-cf-id
KdGBrWF52RcXTyuTyZ66P7xwiJPzaHHk2aJbCfUuPr2VqNzvtvP4CA==
x-cache-hits
349
main.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/ 		2 MB
501 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/main.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4a2e8fd4b96e51ccf6f83def36ea3fa300ffe936f638750d97246bb86fed479e

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
via
1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
DFW57-P1
age
607769
x-yottaa-optimizations
ob/1100 si/3211a5fec6ea-1721912122-2154267774 tts/1722866558018 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
829240
content-length
512339
x-amz-meta-bundle
11800
x-served-by
cache-yul1970050-YUL
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1724144365.542102,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
3221a5fec61f/[26,-,1723536192606] 3211a5fec6ea/[-,281.321]
accept-ranges
bytes
x-amz-cf-id
Afp9rRqjB-LKGepDUfpjmyZINWNZbXAHTKUXYmeuz6w1YAd5VVs_9A==
x-cache-hits
348
pages-product-list-product-list-page.js
cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/pages-product-list-product-list-page.js?yocs=1u_1y_
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
573bf20738a24dff3470e7ee724e8c433f5b85460659c502de261ca9d24b3b4a

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:24 GMT
via
1.1 6893a7827ca9ecde25800b077828fa86.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
ATL58-P9
age
1087398
x-yottaa-optimizations
ob/1000 si/33118cae0c65-1722432663-474035640 tts/1722866558018 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront, HIT
x-amz-meta-deploy
829240
content-length
11987
x-amz-meta-bundle
11800
x-served-by
cache-yul1970050-YUL
x-yottaa-forcecache
true, true
server
AmazonS3
x-timer
S1724144365.542139,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf8
cache-control
public, max-age=31104000
x-yottaa-metrics
33218cae0c6d/[79,77,-] 33118cae0c65/[-,82.203]
accept-ranges
bytes
x-amz-cf-id
7sJvHblugKvgCY1PMFPrnlT0xHF-youvR10Nf8uh2jVsoP3ZjFyivw==
x-cache-hits
304
ga4
api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ga4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.194.25.57 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
57.25.194.35.bc.googleusercontent.com
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-methods
POST,HEAD,OPTIONS,GET,PATCH,PUT,DELETE
access-control-allow-origin
https://www.elfcosmetics.com
date
Tue, 20 Aug 2024 08:59:26 GMT
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy
strict-origin
server
envoy
strict-transport-security
max-age=15768000
x-content-type-options
nosniff
x-envoy-upstream-service-time
0
x-frame-options
DENY
x-xss-protection
1; mode=block
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Wbr2pAeg61Hfi+2FuD0cYA==
age
67171
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Thu, 15 Aug 2024 19:37:39 GMT
server
cloudflare
etag
0x8DCBD61B8ECC160
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
17daece3-d01e-0027-110c-f009c3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b612feedd94a2f4-YUL
api_dynamic.js
cdn.dynamicyield.com/api/8772046/ 		602 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_dynamic.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:4a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
52ffef4d9593f9e5e68f3acc9c17feee7b65020be17bee6a8744351557572023

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:02 GMT
content-encoding
gzip
via
1.1 326fd0f07e6ce3b75fa751c6965f21c8.cloudfront.net (CloudFront)
last-modified
Mon, 19 Aug 2024 17:43:00 GMT
server
DYCDN
age
24
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
etag
W/"0953bf66dc4f2b92ed0e4ab92839b3c2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
OZEj5zsdS3gzlRQUeXbZXkgS6pvYkXJ67jW3ZVu8UusTyMBoT1n5wA==
api_static.js
cdn.dynamicyield.com/api/8772046/ 		391 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8772046/api_static.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:4a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
13806a61e5f705f2c187f8c57d13b7f32fcc96b727bdeea9db57f8dc737d8a2b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:47:57 GMT
content-encoding
gzip
via
1.1 326fd0f07e6ce3b75fa751c6965f21c8.cloudfront.net (CloudFront)
last-modified
Mon, 19 Aug 2024 17:43:01 GMT
server
DYCDN
age
4289
x-amz-cf-pop
EWR53-C2
x-amz-server-side-encryption
AES256
etag
W/"781a16c450d777f50dc36f979902a380"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=28800
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
NCw-mubbISYuCD8agJot8-vknWg2PVbtXlkS-aR22O9abCh81rHp0g==
gtm.js
www.googletagmanager.com/ 		522 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bd2dcea2baa82d4fa08c7319a7f6ddd727a5117df85d932fc897bc16bb4e98c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
139242
x-xss-protection
0
last-modified
Tue, 20 Aug 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 20 Aug 2024 08:59:26 GMT
ga4
api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ 		105 B
676 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.retail.adeptmind.ai/sp/v1/tenants/elf/event/ga4
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.194.25.57 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
57.25.194.35.bc.googleusercontent.com
Software
envoy /
Resource Hash
0b80aa2b4f9034718b7060a0d2010b05805a54d230c15ae272e77dc62d1cc478
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 20 Aug 2024 08:59:26 GMT
strict-transport-security
max-age=15768000
referrer-policy
strict-origin
x-content-type-options
nosniff
server
envoy
x-frame-options
DENY
access-control-allow-methods
POST,HEAD,OPTIONS,GET,PATCH,PUT,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
x-envoy-upstream-service-time
18
access-control-allow-headers
*
content-length
105
x-xss-protection
1; mode=block
/
api.ipify.org/ 		24 B
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:25 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
8b612fef19aeac75-YYZ
content-length
24
/
api.ipify.org/ 		24 B
100 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
8b612fef69c4ac75-YYZ
content-length
24
callback
www.elfcosmetics.com/
Redirect Chain
  • https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=...
  • https://www.elfcosmetics.com/callback?usid=a625bb0d-2cfc-4595-9dd2-bf131524342c&code=Y30yJPGSfZwUNPVAbSNBD-2HPcDy00CEXxDmBFeC14M
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/callback?usid=a625bb0d-2cfc-4595-9dd2-bf131524342c&code=Y30yJPGSfZwUNPVAbSNBD-2HPcDy00CEXxDmBFeC14M
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 dc3111e5eff45efb8b1b12b8ca8ea854.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
0
x-amz-cf-pop
SFO53-P2
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
21f80ba0-8340-4d66-afef-bd32466a0343
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326094 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
czMlZEgLCYcESSQ=
content-length
0
alt-svc
h3=":443"; ma=86400
x-yottaa-forcecache
true
x-amzn-trace-id
Root=1-66c45aef-4044bf372e15a6a20afe0ed1;Parent=555b8192513274ae;Sampled=0;lineage=2b75b0e9:0
content-type
application/json
cache-control
public, max-age=604800
x-yottaa-os
200
x-yottaa-metrics
2521cc028a8f/[257,255,-] 25D1cc028547/[-,258.523]
x-amzn-remapped-date
Tue, 20 Aug 2024 08:59:27 GMT
x-amz-cf-id
JIjWY6tsT0OEjspM2huWYztJLLYfVSE591pc4WcW7w5DHetyyUTzJg==

Redirect headers

date
Tue, 20 Aug 2024 08:59:26 GMT
x-correlation-id
8b612ff3db86efbe
via
1.1 922f380ce54182257be92d6c0111acb4.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
SFO53-P2
age
0
x-yottaa-optimizations
ob/0 si/25D1cc028547-1724077673-6243326092 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
0
pragma
no-cache
x-ratelimit-1m-remaining
23582, 1983436
x-ratelimit-1m-reset
33238, 33237
x-ratelimit-1m-limit
24000, 2000000
vary
Accept-Encoding
location
https://www.elfcosmetics.com/callback?usid=a625bb0d-2cfc-4595-9dd2-bf131524342c&code=Y30yJPGSfZwUNPVAbSNBD-2HPcDy00CEXxDmBFeC14M
cache-control
no-store
x-yottaa-os
303
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/authorize?redirect_uri=https%3A%2F%2Fwww.elfcosmetics.com%2Fcallback&response_type=code&client_id=f9f7052a-f742-4c38-bdf5-1da004e7fb3b&hint=guest&channel_id=elf-us&code_challenge=2OhJMn_qv_cd5OOsHWegd6r-9qo3HYW8fUe_2hHLkPI
x-yottaa-metrics
2521cc028a84/[170,169,-] 25D1cc028547/[-,170.958]
cf-ray
8b612ff3db86efbe-PDX
x-amz-cf-id
iVIGCVCs4OF0DoU-KVCdSaFTCISjXPeFb7QrxnzDfLgiQmnAZw88Gg==
/
sdk.iad-05.braze.com/api/v3/data/ 		611 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:65a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e479ef02ef57f29c4749eed4b55cb041db228a2da706dd6539427f5bf52e3ee6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-TriggersRequest
true
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
7200000
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-Req-Attempt
1

Response headers

date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
d480f8bd-fc70-4c80-adc2-f4f86c8199e9
x-runtime
0.160549
server
cloudflare
etag
W/"e479ef02ef57f29c4749eed4b55cb041"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1724144367
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8b612ff14f83a28c-YUL
x-ratelimit-remaining
498.0
/
sdk.iad-05.braze.com/api/v3/data/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/data/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:65a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-triggersrequest,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8b612ff0ff6ea28c-YUL
content-encoding
gzip
date
Tue, 20 Aug 2024 08:59:26 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
63347
content-md5
aY7kJA0jlzEL9QWHODNZDw==
content-length
1832
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 20:25:14 GMT
server
cloudflare
etag
0x8DCA5D566A7B63C
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1f48b12c-701e-004c-14be-d75495000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b612ff1887f33f5-YUL
expires
Wed, 21 Aug 2024 08:59:26 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
304 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8b612ff23b17a30e-YUL
access-control-allow-headers
Content-Type
st
st.dynamicyield.com/ 		154 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8772046&inHead=true&id=0&jsession=73xfattesjm32u0lxk150gl4i0jrklsm&ref=&scriptVersion=2.40.0&isSesNew=true&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%2C%22lng%22%3A%22en-CA%22%2C%22data%22%3A%5B%5D%7D
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:6400:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a5b51185a0668e9d1972e60cc8b1a6170fd4a569da0f77af1f4d016608da31d8

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
via
1.1 a5f1848a5a38100d334f5844f0df9eac.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
ins7LS65wqFauzIbaCapTblnEXge05lmnVSV5rWgoyIQSCSCo8zJ1w==
expires
Tue, 20 Aug 2024 08:59:25 GMT
landing
googleads.g.doubleclick.net/pagead/
Redirect Chain
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=479386843.1724144367&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48e0n8...
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=479386843.1724144367&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&g...
42 B
65 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=479386843.1724144367&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48e0n81WL3STMXv896608294za200&auid=2037272841.1724144367
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Server
142.250.81.226 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s74-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:26 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=0&rnd=479386843.1724144367&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dma=0&npa=0&gtm=45He48e0n81WL3STMXv896608294za200&auid=2037272841.1724144367
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202406.1.0/ 		451 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
7I5y/rp4ODu7ul89ty+epQ==
age
60712
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
112027
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:20:01 GMT
server
cloudflare
etag
0x8DCA5E56F667161
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
c05e064f-501e-009c-79cf-d7e837000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b612ff47f93a2f4-YUL
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
222 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:65a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a1f3864082f5a29935613b4ee4eb37b10a6e2dd3adddf5a75b5fc8703ce2b68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Req-Tokens-Remaining
29
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
7200000
BRAZE-SYNC-RETRY-COUNT
0
X-Requested-With
XMLHttpRequest
Referer
https://www.elfcosmetics.com/
X-Braze-Req-Attempt
1
X-Braze-ContentCardsRequest
true

Response headers

date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
18d1074b-0c0d-4aa3-b8b9-dcc83a40591e
x-runtime
0.077163
server
cloudflare
etag
W/"1a1f3864082f5a29935613b4ee4eb37b"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1724144367
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8b612ff4d8c0a28c-YUL
x-ratelimit-remaining
497.0
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ 		20 B
180 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:65a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Req-Tokens-Remaining
28
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
7200000
Referer
https://www.elfcosmetics.com/
X-Requested-With
XMLHttpRequest
X-Braze-FeatureFlagsRequest
true
X-Braze-Req-Attempt
1

Response headers

date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
c0690aed-67c3-4f1f-b846-f8028324f3c6
x-runtime
0.056523
server
cloudflare
etag
W/"e92f434a50c76d6e52d0d3cc91cdf185"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1724144367
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8b612ff4d8bca28c-YUL
x-ratelimit-remaining
497.0
sync
sdk.iad-05.braze.com/api/v3/content_cards/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:65a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
braze-sync-retry-count,content-type,x-braze-api-key,x-braze-contentcardsrequest,x-braze-datarequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8b612ff478a8a28c-YUL
content-encoding
gzip
date
Tue, 20 Aug 2024 08:59:26 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
sync
sdk.iad-05.braze.com/api/v3/feature_flags/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/feature_flags/sync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:65a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-braze-api-key,x-braze-datarequest,x-braze-featureflagsrequest,x-braze-last-req-ms-ago,x-braze-req-attempt,x-braze-req-tokens-remaining,x-requested-with
access-control-allow-methods
POST, GET
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
cf-cache-status
DYNAMIC
cf-ray
8b612ff488aba28c-YUL
content-encoding
gzip
date
Tue, 20 Aug 2024 08:59:26 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
en.json
cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/ 		227 KB
39 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6ee1574c-d59b-4e80-9930-2e1c3c7db4ff/01909eed-3bdc-7682-b7c3-733dc31fe301/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
56834
content-md5
8kCXQkwViL618LYUH092ww==
content-length
39839
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 20:25:21 GMT
server
cloudflare
etag
0x8DCA5D56AD873B6
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
5813acbe-201e-00ba-6ebe-d77383000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b612ff4f95b33f5-YUL
expires
Wed, 21 Aug 2024 08:59:26 GMT
dy-coll-min.js
cdn.dynamicyield.com/scripts/2.40.0/ 		196 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:4a00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
851023e8e196d0e90861b94b5fe9bf3d9c4fb03062e3b4cb23e5b3d486a0bbae

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 19 Aug 2024 07:49:58 GMT
content-encoding
gzip
via
1.1 326fd0f07e6ce3b75fa751c6965f21c8.cloudfront.net (CloudFront)
last-modified
Mon, 05 Aug 2024 12:53:39 GMT
server
DYCDN
age
90569
x-amz-cf-pop
EWR53-C2
etag
W/"ee44de75017c16457be88357c51e4aea"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
VH69AKda95DqEbOyjqZl7R3TyTV6XUb2fHBHRMGAudvLwIczUPAIyg==
otFlat.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sHJXWIgDpMKY35PyRRy4zQ==
age
63347
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3003
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:19:54 GMT
server
cloudflare
etag
0x8DCA5E56B3084E2
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
efcd7bdf-201e-0054-7b77-d87900000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b612ff5597b33f5-YUL
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
LtDYZmcfPNW39lMw/Yu0RQ==
age
71986
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12723
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
server
cloudflare
etag
0x8DCA5E56C7CC8BB
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
125efa87-d01e-00e0-3577-d87502000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b612ff5597c33f5-YUL
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
QnaHNt7KvNcyo6Q1ZDZObg==
age
53344
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1738
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
server
cloudflare
etag
0x8DCA5E56C38B888
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
441122d6-a01e-00e4-20fb-d78080000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b612ff5597e33f5-YUL
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
HyPJ72TNHxdfOI82cqKVqA==
age
63616
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:20:07 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
c2721718-001e-00c0-0f77-d819ce000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b612ff5597f33f5-YUL
uia
async-px.dynamicyield.com/ 		0
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1724144367115
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-118.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 3235d194bb862aa113227c9680bce62c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
lDoiTBvM_ZYDFiEWB4rYhfw9J5ddYVV_5AS2CrD49Y7ekJk6LmEvTw==
expires
0
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:e00:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:58:08 GMT
via
1.1 google, 1.1 f72e244fb4f0eab694c4c73be7c5f44e.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
JFK50-P1
age
78
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
JpRhbTtba8lLhaDaFhK8pfpMakUBbxedvLl_SPmoJDcAj9acqsle6w==
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=f9fc2552-68d8-48ac-8079-f5985e31875b&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=un...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
18.238.80.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-36.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
date
Tue, 20 Aug 2024 06:05:48 GMT
via
1.1 b4aed0fc17149bbf4e91539a66d546a0.cloudfront.net (CloudFront)
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P5
age
10420
etag
"18b3e43abad26bdac6f4cea944777b62"
x-cache
Hit from cloudfront
content-type
image/gif
accept-ranges
bytes
content-length
807
x-amz-cf-id
Omfqwy8MzE59ZEWrRKQ8KWBsmVQD2SnXXUZ-V5OeB1UjrWWpZ_bJqg==

Redirect headers

date
Tue, 20 Aug 2024 08:59:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-requestid
883bc9a6-d1b0-430d-a7c1-ae3a86135a78
x-amzn-trace-id
Root=1-66c45aef-14d33bcf066cff4939197231;Parent=54db546d0535eb4f;Sampled=0;lineage=07bbc27a:0
content-type
application/json
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
access-control-allow-origin
*
x-amz-apigw-id
czMlbFv5IAMENhQ=
content-length
2
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
  • https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
Protocol
H2
Server
68.67.160.137 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
an-x-request-uuid
db23ca8f-4f85-424d-9ea3-bce61fe04c94
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
167.114.209.103; 167.114.209.103; 639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
an-x-request-uuid
eb580920-85cc-475f-96c1-d9b0ad34fb30
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D160890%26%2520seg%3D6104893%26t%3D2
cache-control
no-store, no-cache, private
x-proxy-origin
167.114.209.103; 167.114.209.103; 639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=YjQzMDkxOWQtYzcyMS00MjVlLTk0Y2YtOTUzMTA0MGQ2ZmMx&gdpr=0&gdpr_consent=&ttd_tdid=b430919d-c721-425e-94cf-95310...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=b430919d-c721-425e-94cf-9531040d6fc1&google_gid=CAESELGE2ejGLFytFzmcrgcldHE&google_cver=1
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=b430919d-c721-425e-94cf-9531040d6fc1
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=5334358241829722528&ttd_tdid=b430919d-c721-425e-94cf-9531040d6fc1
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=b430919d-c721-425e-94cf-9531040d6fc1&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=b430919d-c721-425e-94cf-9531040d6fc1&expiration=1726736368&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=b430919d-c721-425e-94cf-9531040d6fc1&expiration=1726736368&gdpr=0&gdpr_consent=&C=1
43 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=b430919d-c721-425e-94cf-9531040d6fc1&expiration=1726736368&gdpr=0&gdpr_consent=&C=1
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2F9VAkn%2FHrrj5iw998DeKihdY69kVyaOBmHv1%2BvCcipBQPW2pe18LZOdPjirNiaa16PjBjPD483gG0QbwiIZh9nAJ91qO19yJUygGFPjtPluDfaUcyEP2NTvsgUAxEci%2Bz5SCjVbKhsYhg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8b612ffe8d033a02-YYZ
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:28 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IpUQd8QofMW4FUO7kiOQ%2FnikuR28iRRVVxeKuC6gIA4XzBERCO9PmB5XdzExAGQEDhTtvurZqAr%2FLGu4oFfaeJ3ziO303JZ9axXttOiSLNZRHGkRygrqOHN8DKCut%2BQe4pjiEsuMx7EG5w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=39&external_user_id=b430919d-c721-425e-94cf-9531040d6fc1&expiration=1726736368&gdpr=0&gdpr_consent=&C=1
cache-control
no-cache
cf-ray
8b612ffdecd33a02-YYZ
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
favicon.ico
www.elfcosmetics.com/ 		34 KB
34 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 bcbc5b46216015493e082cfbcf77ef10.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
34494
x-amz-cf-pop
SFO53-P2
age
6, 6
x-amzn-remapped-connection
close
x-amzn-requestid
19932079-ec20-4dfd-a0f4-01dbeb874c35
x-yottaa-optimizations
ob/100 si/25D1cc028547-1724077673-6243326097 tts/1724126769333 ti/5a0c9b7632f01c35d421021b ai/5a0c9b7632f01c35d42101b2 tm/0
x-cache
Hit from cloudfront
x-amz-apigw-id
copP8H_QiYcEJqA=
content-length
34494
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 15 Aug 2024 17:00:26 GMT
x-amzn-trace-id
Root=1-66c02265-1f10a4eb783f22f632dde40c;Parent=01d7a36f8507b6ce;Sampled=0;lineage=2b75b0e9:0
etag
W/"86be-19156fbc410"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
max-age=600, s-maxage=600
x-yottaa-metrics
2521cc028a86/[3,-,1724144210842] 25D1cc028547/[-,4.185]
accept-ranges
bytes
x-amzn-remapped-date
Sat, 17 Aug 2024 04:09:09 GMT
x-amz-cf-id
JlMndS0o7EzTwvujGMVTCfWDDWlN2E4pjTs2k1AujpzwUM_NVRE_fQ==
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=713567&uid=3895613919917791982&sec=8772046&t=ri&e=1261284&p=1&ve=11209913&va=%5B27119924%5D&ses=0985d786b9aa9b0eb3e01b427087503c&expSes=98359&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=-7762299917499925637&cgtgDecisionId=-7762299919837844944&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1724144367221&rri=8249526
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-118.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 3235d194bb862aa113227c9680bce62c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
AIOmgqy6NIOHVOv4vUNjYnAGMOtt1Jappr___lb3sGP5nIX2SQWA_g==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=725351&uid=3895613919917791982&sec=8772046&t=ri&e=1574966&p=1&ve=12698518&va=%5B28347247%5D&ses=0985d786b9aa9b0eb3e01b427087503c&expSes=98359&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=-7762299919606581950&cgtgDecisionId=-7762299917827658281&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1724144367222&rri=3156058
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-118.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 3235d194bb862aa113227c9680bce62c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
stafhtDGqsgqJk3srmkIXqTP8TbSVCgW0--l3GV_zfUdWFzg2LDolA==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=801155&uid=3895613919917791982&sec=8772046&t=ri&e=1609852&p=1&ve=12669413&va=%5B28321879%5D&ses=0985d786b9aa9b0eb3e01b427087503c&expSes=98359&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=-7762299920209597474&cgtgDecisionId=-7762299918124220541&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1724144367223&rri=1959287
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-118.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 3235d194bb862aa113227c9680bce62c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
I7mGvX4fNSasYb-22_dzhm8RkqrIw3ysZemEDR4xbDo5Spkv82prXg==
expires
0
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
39324
x-ms-lease-status
unlocked
last-modified
Mon, 19 Aug 2024 02:24:21 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
dc54daa1-101e-0075-6d3c-f21431000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b612ff74855a2f4-YUL
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
539 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
39238
x-ms-lease-status
unlocked
last-modified
Mon, 19 Aug 2024 02:24:21 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
ba283f0a-e01e-00ca-5640-f20047000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b612ff759f433f5-YUL
ot_company_logo.png
cdn.cookielaw.org/logos/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_company_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
E8+sk/ECzKgTUVtDLikiIA==
age
53812
content-length
4036
x-ms-lease-status
unlocked
last-modified
Thu, 15 Aug 2024 19:37:41 GMT
server
cloudflare
etag
0x8DCBD61BA24A732
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
a40d4df0-d01e-0063-4112-f0d5af000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b612ff77863a2f4-YUL
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Aug 2024 08:59:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
39325
x-ms-lease-status
unlocked
last-modified
Mon, 19 Aug 2024 18:44:04 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
41ec14f0-601e-0094-376b-f2f344000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b612ff77865a2f4-YUL
batch
async-px.dynamicyield.com/ 		0
385 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1724144367270_118005
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-118.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 4b70da48eda82f2df6875ba8bf8f89ba.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
VhVJVmV3wE-vgUmboOwtiy6VgXVqD9-ZQ9Dc9IYoKk7TFayH6r85Vw==
expires
0
token
www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
90f35ed0e86613579f9a816be550097ed8e06eac0c6564cde41584a1adbc15ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Authorization
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
gzip
x-correlation-id
8b612ff80fe9efa0
cf-cache-status
DYNAMIC
via
1.1 7c6913fc3bfae6245d89d874d910fab4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
SFO53-P2
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326098 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
x-ratelimit-1m-remaining
23567, 1982996
x-ratelimit-1m-reset
32570, 32569
vary
Accept-Encoding, User-Agent
x-ratelimit-1m-limit
24000, 2000000
content-type
application/json
cache-control
no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/shopper/auth/v1/organizations/f_ecom_bbxc_prd/oauth2/token
x-yottaa-metrics
2521cc028a87/[195,194,-] 25D1cc028547/[-,196.300]
cf-ray
8b612ff80fe9efa0-PDX
x-amz-cf-id
mBfdBibqxuu1-cKjfdnAev60TIxZTuGzSjB9xjry_WpWDDp5r2cdvg==
event
qoe-1.yottaa.net/log-nt/ 		3 B
191 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://qoe-1.yottaa.net/log-nt/event
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
204.2.50.211 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 20 Aug 2024 08:59:27 GMT
access-control-expose-headers
X-Results-Data-Source
access-control-allow-credentials
true
cache-control
no-cache
timing-allow-origin
*
content-type
text/json
www-widgetapi.js
www.youtube.com/s/player/43bc9526/www-widgetapi.vflset/ 		31 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/43bc9526/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d2ba0e8a74340c429355e9260d453136d7b097666415b43f7ffbdce7af607542
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:41:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
4699
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10546
x-xss-protection
0
last-modified
Thu, 15 Aug 2024 04:16:39 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 20 Aug 2025 07:41:08 GMT
110221.ct.js
tag.rmp.rakuten.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.rmp.rakuten.com/110221.ct.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
248.147.102.34.bc.googleusercontent.com
Software
/
Resource Hash
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000
last-modified
Tue, 20 Aug 2024 08:59:27 GMT
x-cache
hit
x-samesite
secure
content-type
text/javascript
cache-control
max-age=86400
x-dyn
0
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=397197&uid=3895613919917791982&sec=8772046&t=ri&e=1575901&p=1&ve=12991774&va=%5B28207095%5D&ses=0985d786b9aa9b0eb3e01b427087503c&expSes=98359&aud=884367.884385.884387.1167402.1324059.1846919.2356145.998337.1092373.1274296.1426804.1443347.1182144.799438.799440&expVisitId=-7762299919527733072&cgtgDecisionId=-7762299918407466610&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1724144367341&rri=971211
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-118.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 3235d194bb862aa113227c9680bce62c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
w_1MWTPVw8PlVscCvZJOQ7uPuZPivaoBDnsURhvk8gnwgtv2KP-R0A==
expires
0
js
www.paypal.com/sdk/ 		425 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d00824a6a642b46dd65c9490a084668672bfeba9d7fec0a419bb9cf7d033bbf4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-xYCKAKAM10OGaYUa8UAD++tuXVUH5OqXq2pd6q1emEcvx3Dt' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-xYCKAKAM10OGaYUa8UAD++tuXVUH5OqXq2pd6q1emEcvx3Dt' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-xYCKAKAM10OGaYUa8UAD++tuXVUH5OqXq2pd6q1emEcvx3Dt' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-xYCKAKAM10OGaYUa8UAD++tuXVUH5OqXq2pd6q1emEcvx3Dt' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
disable-set-cookie
true
via
1.1 varnish, 1.1 varnish, 1.1 varnish
date
Tue, 20 Aug 2024 08:59:27 GMT
age
5335
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT, HIT, MISS
p3p
true
paypal-debug-id
f4957145db0bf
server-timing
"traceparent;desc="00-0000000000000000000f4957145db0bf-ece0d68757e0c975-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
120858
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200163-BUR, cache-yul1970023-YUL, cache-yul1970023-YUL
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f4957145db0bf-ead378e9585f8e12-01
fastly-mss
ngwaf-backend
x-timer
S1724144368.550198,VS0,VE4
etag
W/"1d81a-wCb6HMk9GU1HKa96/oLheXnFf9A"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600, s-maxage=10800
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
3, 0, 0
main.js
static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/ 		146 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ordergroove.com/1e72a9589c4f11e9a62ebc764e10b970/main.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.204.17.176 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-204-17-176.deploy.static.akamaitechnologies.com
Software
nginx / Express
Resource Hash
61fe827d03e287508447d5af2ecc3ff50310fb04ed5b5094bb38ab72f0b2f6e8
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15768000
Content-Encoding
gzip
Date
Tue, 20 Aug 2024 08:59:27 GMT
Server
nginx
X-Powered-By
Express
ETag
W/"9b6af415a5433cd8ec035770221b9324f18f96a3"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
must-revalidate, max-age=900
Connection
keep-alive
Content-Length
51678
Expires
Tue, 20 Aug 2024 09:14:27 GMT
js
www.googletagmanager.com/gtag/ 		299 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8be20a07c3f6af10bbd6fc4eb117942725575434277144b8d5a6c1bc3cff91ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
102612
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 20 Aug 2024 08:59:27 GMT
js
www.googletagmanager.com/gtag/ 		320 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b4ddcf59b2c38fc0684908a6ca59359d7864dc9bc7279fc779f810a3a886bba7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
107909
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 20 Aug 2024 08:59:27 GMT
iframe_api
www.youtube.com/ 		993 B
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.165.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s70-in-f14.1e100.net
Software
ESF /
Resource Hash
db8ff54c7ede6c7506c62f5cbc74e12acad04d65d6a5f3dd9ca231d2bf4ca472
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script'
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 20 Aug 2024 08:59:27 GMT
1a8bfa042c9c5.js
t.contentsquare.net/uxa/ 		338 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-5.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
58a2123c5c4470286bd4a3401acfa54787293819f1b8cf8d2e8c89c94099fa10

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 17 Aug 2024 09:10:41 GMT
content-encoding
br
via
1.1 1c7f2d03ad31a748ff5915695aa85442.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
age
0
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
82628
last-modified
Wed, 14 Aug 2024 09:09:23 GMT
server
AmazonS3
etag
"ad79bf127cd7077e3cd723b63f78f40c"
vary
Accept-Encoding, Origin
content-type
application/javascript;charset=utf-8
cache-control
max-age=900
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
Pn---m6Ae6FbXuHksu7lDAWBO7WgwWVCN_2qfxXb1Z6bODvfMubYtw==
batch
async-px.dynamicyield.com/ 		0
381 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1724144367371_733686
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.40.0/dy-coll-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-118.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 4b70da48eda82f2df6875ba8bf8f89ba.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
Em8sFV0lzsGaM6O8ny7i7sOAeFaeofeg6rDfbEZK02_2yJf3JkjT2w==
expires
0
destination
www.googletagmanager.com/gtag/ 		218 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-9231397&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
79fd8062d14a8f54935e82c44b49cacdeb3bff8fa8af5ab2213db525df557991
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79907
x-xss-protection
0
last-modified
Tue, 20 Aug 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 20 Aug 2024 08:59:27 GMT
destination
www.googletagmanager.com/gtag/ 		218 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-10742279&l=dataLayer&cx=c
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d60b3421b32f647673151366cb15cc4d195fd3ca8f9b3cb9d7fad0052d6b3d0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79904
x-xss-protection
0
last-modified
Tue, 20 Aug 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 20 Aug 2024 08:59:27 GMT
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
98ea26191ffc6155103762f2a7205b0b1af5f0e8d4e26cb4b539e581e2e48686

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
br
x-cdn
fastly
etag
"e5ca9645e8d8c8a937d77f8658e7bab1"
x-amz-server-side-encryption
AES256
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Accept-Encoding, Origin
cache-control
max-age=7200
alt-svc
h3=":443";ma=600
content-length
1880
fbevents.js
connect.facebook.net/en_US/ 		225 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 20 Aug 2024 08:59:27 GMT
document-policy
force-load-at-top
x-fb-server-load
32
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58912
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=22, rtx=0, c=12, mss=1297, tbw=2796, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
JU2qE9s6GyzWodRLvrc5Jr0oQ+bD0vt1K5qBoIcFsHrbfD0iuOzLPE0NWCmfDu6SbSJawbYiVsv2y/chWBqAzw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 20 Jun 2024 19:23:03 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
12116
bat.js
bat.bing.com/ 		49 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Tue, 20 Aug 2024 08:59:27 GMT
last-modified
Sat, 13 Jul 2024 20:42:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: AF1B77D9045E415DB3CFD215E2AA9BB6 Ref B: YMQ01EDGE0815 Ref C: 2024-08-20T08:59:27Z
etag
"044982565d5da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14183
collect
sgtm.elfcosmetics.com/g/ 		916 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48e0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=2011562292.1724144367&ecid=1488625108&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=479386843.1724144367&sst.gse=1&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=1&sid=1724144367&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=6144&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
8b792a8cb9f101c62766ccc3080e118e2c4a1c459d28eab227996d4d6b61aeb8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/ 		65 B
392 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48e0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=2011562292.1724144367&ecid=1488625108&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=479386843.1724144367&sst.gse=1&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=2&sid=1724144367&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=pageview&ep.vendor_id=pinterest&ep.email=&ep.event_id=1724144836853_17241450069048&ep.external_id=&_et=5&tfd=6164&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
collect
sgtm.elfcosmetics.com/g/ 		65 B
471 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48e0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=2011562292.1724144367&ecid=1488625108&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=479386843.1724144367&sst.gse=1&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=3&sid=1724144367&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&ep.vendor_id=facebook&ep.event_id=1724144836853_172414500690421&ep.email=&ep.phone=&_et=3&tfd=6165&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5D80LRC85N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
events.js
analytics.tiktok.com/i18n/pixel/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BRR4GA0I9JJBU29G8GF0&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
61d28281d72d2f0228cab9aff20a070a1d94befb277eded8b9e9cf23fabac1de

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
37d5e84
date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085927EF10A1FD14E2D3B1EDA3-6BA13622BFB2E557-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=14
content-length
2398
pragma
no-cache
server
nginx
x-tt-logid
20240820085927EF10A1FD14E2D3B1EDA3
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
14,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944baa36bd1c634ed3e3047db24f6f3a37e99f831a06507f1a0eafa446e443ce00abb3a275686ba051213b17dbc13b2bfe38787d0cf82550174ad60dcd7ce340024f
expires
Tue, 20 Aug 2024 08:59:27 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1EFEJPT0U322RQPGHFG&lib=ttq
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3dac897eda5101edd01a3a89c7c6a701106ed9304949cf93fbf38e8ecea80091

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
771a20e8.37d5e83
date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085927C19F435B32310B0E2900-54F137B648A8D949-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time
14,23.44.200.144
server-timing
cdn-cache; desc=MISS, edge; dur=8, origin; dur=7, inner; dur=2
content-length
2357
pragma
no-cache
server
nginx
x-tt-logid
20240820085927C19F435B32310B0E2900
x-cache-remote
TCP_MISS from a23-52-15-51.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
7,23.52.15.51
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b6187efc2b1067866f8f99b8083f221b980b3bb23c034dd0821ba38009e3313b6a4ad9c77cf915236afef2849a1fc6cce89402dc0fde715efe0fa4419860ff596c941ca135089f22c94255dd472f4b38b
expires
Tue, 20 Aug 2024 08:59:27 GMT
widget.js
js.jebbit.com/companion/v1/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:1000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
caab06b6d9e22bd3f5e606d7c52d61833bb08498c02ef96bb2155852c391249c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:18:47 GMT
x-amz-version-id
Ni7Av1nwUFjdEeEmV3bxRPsr0NJvxctr
via
1.1 c7947fe0c635bc68b2cbc2a30738872c.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jul 2024 20:26:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
9641
etag
"abd610d978a61075b07e166fe2d53c26"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45338
x-amz-cf-id
EHHRZwPIL-7XQsD5ZWhjWj5P0Zk4MrtxOusVY-BQG8kRBnS7pJXSTw==
i.js
tag.wknd.ai/6664/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
9dd9598b19e7daa19208503f404c72666ca8860ab236400f4ce9d97681142b78

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 07:09:29 GMT
content-encoding
gzip
x-envoy-decorator-operation
tag-router.tag-router.svc.cluster.local:80/*
via
1.1 google
age
6598
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5689
server
istio-envoy
etag
0f8e290f9a9dcd
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZLYXLXNDL8&gtm=45je48e0v879088318z8896608294za200zb896608294&_gaz=1&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=2011562292.1724144367&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1724144367&sct=1&seg=0&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&en=page_view&_fv=1&_ss=2&tfd=6333
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
102 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZLYXLXNDL8&cid=2011562292.1724144367&gtm=45je48e0v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZLYXLXNDL8&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZLYXLXNDL8&cid=2011562292.1724144367&gtm=45je48e0v879088318z8896608294za200zb896608294&aip=1&dma=0&gcs=G111&gcd=13v3v3v3u5l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=333243204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/s/ 		0
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.google.com/g/s/collect?dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&gtm=45j91e48f1h1v9125640115z8896608294z99175401888za200zb896608294&_gsid=5D80LRC85NjyZNRGEbJwbh-s7hPfb_Lw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=XitM44wO%2BWFxWjSXd54muS00TtkhkqFwqXvWGgielys%3D.1724144367&gtm=45j91e48f1h1v9125640115z8896608294z99175401888za200zb896608294&aip=1&z=919436118
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&tid=G-5D80LRC85N&cid=XitM44wO%2BWFxWjSXd54muS00TtkhkqFwqXvWGgielys%3D.1724144367&gtm=45j91e48f1h1v9125640115z8896608294z99175401888za200zb896608294&aip=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:27 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sessions
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/sessions
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmE2MjViYjBkLTJjZmMtNDU5NS05ZGQyLWJmMTMxNTI0MzQyYyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQxNDQzMzcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid3J3V2x1aEdrZW9Sa0tsS3dXWVlscklaOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDE0NjE2NywiaWF0IjoxNzI0MTQ0MzY3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMyODE5MTQ0MTk0NDM2OTg5In0.s0hec9QNF6wRCF5U272Q4zYHrw28B0QfTH48r0qfEx3asYiysp_5J2cdczQnlY5F-xH7-GB_0JmNUBm_Uv_x6A
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
via
1.1 2063124c232c5b97b617efefe26d1e72.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-yottaa-metrics
2521cc028a8b/[196,194,-] 25D1cc028547/[-,197.116]
x-amz-cf-pop
SFO53-P2
age
0
x-yottaa-optimizations
ob/0 si/25D1cc028547-1724077673-6243326100 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
allow
OPTIONS,POST
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/sessions
accept-ranges
bytes
cf-ray
8b612ffacf1776d0-SEA
x-dw-request-base-id
fJSxIO9axGYBAAB_
x-amz-cf-id
AT4mOMIMzrYToiOSecl0yixCby8iFEbwgbA80VCd2vzLMXivlR4CCQ==
x-yottaa-os
204
expires
Thu, 01 Dec 1994 16:00:00 GMT
shoppercontext
www.elfcosmetics.com/api/v1/ 		155 B
895 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/api/v1/shoppercontext?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmE2MjViYjBkLTJjZmMtNDU5NS05ZGQyLWJmMTMxNTI0MzQyYyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQxNDQzMzcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid3J3V2x1aEdrZW9Sa0tsS3dXWVlscklaOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDE0NjE2NywiaWF0IjoxNzI0MTQ0MzY3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMyODE5MTQ0MTk0NDM2OTg5In0.s0hec9QNF6wRCF5U272Q4zYHrw28B0QfTH48r0qfEx3asYiysp_5J2cdczQnlY5F-xH7-GB_0JmNUBm_Uv_x6A
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 0560e3493bcd525e6e3e19cd7c9abdc0.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
155
content-encoding
gzip
x-amz-cf-pop
SFO53-P2
age
0
x-amzn-remapped-connection
close
x-amzn-requestid
d0ad5a67-9faa-4fa2-9c00-b8abf84e7d9f
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326101 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
x-amz-apigw-id
czMlhHSzCYcECyA=
content-length
131
alt-svc
h3=":443"; ma=86400
etag
W/"9b-kxf9yVg30tXuCGFtxK1Gzr92WYg"
x-amzn-trace-id
Root=1-66c45aef-28094c38076765a264a342af;Parent=562e9a87af277392;Sampled=0;lineage=2b75b0e9:0
content-type
application/json; charset=utf-8
x-yottaa-os
200
x-yottaa-metrics
2521cc028a8c/[491,490,-] 25D1cc028547/[-,493.836]
x-amzn-remapped-date
Tue, 20 Aug 2024 08:59:28 GMT
x-amz-cf-id
L6erv2aQgYZ6_RBNn3KxgCFavfujHbxe2dqdSZo2S2AV2SA2ACIQqw==
sync
sdk.iad-05.braze.com/api/v3/content_cards/ 		85 B
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk.iad-05.braze.com/api/v3/content_cards/sync
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:65a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
789f5c383ebd68ee2e0482924e6ce650e7cca4e76c9f8989632537330ea74761
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

X-Braze-Req-Tokens-Remaining
27
X-Braze-Api-Key
609afcb2-1dc3-41ef-a771-0a9aaf10bf57
X-Braze-DataRequest
true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json
X-Braze-Last-Req-Ms-Ago
924
BRAZE-SYNC-RETRY-COUNT
0
X-Requested-With
XMLHttpRequest
Referer
https://www.elfcosmetics.com/
X-Braze-Req-Attempt
1
X-Braze-ContentCardsRequest
true

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
fd4d6c05-0087-4fd6-a73b-e78240edb02f
x-runtime
0.072617
server
cloudflare
etag
W/"789f5c383ebd68ee2e0482924e6ce650"
vary
Origin,Accept-Encoding
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-ratelimit-reset
1724144370
access-control-max-age
7200
x-ratelimit-limit
500.0
cf-ray
8b612ffa7a13a28c-YUL
x-ratelimit-remaining
498.0
viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.85.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-85-244.compute-1.amazonaws.com
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-cq-client-id
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization, content-type, x-cq-tenant, x-cq-client-id
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
content-length
0
date
Tue, 20 Aug 2024 08:59:28 GMT
server
envoy
strict-transport-security
max-age=15552000; includeSubdomains
x-envoy-upstream-service-time
1
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
902 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
via
1.1 cdb593e085c35596a44093f23350a6a2.cloudfront.net (CloudFront)
x-amz-cf-pop
SFO53-P2
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326102 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-yottaa-metrics
2521cc028a8d/[539,537,-] 25D1cc028547/[-,540.225]
cf-ray
8b612ffbfdba3076-SEA
x-dw-request-base-id
cD0YaPBaxGYBAAB_
x-amz-cf-id
WVvg2vkFqD0CHvZFIT2j1V6wcRwd64PJXz7UVrzoqSQnQX4G4RajMg==
geo-ip
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/ 		189 B
902 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
via
1.1 bcbc5b46216015493e082cfbcf77ef10.cloudfront.net (CloudFront)
x-amz-cf-pop
SFO53-P2
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326105 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
allow
GET,HEAD,OPTIONS
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/custom_objects/CustomApi/geo-ip?c_ip=167.114.209.103
x-yottaa-metrics
2521cc028a88/[334,333,-] 25D1cc028547/[-,335.926]
cf-ray
8b612fffefc6ba03-SEA
x-dw-request-base-id
fJS8IPBaxGYBAAB_
x-amz-cf-id
k7Y6g0Nu28G1t3ycA6Dv2Ae9KQPkR9XiFZ2KLoeO-GLVWFNa0Cqm5w==
baskets
www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwrwWluhGkeoRkKlKwWYYlrIZ/ 		11 B
874 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/api/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwrwWluhGkeoRkKlKwWYYlrIZ/baskets?siteId=elf-us
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmE2MjViYjBkLTJjZmMtNDU5NS05ZGQyLWJmMTMxNTI0MzQyYyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQxNDQzMzcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid3J3V2x1aEdrZW9Sa0tsS3dXWVlscklaOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDE0NjE2NywiaWF0IjoxNzI0MTQ0MzY3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMyODE5MTQ0MTk0NDM2OTg5In0.s0hec9QNF6wRCF5U272Q4zYHrw28B0QfTH48r0qfEx3asYiysp_5J2cdczQnlY5F-xH7-GB_0JmNUBm_Uv_x6A
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
sfdc_customization
HOOK
dnt
0
cf-cache-status
DYNAMIC
x-correlation-id
8b612ffbeba55ec2
x-content-type-options
nosniff
via
1.1 77707a2afe90f47f1dd51bc40e910a26.cloudfront.net (CloudFront)
x-amz-cf-pop
SFO53-P2
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326103 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
content-length
37
allow
GET,HEAD,OPTIONS
x-ratelimit-remaining
999
content-type
application/json;charset=UTF-8
vary
Accept-Encoding
sfdc_load
1
cache-control
max-age=0,no-cache,no-store
x-yottaa-os
200
x-proxy-request-url
https://6p9dgqhn.api.commercecloud.salesforce.com/customer/shopper-customers/v1/organizations/f_ecom_bbxc_prd/customers/abwrwWluhGkeoRkKlKwWYYlrIZ/baskets?siteId=elf-us
x-ratelimit-limit
99999
accept-ranges
bytes
cf-ray
8b612ffbeba55ec2-PDX
x-amz-cf-id
1jHt6S2gmTl6e4bSEJFAoqZAJh5PBeeVTAexlIeMqYLxh6WBI47cmA==
x-yottaa-metrics
2521cc028a8e/[204,203,-] 25D1cc028547/[-,205.891]
viewPage
api.cquotient.com/v3/activities/bbxc-elf-us/ 		98 B
515 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.cquotient.com/v3/activities/bbxc-elf-us/viewPage
Requested by
Host: cdn-fsly.yottaa.net
URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/main.js?yocs=1u_1y_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.85.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-85-244.compute-1.amazonaws.com
Software
envoy /
Resource Hash
677f08ef0543a5f199e6ac40392e4b0a7c24c3e6394d0e32373ae33259c9f87a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains

Request headers

x-cq-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
strict-transport-security
max-age=15552000; includeSubdomains
server
envoy
etag
W/"62-10fUg3YlSSacugov21fEPfgnUiQ"
access-control-allow-methods
GET, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
content-length
98
local
www.paypal.com/credit-presentment/experiments/ Frame 301E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/credit-presentment/experiments/local?uid=uid_numhnacfzmymuvpacsidplhppphjzs&disableSetCookie=true&features=%5Bobject%20Object%5D%2Cnative-modal&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVEtRVFGWUZkbUtOeHRaUkJvUmR2MmNodlFJLV9aUHZMMWpWTjlTRllDVHNlS1Q0T0hQS3JuVDJ5Smx4OGtXS25GSTdKWEVKTV9jVFNkYmYmaW50ZW50PWF1dGhvcml6ZSZjdXJyZW5jeT1DQUQmdmF1bHQ9dHJ1ZSZjb21wb25lbnRzPWJ1dHRvbnMsbWVzc2FnZXMiLCJhdHRycyI6eyJkYXRhLXNkay1pbnRlZ3JhdGlvbi1zb3VyY2UiOiJyZWFjdC1wYXlwYWwtanMiLCJkYXRhLXVpZCI6InVpZF9udW1obmFjZnpteW11dnBhY3NpZHBsaHBwcGhqenMifX0&env=production&scriptUID=uid_numhnacfzmymuvpacsidplhppphjzs&version=1.64.9&integrationType=SDK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-expose-headers
Server-Timing
age
71398
cache-control
s-maxage=86400, max-age=0
content-encoding
gzip
content-length
1523
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'sha256-RmYTC9iPUTyoPfOBR9rEZcPmA3A8NGQgxJOYYBUb740=' 'sha256-MkvCXwEdBhR/QU6eqGX5THWCtkqlaanwiNzVKNI9Vb8=' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com https:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com
content-type
text/html; charset=utf-8
date
Tue, 20 Aug 2024 08:59:28 GMT
dc
ccg11-origin-www-1.paypal.com
edge-cache-tag
up-treatments-zoid
etag
W/"1479-rcjjDmCYbnZKEiOs2pd/xEvI80U"
fastly-mss
ngwaf-backend
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f8319565a3956
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
"traceparent;desc="00-0000000000000000000f8319565a3956-aafff3682ab6265d-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f8319565a3956-bb903ddb6cc0ce22-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, MISS
x-cache-hits
12736, 118, 0
x-served-by
cache-bur-kbur8200139-BUR, cache-yul1970049-YUL, cache-yul1970049-YUL
x-timer
S1724144368.173624,VS0,VE5
x-xss-protection
1; mode=block
pptm.js
www.paypal.com/tagmanager/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=www.elfcosmetics.com&t=xo&v=5.0.456&source=payments_sdk&client_id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&comp=buttons,messages&disableSetCookie=true&vault=true
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1465b8c60884940163326e61a428612dfc166e3112fe80c3d7d11e0ccdd3c4cd
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-hXnCarD7DHwp3a5cW2VA+lxP2+mNwQz16CyG1xaI46+9p0XO' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-hXnCarD7DHwp3a5cW2VA+lxP2+mNwQz16CyG1xaI46+9p0XO' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 20 Aug 2024 08:59:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
38458
x-cache
HIT, HIT, MISS
paypal-debug-id
f542488c74baf
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4790
x-xss-protection
1; mode=block
x-served-by
cache-bur-kbur8200020-BUR, cache-yul1970023-YUL, cache-yul1970023-YUL
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f542488c74baf-0895ca6a61639011-01
fastly-mss
ngwaf-backend
x-timer
S1724144368.121039,VS0,VE4
etag
W/"36a7-VGqhsTA47DuF2YhLQrvtkHfHG74"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
bytes
x-cache-hits
33, 27, 0
main.1b182128.js
s.pinimg.com/ct/lib/ 		81 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.1b182128.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6515981ad814530ea37bc6838f8d8cc3074eaf22dffef1b8f207959afd0a492b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
content-encoding
br
x-cdn
fastly
etag
"2ede1d70eab18c6ab52837a878fb9264"
x-amz-server-side-encryption
AES256
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Accept-Encoding, Origin
cache-control
max-age=1209600
alt-svc
h3=":443";ma=600
content-length
23553
config
pixel-config.reddit.com/pixels/t2_16331p/ 		3 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/t2_16331p/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
content-encoding
gzip
via
1.1 varnish
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
content-length
27
t2_16331p_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_16331p_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
97
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1724144368132&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=609aed73f2d0bb688145e5652822af048d38bc314831ac4b7e40c9ad1bd49c4b&uuid=da390319-1ac2-4ce9-9460-80d23a2a51bb&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
jsp
ut.rd.linksynergy.com/ 		148 B
405 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ut.rd.linksynergy.com/jsp?cn=rmuid&ro=0&cb=___rmuid
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
c7b18b4a8ea693ab91759c05350f7dcee8fee13067f2fd24fa86013b63ea3da5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-samesite
secure
date
Tue, 20 Aug 2024 08:59:28 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
148
content-type
text/plain; charset=utf-8
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.elfcosmetics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-length
0
date
Tue, 20 Aug 2024 08:59:28 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f453589083cd3
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f453589083cd3-c4615a8dd4d9fd0e-01
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-served-by
cache-bur-kbur8200161-BUR, cache-yul1970034-YUL, cache-yul1970034-YUL
x-timer
S1724144368.318779,VS0,VE143
pageview
c.contentsquare.net/ 		0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&dt=249&pvt=n&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6678&ww=1600&wh=1200&sw=1600&sh=1200&uu=919b6f68-3b80-a24b-84fd-908286c63b48&sn=1&hd=1724144368&v=15.7.0&pid=1926&pn=1&r=644155
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.169.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-169-231.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:28 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
logger
www.paypal.com/xoplatform/logger/api/ 		977 B
894 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger?disableSetCookie=true
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AQ-EQFYFdmKNxtZRBoRdv2chvQI-_ZPvL1jVN9SFYCTseKT4OHPKrnT2yJlx8kWKnFI7JXEJM_cTSdbf&intent=authorize&currency=CAD&vault=true&components=buttons,messages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d2e0830a23a6475d02a388fd7c90aee028226e5d0ca34a9927eed20f6a9f8c91
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS, MISS
paypal-debug-id
f453589924a41
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-bur-kbur8200175-BUR, cache-yul1970034-YUL, cache-yul1970034-YUL
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f453589924a41-4926b32d7426ac2b-01
x-timer
S1724144368.480366,VS0,VE263
etag
W/"3d1-9fGHBYU5Dvio0/5/tn0qZg6SiL0"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges
none
x-cache-hits
0, 0, 0
1638306756445368
connect.facebook.net/signals/config/ 		75 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1638306756445368?v=2.9.165&r=stable&domain=www.elfcosmetics.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f18312b5ea320b031c9f4d4291628dd942dbf8e5e5a0870551b11961e38dd4b9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 20 Aug 2024 08:59:28 GMT
document-policy
force-load-at-top
x-fb-server-load
35
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
15308
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=29, rtx=0, c=65, mss=1297, tbw=64425, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
or8VN8Pol1VTDj78RLPgxd8pOg3vyTmtu5ZmANTFLoA6LGZ6NHh/PlxVG+1nkG6pv2CgSmdG+355h/4IcGUrrg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1435387824;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.198 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:28 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"6775240064206637970"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0xe92cb79963c88f86","source_keys":["12","13","14","15","16","17","18","19","20","21","18263372","18263373","18263374","18263375","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","634786564","634786565","634786566","634786567"]},{"key_piece":"0x8a9303e8c47e5520","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","18263372","18263373","18263374","18263375","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","634786564","634786565","634786566","634786567"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"18263372":34,"18263373":34,"18263374":34,"18263375":3345,"19":65,"20":65,"21":6356,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628613572":32,"628613573":32,"628613574":32,"628613575":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"634786564":32,"634786565":32,"634786566":32,"634786567":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"3922649968251767102","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"6775240064206637970","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"6775240064206637970","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"6775240064206637970","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"6775240064206637970","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
5013978.js
bat.bing.com/p/action/ 		334 B
406 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5013978.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Tue, 20 Aug 2024 08:59:28 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0BF186D803F14C26AE4F446D49C22830 Ref B: YMQ01EDGE0815 Ref C: 2024-08-20T08:59:28Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=1800
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=620697308;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.198 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:28 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"15731328239521320914"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0x75db73c84ba71105","source_keys":["12","13","14","15","16","17","18","19","20","21","16253844","16253845","16253846","16253847","18241288","18241289","18241290","18241291","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","638131352","638131353","638131354","638131355","640975368","640975369","640975370","640975371","902568420","902568421","902568422","902568423"]},{"key_piece":"0xf5ebab86854a489f","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","16253844","16253845","16253846","16253847","18241288","18241289","18241290","18241291","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","638131352","638131353","638131354","638131355","640975368","640975369","640975370","640975371","902568420","902568421","902568422","902568423"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"16253844":38,"16253845":38,"16253846":38,"16253847":3739,"17":65,"18":6356,"18241288":32,"18241289":32,"18241290":32,"18241291":3177,"19":65,"20":65,"21":6356,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628504556":32,"628504557":32,"628504558":32,"628504559":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"638131352":327,"638131353":327,"638131354":327,"638131355":31784,"640975368":218,"640975369":218,"640975370":218,"640975371":21189,"902568420":34,"902568421":34,"902568422":34,"902568423":3345},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"18077814897979166022","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"15731328239521320914","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"15731328239521320914","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"15731328239521320914","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"15731328239521320914","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
88b8e824-a5b0-468b-9bf4-f6b5cb5a98cc
https://www.elfcosmetics.com/ 		7 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.elfcosmetics.com/88b8e824-a5b0-468b-9bf4-f6b5cb5a98cc
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
85998b57ac48719b7aa6f068c60bc45b16277b917496fc0088d31897c61b610e

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length
7329
Content-Type
application/javascript
activityi;dc_pre=COOhg6Wag4gDFeUl0AQdTFo1wA;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined...
9231397.fls.doubleclick.net/ Frame B82E
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefin...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=COOhg6Wag4gDFeUl0AQdTFo1wA;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-c...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=COOhg6Wag4gDFeUl0AQdTFo1wA;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1435387824;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.230 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
437
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:28 GMT
expires
Tue, 20 Aug 2024 08:59:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:28 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=COOhg6Wag4gDFeUl0AQdTFo1wA;src=9231397;type=retarget;cat=globa0;ord=359625070160;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=1435387824;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CO27hKWag4gDFcEX0AQdpYAT5Q;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-cr...
10742279.fls.doubleclick.net/ Frame 2760
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CO27hKWag4gDFcEX0AQdpYAT5Q;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfco...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CO27hKWag4gDFcEX0AQdpYAT5Q;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=620697308;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.230 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
373
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:28 GMT
expires
Tue, 20 Aug 2024 08:59:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:28 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CO27hKWag4gDFcEX0AQdpYAT5Q;src=10742279;type=elf8j0;cat=glo_flap;ord=229930829346;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=620697308;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
main.MWRmMjhhNDhjNA.js
analytics.tiktok.com/i18n/pixel/static/ 		340 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b7c4a782800cdc714e64ede36f67bdaf64c773f1b3e9f6893782026694e48d72

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
37d6054
date
Tue, 20 Aug 2024 08:59:28 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240814222244ECAC1C543689F9208F27
x-tt-trace-id
00-240814222244ECAC1C543689F9208F27-2207A55D199FF225-00
vary
Accept-Encoding
x-cache
TCP_HIT from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01d0d6dc53eaffefd90de7d391759f4b9026c232e1683c7bdde7f432045852c78a43a8d46f370cb9a689552435949b9476ea55226be4a12b6622ee5838f931f6facc470e2a3ba42d7fa986dcedc903d64534cf32ef24211a0bb6206bde8de27cd3
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length
97727
widget.css
js.jebbit.com/companion/v1/ 		15 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:1000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 03:42:45 GMT
x-amz-version-id
Dtf.9Q_1CbcuUz2YOVUdf.z9UL2wO11I
via
1.1 c7947fe0c635bc68b2cbc2a30738872c.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jul 2024 20:26:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
19004
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
mGhRn8qq2NdPdZerWhHNv4A9DQWBkEyQpPcTo2DbOm38Kyfe1NiTRQ==
launcher_configs
external-api.jebbit.com/moments/v2/ 		0
0
main.MWRmMjhhNDhjNQ.js
analytics.tiktok.com/i18n/pixel/static/ 		345 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNQ.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
be442493a7c42f5bec90987024c77b15ef486e90cd72ac21c5613f913b024730

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
37d6061
date
Tue, 20 Aug 2024 08:59:28 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240814222238C954034405756DFB5213
x-tt-trace-id
00-240814222238C954034405756DFB5213-247BA6DC2E5C26C0-00
vary
Accept-Encoding
x-cache
TCP_HIT from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
015e6e63c516a2ae52253da094a609de957e3fdcfa15e627899f57189ab3970f4c6f75f5b531e26d4095c3a11670885359a4bf2b999ac8e8050108fbae0673b3e351a2ea636d27e53ac4914ef9e25c312a1957409dee84011d346279ec1a668e3f
server-timing
cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=15
content-length
99671
ts
t.paypal.com/ 		42 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3A7PFGPLHGYKX72-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&fltp=analytics&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1724144368559&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires
Tue, 20 Aug 2024 08:59:28 GMT
date
Tue, 20 Aug 2024 08:59:28 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
d677c054bc8b9
server-timing
"traceparent;desc="00-0000000000000000000d677c054bc8b9-0f2e9f1f1409e44f-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200067-BUR, cache-yul1970045-YUL
pragma
no-cache
correlation-id
d677c054bc8b9
traceparent
00-0000000000000000000d677c054bc8b9-cb148598c2bafb6d-01
x-timer
S1724144369.640131,VS0,VE96
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
baskets
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
dc498829767f74ec34f4e5fcc1844fcbd8ef9ed70d4af396e136ec9b3163f042
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmE2MjViYjBkLTJjZmMtNDU5NS05ZGQyLWJmMTMxNTI0MzQyYyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQxNDQzMzcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid3J3V2x1aEdrZW9Sa0tsS3dXWVlscklaOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDE0NjE2NywiaWF0IjoxNzI0MTQ0MzY3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMyODE5MTQ0MTk0NDM2OTg5In0.s0hec9QNF6wRCF5U272Q4zYHrw28B0QfTH48r0qfEx3asYiysp_5J2cdczQnlY5F-xH7-GB_0JmNUBm_Uv_x6A
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 01b90d40e6fbb9eb474f11f8e8ec14a6.cloudfront.net (CloudFront)
x-yottaa-metrics
2521cc028522/[216,215,-] 25D1cc028547/[-,218.277]
x-amz-cf-pop
SFO53-P2
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326106 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
1105
pragma
no-cache
etag
f25becb507f8218dc38c09c6840c015533efb1c4787476441326931054b750f1
allow
OPTIONS,POST
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.elfcosmetics.com
x-dw-resource-state
f25becb507f8218dc38c09c6840c015533efb1c4787476441326931054b750f1
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets
accept-ranges
bytes
cf-ray
8b612ffffed67565-SEA
x-dw-request-base-id
fJS7IPBaxGYBAAB_
x-amz-cf-id
7I_TNl83gjWfsV0T_3xnMWbDfit-VXfZP6DFM6WWnp5wUnpKXE_fug==
x-yottaa-os
200
expires
Thu, 01 Dec 1994 16:00:00 GMT
/
ct.pinterest.com/user/ 		321 B
729 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1724144368567&dep=2%2CPAGE_LOAD
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.6724c317.1724144368.56276707
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=600
content-length
186
x-pinterest-rid
1734837216336257
pin-unauth
dWlkPU5USmlNV1EyTXpZdFlXVTRaUzAwTkRFMExUbGlNakl0WVRjMU5UWXlNRGRsWkRJMw
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/user/ 		321 B
706 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221724144836853_172414500690421%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1724144368570&dep=5%2CEVENT_TAGS_ABSENT
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:28 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.6724c317.1724144368.56276708
x-envoy-upstream-service-time
1
content-length
186
x-pinterest-rid
1316151150658075
pin-unauth
dWlkPVlUVXpPRFV3WkRndE5UWXlaaTAwWlROaExUazBZVGd0WldKbVlUTTNOMk5qTXpneQ
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
expires
Sat, 01 Jan 2000 00:00:00 GMT
dvar
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/dvar?v=15.7.0&pid=1926&pn=1&sn=1&uu=919b6f68-3b80-a24b-84fd-908286c63b48&dv=H4sIAAAAAAAAA0WMsQrCUAxFfyVkdnHtpq0VwVEKnUraBgnERF6DWor%2F7hOUjvdwzl1wt%2B%2Bqtjuq96RQukVyhQtPgQVWs9FNBmiFdYTD685J2AaecPPrVgbbHDSUhELc8vorZ3%2FCyYLt%2B1i6KvWesvRgqEUj53bF9wcxTAoRiQAAAA%3D%3D&ct=2&r=603982
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.169.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-169-231.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:28 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1724144368660&sw=1600&sh=1200&v=2.9.165&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1724144368642.85330626624325522&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1724144368292&coo=false&eid=1724144836853_172414500690421&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=10, mss=1297, tbw=2823, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 20 Aug 2024 08:59:28 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1724144368660&sw=1600&sh=1200&v=2.9.165&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1724144368642.85330626624325522&ic=fbpixel&ler=empty&cdl=API_unavailable&it=1724144368292&coo=false&eid=1724144836853_172414500690421&tm=1&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Tue, 20 Aug 2024 08:59:28 GMT
document-policy
force-load-at-top
x-fb-server-load
30
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7405143675926622138", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=17, mss=1297, tbw=3141, tp=-1, tpl=-1, uplat=58, ullat=0
pragma
no-cache
x-fb-debug
IHHmHP5ftrujZCivQSBmvL1JXiybjkxWtFs1YNx2GvpcEPgDuOy3DbgzkGg079jS7qlgu0DYxXf8WQ0A6YWEGQ==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7405143675926622138"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
0
bat.bing.com/action/ 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5013978&tm=gtm002&Ver=2&mid=de1d6eef-7b23-4b3d-b2b1-428e048b4848&sid=81dd40a05ed211efbd25e522cd590153&vid=81dd5b605ed211ef9a5f3b4ce40d52b5&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&p=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&r=&lt=5665&evt=pageLoad&sv=1&cdb=AQET&rn=877875
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 20 Aug 2024 08:59:28 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 69D82B0BED4849D18B00D3C9EE211350 Ref B: YMQ01EDGE0815 Ref C: 2024-08-20T08:59:28Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
ct.pinterest.com/v3/ 		35 B
503 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%221b182128%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1724144368679
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:28 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
referrer-policy
origin
x-cdn
akamai
akamai-grn
0.6724c317.1724144368.56276720
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
content-length
35
x-pinterest-rid
1172100326867947
expires
Sat, 01 Jan 2000 00:00:00 GMT
identify_c2008b8c.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id
37d6142
date
Tue, 20 Aug 2024 08:59:28 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240729124140382AD146317B091C0939
x-tt-trace-id
00-240729124140382AD146317B091C0939-7296C6678AD67ADC-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
010344fd8e86cfa08544f2b52ea1a025a176893e1bafd3d3c5ae93a1eb225780f9b327fc67b4a5f5ec498aee739f3512b1a6d23fb3cef79a4585b05381bd66615fd67008aecfc101e702a04782db18d9127cac9a42e4ff0d886e408e23b2ba0e25
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=10
content-length
39539
monitor
analytics.tiktok.com/api/v2/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6164
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408200859288A59B6F468A1BEAD326A-328B1BCF88FB104C-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=10, cdn-cache; desc=MISS, edge; dur=6, origin; dur=19
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408200859288A59B6F468A1BEAD326A
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
20,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bcf0c68670951d3910606bf79469168e421bbc8154731a3f776383333eddfb92be8c13721d3b0cdcf5c9c39481ed29862aab6b8f776daf41beeaf9d7a9e1f1623
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
721 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6165
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082008592884C9CB8AAAB1D38DF4EF-69BD9EA14F417AD2-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=10, cdn-cache; desc=MISS, edge; dur=8, origin; dur=19
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082008592884C9CB8AAAB1D38DF4EF
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
20,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bcf0c68670951d3910606bf79469168e44e953eed156e8501eb5a291aa8b94f3890648ffef72b53258afd8025d67578ef249dd766b9ca2332c0b13b74c1841d5a
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
721 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6166
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085928898486CEACCF5486FDB4-67696F0834F71BAA-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=11, cdn-cache; desc=MISS, edge; dur=7, origin; dur=20
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240820085928898486CEACCF5486FDB4
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
21,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bfb3e57eb9982e725b34f1cb12ab97a7c512878ee938b5649867a7807084fed6fafa3eee3b6c647f007dde3789f1305c9f58e173fe1930e9c91a8c04e8f7b915e
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6167
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082008592854D03D7868C329A60053-63DF52AF4249E47B-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=9, cdn-cache; desc=MISS, edge; dur=7, origin; dur=18
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082008592854D03D7868C329A60053
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
19,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b249e4d37c50130724db31a632422f854532c190fc4832f302f5f2dc9a2b3d669a880218df60f688cdc680b80b83f9939c1a9a1cd44bc86547ebeac5fbec5d5d7
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6168
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408200859285FAEDDB97EC45C87992A-432DB89E878FAD29-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=8, cdn-cache; desc=MISS, edge; dur=26, origin; dur=18
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408200859285FAEDDB97EC45C87992A
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
18,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b0acd1b9497144c83c133c443a9617f3e344c01b12212e85b0a5e75642a852d1cc582a0899d832a829c040bf8ad953c7e073515094ab90e30962cc3788df19bcf
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
879 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2526212.37d6169
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082008592867071C924571E2A98D97-244BE487CDD1BF45-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time
90,23.44.200.144
server-timing
cdn-cache; desc=MISS, edge; dur=97, origin; dur=17, inner; dur=13
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082008592867071C924571E2A98D97
x-cache-remote
TCP_MISS from a23-48-200-211.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
17,23.48.200.211
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bea0408bdc86a3ad0723d88e8327c51347b7178b68c6a46bb421bc69b79f796c65b811859fe4def475d1f859d6bbd2adcf54536f2837673d5e7c0b86591ade752bb3cd916b0a1bad5b11ed890b941fdb7
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
performance_interaction
analytics.tiktok.com/api/v2/ 		0
721 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/performance_interaction
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6176
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408200859285FAEDDB97EC45C87992D-3C818381EB45FD6E-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=10, cdn-cache; desc=MISS, edge; dur=8, origin; dur=25
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408200859285FAEDDB97EC45C87992D
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
26,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b0acd1b9497144c83c133c443a9617f3e801fe25ff474223d8ee8a99fdf088d7d53930f88d80ebae9e87aa18b34c148bcf1a91ad767dcfe47e3b0d3b75cb039f4
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
876 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
771a5ea5.37d6177
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085928BFCB970A53A80E863F9B-19C5629A8466B00E-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time
21,23.44.200.144
server-timing
cdn-cache; desc=MISS, edge; dur=13, origin; dur=14, inner; dur=10
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240820085928BFCB970A53A80E863F9B
x-cache-remote
TCP_MISS from a23-52-15-51.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
14,23.52.15.51
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b6187efc2b1067866f8f99b8083f221b9e245eee24b1728e5f14bab9799a536e8aa6b4d72fe2ab26fc240fa4f888e73b24ce7358a89e0cefccee32d28cfb8ef9fe42f2de3d61549a2890232234ae0e02c
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6178
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085928898486CEACCF5486FDB5-0A0704E3E35A22A8-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=33, cdn-cache; desc=MISS, edge; dur=5, origin; dur=52
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240820085928898486CEACCF5486FDB5
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
52,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bfb3e57eb9982e725b34f1cb12ab97a7cdeb79aaa2aa7cf547fe986c2450c0f44262f01da1bc259079288293297ebdcded8639ef9b77a7645b51e0df57850c6fe
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
721 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6179
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082008592884C9CB8AAAB1D38DF4F1-6BE82196F70DF702-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=31, cdn-cache; desc=MISS, edge; dur=6, origin; dur=44
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082008592884C9CB8AAAB1D38DF4F1
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
44,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bcf0c68670951d3910606bf79469168e4d49161c285f5890f3b5aa1a9dcbd3b0bcb43ae777b570691c31457cf4d34b6fef457df5196a786577f017199901046d9
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
879 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2525ed9.37d617a
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408200859280CACBCBF18CA3AAA1BD2-4B806FC4BFBD27B6-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time
52,23.44.200.144
server-timing
cdn-cache; desc=MISS, edge; dur=15, origin; dur=43, inner; dur=39
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408200859280CACBCBF18CA3AAA1BD2
x-cache-remote
TCP_MISS from a23-48-200-211.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
43,23.48.200.211
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bea0408bdc86a3ad0723d88e8327c513420c66310f2f5ef020d55183f36ea7b7c3d8c973be000da04c6f337659c708b90016238f380f5b636fc95cd8b7535aa1674bcdc100bf832cdc13503d34b4703fe
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
880 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
ef197748.37d617b
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082008592852254343663FB489FAD5-1327C1FD72584ADF-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time
24,23.44.200.144
server-timing
cdn-cache; desc=MISS, edge; dur=15, origin; dur=14, inner; dur=11
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082008592852254343663FB489FAD5
x-cache-remote
TCP_MISS from a23-48-200-209.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
15,23.48.200.209
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944ba0a7f49b340b5b47b415cb338437dee60df94fba8f192265400925f4769a934e9da0bd9d34360be8c2167ffe4c78df2b3583b705190ee4168cbb46a02318581f7b737826aa3e0141747b722cb9e7e276
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
878 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
ef197576.37d617c
date
Tue, 20 Aug 2024 08:59:28 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085928BA09BA487A9FE98F08D0-293F0054D1757DF5-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time
55,23.44.200.144
server-timing
cdn-cache; desc=MISS, edge; dur=66, origin; dur=23, inner; dur=18
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240820085928BA09BA487A9FE98F08D0
x-cache-remote
TCP_MISS from a23-48-200-209.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
23,23.48.200.209
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944ba0a7f49b340b5b47b415cb338437dee608aa1abc113b7da239edc9f61be82fe4ecc0b09ce6ef351a5f3b9edfd113a2b6e82fbda4fd965f981284107ef6f73c3fe71a1300017810fd664e9d378aa721cc
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:28 GMT
NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare
elfcosmetics.a.bigcontent.io/v1/static/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/NEW-beauty-squad-beauty-squad-loyalty-logo-staggered-paddedsquare?%24Desktop%24=&fmt=auto
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.15.190 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:29 GMT
x-amz-version-id
null
cf-cache-status
HIT
age
73136
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
5378
last-modified
Mon, 19 Aug 2024 11:32:00 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
accept-ranges
bytes
cf-ray
8b6130036942a20a-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-gift-1165617
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-gift-1165617?%24Desktop%24=&fmt=auto
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.15.190 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:29 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
33458
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 19 Aug 2024 16:06:15 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
8b6130036943a20a-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
icon-noun-drop-1235517%201
elfcosmetics.a.bigcontent.io/v1/static/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%201x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%202x,%20https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517%201?%24Desktop%24=&fmt=auto%203x
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.15.190 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:29 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
age
59611
x-amz-server-side-encryption
AES256
x-amp-cf-worker
true
edge-control
max-age=86400
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 18 Aug 2024 17:16:37 GMT
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=1800
cf-ray
8b6130036944a20a-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
700232
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/ 		78 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/products/700232?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
e67898ba1df21825d37dee978e1e8bcba2588dabce79e5c6fff6758ab3c18edb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
cache-control
no-cache
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 20 Aug 2024 08:59:29 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
gzip
via
1.1 fd35f1fff2f9fd0955b7c73222980a2c.cloudfront.net (CloudFront)
x-amz-cf-pop
SFO53-P2
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326108 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
age
0
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 20 Aug 2024 08:59:29 GMT
allow
GET,HEAD,OPTIONS
vary
accept-encoding
content-type
application/json;charset=UTF-8
cache-control
max-age=0,no-cache,no-store,must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/products/700232?siteId=elf-us&locale=en-CA&currency=CAD&expand=availability%2Cbundled_products%2Clinks%2Cpromotions%2Coptions%2Cimages%2Cprices%2Cvariations%2Cset_products%2Crecommendations&all_images=true&perPricebook=true
x-yottaa-metrics
2521cc0285f7/[345,343,-] 25D1cc028547/[-,347.011]
cf-ray
8b6130035ba5759a-SEA
x-dw-request-base-id
cD0haPFaxGYBAAB_
x-amz-cf-id
MGTwWl45NwSr-6TvbA3BOWPfrRtcoyh16ZzScewbaHbgqh1zbLCbaA==
monitor
analytics.tiktok.com/api/v2/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6249
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082008592984C9CB8AAAB1D38DF511-6BE82196F70DF744-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=11, cdn-cache; desc=MISS, edge; dur=11, origin; dur=19
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082008592984C9CB8AAAB1D38DF511
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
20,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bcf0c68670951d3910606bf79469168e4d49161c285f5890f3b5aa1a9dcbd3b0bcb43ae777b570691c31457cf4d34b6fea14f9e8ceb834da2f291756eadc5e165
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d624a
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408200859291C0E6498CA92045DD019-721CFB35314E7112-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=12, cdn-cache; desc=MISS, edge; dur=11, origin; dur=21
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408200859291C0E6498CA92045DD019
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
21,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bffe96126a670a66770736d567468f46885675c9202bd8b6ea97eefb071dfad8a72aa7d562c3d99912accf569e9e7dbc3545315ddc35b5e146e16d4ab9057451b
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6256
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085929EF10A1FD14E2D3B1EE13-6BA13622BFB2E6D6-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=24, cdn-cache; desc=MISS, edge; dur=7, origin; dur=42
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240820085929EF10A1FD14E2D3B1EE13
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
44,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944baa36bd1c634ed3e3047db24f6f3a37e99f831a06507f1a0eafa446e443ce00abf0c893bee9f85dfca62245e41bbfe2eb946257a28600472b8062accaa76b1395
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6257
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408200859298A59B6F468A1BEAD3272-0A38FA7F49D4D89B-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=25, cdn-cache; desc=MISS, edge; dur=9, origin; dur=34
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408200859298A59B6F468A1BEAD3272
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
35,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bcf0c68670951d3910606bf79469168e4d724f6add562e8ec86cc92fcbca044892ea052cd81bf0e9dacee244d737cdb72dd6f82182592136447d0db8a4018f397
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
877 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
151f0897.37d6258
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408200859292525BD7DE60AF6B2BC31-7122B1398A5ADF13-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time
37,23.44.200.144
server-timing
cdn-cache; desc=MISS, edge; dur=27, origin; dur=26, inner; dur=21
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408200859292525BD7DE60AF6B2BC31
x-cache-remote
TCP_MISS from a23-48-200-78.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
26,23.48.200.78
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b4dfc9fba13cfc6aa8d1c0dd6277e912925968d1ad8157b14fb0b26e20c08f295c6e55642622fb2b753ce36bf3cb356e34ad5c7a19d1040720d6b57c5043dc24a773e90f5d6b50de71b2240902c96e2d8
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d6259
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085929FE7432A0000514AF6AF9-08521AB71A9FBAF2-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=25, cdn-cache; desc=MISS, edge; dur=15, origin; dur=38
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240820085929FE7432A0000514AF6AF9
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
38,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b0acd1b9497144c83c133c443a9617f3ef3eaebcde6e1b1bcdce626bf10b5fbe1668a74d99f4ca7267abb7b44ff5298bc55ca606e2682805015a118fe8aa4a468
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
runtime_6459738026535cda4232dc813c61447d.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_6459738026535cda4232dc813c61447d.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 03:41:41 GMT
content-encoding
br
ad-auction-allowed
true
age
2265468
x-guploader-uploadid
AHxI1nPEVFt5UTgHwyolXEdQcydZY1dolWwjKQGEBLbAYWVlGk90TfMdHqx8ifA0YvVc4L-sPMN6F4ogpA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1316
last-modified
Wed, 24 Jul 2024 15:06:02 GMT
server
UploadServer
etag
"09512239cb2a22728ca9f8608dfc2181"
x-goog-generation
1713883050962681
x-goog-hash
crc32c=BS9gKg==, md5=CVEiOcsqInKMqfhgjfwhgQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
1316
accept-ranges
bytes
content-type
text/javascript
muse.js
www.paypalobjects.com/muse/ 		55 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/muse.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D10C) /
Resource Hash
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
6ae0eb07654da
dc
ccg11-origin-www-1.paypal.com
content-length
16355
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
server
ECAcc (nyd/D10C)
traceparent
00-00000000000000000006ae0eb07654da-19aa03fd0f52235a-01
etag
"64f25363-daa8+gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Tue, 20 Aug 2024 09:59:29 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
720 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d625f
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240820085929D5994BFEA6C60CAA2C37-6349BB98DE39B63A-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=16, cdn-cache; desc=MISS, edge; dur=6, origin; dur=25
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240820085929D5994BFEA6C60CAA2C37
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
25,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b2e0a1a7941b0898bd8f1a412c1f76e8013e66d4c8e4295007a8d467e32dbd008c6ed0510c2c261e600d4785a4ca19511d703ce7db8236ac83c8432f594fa995b
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
876 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
6b64d68e.37d6260
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24082008592915D06F620BF55689CA56-41FB95512D6FF31A-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time
41,23.44.200.144
server-timing
cdn-cache; desc=MISS, edge; dur=20, origin; dur=34, inner; dur=30
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024082008592915D06F620BF55689CA56
x-cache-remote
TCP_MISS from a23-52-15-49.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
34,23.52.15.49
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944bc25102c5f369adce47956ccd55580e27d82615bf03b8ae905204e71cb81661602d86a7388c47abacbfe277f9806e5e61a7ac0d67f17509d6fed86fc6ae61f5e3961f7b942bfbc7e473d844f2b2c7117e
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
/
ct.pinterest.com/v3/ 		35 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221724144836853_172414500690421%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&cb=1724144369217&dep=5%2CEVENT_TAGS_ABSENT&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPU5USmlNV1EyTXpZdFlXVTRaUzAwTkRFMExUbGlNakl0WVRjMU5UWXlNRGRsWkRJMw%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%221b182128%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires
Sat, 01 Jan 2000 00:00:00 GMT
date
Tue, 20 Aug 2024 08:59:29 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.6424c317.1724144369.1fa087ef
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=600
content-length
35
x-pinterest-rid
1290234412971380
pragma
no-cache
referrer-policy
origin
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
quic-version
0x00000001
monitor
analytics.tiktok.com/api/v2/ 		0
719 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWRmMjhhNDhjNA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.111.16 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-111-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
37d62d4
date
Tue, 20 Aug 2024 08:59:29 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2408200859295FAEDDB97EC45C87995A-432DB89E878FAD8B-00
x-cache
TCP_MISS from a23-44-200-144.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing
inner; dur=10, cdn-cache; desc=MISS, edge; dur=8, origin; dur=20
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202408200859295FAEDDB97EC45C87995A
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
20,23.44.200.144
x-tt-trace-host
01c6924f8812bfc1a214d7532ab5d943861be852e4c5fc6eea3aef087af740944b0acd1b9497144c83c133c443a9617f3e344c01b12212e85b0a5e75642a852d1c6a4031d53e250ccfac8cec250387bc706a9a97ee33360653ec27ee5d2e42b062
access-control-allow-headers
Authorization,*
expires
Tue, 20 Aug 2024 08:59:29 GMT
main-v2_75af624ee9fe6b6fc09ccd1efecee7c4.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		505 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_75af624ee9fe6b6fc09ccd1efecee7c4.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1745a68ca7ba8c8e1a09fc1fcdbc3a52603c91a6058337f18e09d434b3629b3c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 19 Aug 2024 19:02:03 GMT
content-encoding
br
ad-auction-allowed
true
age
50246
x-guploader-uploadid
AHxI1nP2qniA_ztp4lUmCdzvwSA9t1ucYQiXmofwqKWmNfsGkblwxhokPO9qVbykZnmdShwutNw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112932
last-modified
Mon, 19 Aug 2024 19:01:51 GMT
server
UploadServer
etag
"c8e84c10762a9517d9aa84396b0ff263"
x-goog-generation
1724094111187706
x-goog-hash
crc32c=B5eLtw==, md5=yOhMEHYqlRfZqoQ5aw/yYw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
112932
accept-ranges
bytes
content-type
text/javascript
cjs_min_3a843477d8e318f67237a66d0a58c542.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_3a843477d8e318f67237a66d0a58c542.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 15 Aug 2024 00:11:21 GMT
content-encoding
gzip
ad-auction-allowed
true
age
463688
x-guploader-uploadid
AHxI1nMXQnIrmMwW_yeUp3EUOfQVfaOiJ06AS8p9nGgkT9Ni7QzZpBjd5qhmpBXsbq0bIt_AAQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15748
last-modified
Mon, 22 Apr 2024 20:59:52 GMT
server
UploadServer
etag
"1eb885454ea6bef1c9747800702959de"
x-goog-generation
1713819592631797
x-goog-hash
crc32c=Joap5g==, md5=HriFRU6mvvHJdHgAcClZ3g==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000,no-transform
x-goog-stored-content-length
15748
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
PWA-UpdateSession
www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/ 		56 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/controllers/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:29 GMT
content-encoding
gzip
via
1.1 77707a2afe90f47f1dd51bc40e910a26.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
SFO53-P2
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326109 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
pragma
no-cache
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
x-yottaa-os
200
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/on/demandware.store/Sites-elf-us-Site/en_CA/PWA-UpdateSession
x-yottaa-metrics
2521cc0285f8/[310,308,-] 25D1cc028547/[-,311.235]
cf-ray
8b613004887775ce-SEA
x-dw-request-base-id
cD0laPFaxGYBAAB_
x-amz-cf-id
FG0PTuBdBBJkqJNaK1FkKiQ2o4GiGRYDMMVAwhi5eWLV_rmr9r5CZA==
expires
Thu, 01 Dec 1994 16:00:00 GMT
index.html
www.paypalobjects.com/muse/analytics/ Frame 30D8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/muse/analytics/index.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.210.155 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D191) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
16754
content-type
text/html
date
Tue, 20 Aug 2024 08:59:29 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"64f25363-dacc+gzip"
expires
Tue, 20 Aug 2024 09:59:29 GMT
last-modified
Fri, 01 Sep 2023 21:10:59 GMT
paypal-debug-id
10028887383f1
server
ECAcc (nyd/D191)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-000000000000000000010028887383f1-552fb76ab1f687c3-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.236.175 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
175.236.149.34.bc.googleusercontent.com
Software
/
Resource Hash
3c131461c86e0f324d7b53c197bb175d77e59ff7d8fdbc9fed6c7b58557c193d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.107.29 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
29.107.117.34.bc.googleusercontent.com
Software
/
Resource Hash
135084c3bc063dd202faabb60ef64073ee1163c9670046eaf7aef8c3d216848c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.102.221.243 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
243.221.102.34.bc.googleusercontent.com
Software
/
Resource Hash
758ecc5ef443fe36eefbfb484b441307128a5f355f7f32c3c0367e5adf7ed88c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
inbox-v2_8b00c97e2219e5686c0a4fcd0a475cf3.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_8b00c97e2219e5686c0a4fcd0a475cf3.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c09ac19649ee099b07d720801552c98d4be47fb4f1008fa1668c340ede90ac2f

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 15:16:24 GMT
content-encoding
br
ad-auction-allowed
true
age
150185
x-guploader-uploadid
AHxI1nOPqVSHxN7n1TWWkc086Qi8XxHxJO_iIg6u2ZP1DVKcocGXuPnWKQz5FSTTzDkYotwZngp85XTObA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5448
last-modified
Wed, 14 Aug 2024 20:02:25 GMT
server
UploadServer
etag
"02d3480947cda0d9d90a67fcddf60ded"
x-goog-generation
1723665745343543
x-goog-hash
crc32c=7zEZiQ==, md5=AtNICUfNoNnZCmf83fYN7Q==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
5448
accept-ranges
bytes
content-type
text/javascript
onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_0e56ab6ba004ee080ce3deb3edae35e9.br.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 15:24:08 GMT
content-encoding
br
ad-auction-allowed
true
age
149721
x-guploader-uploadid
AHxI1nPATTVmoRayS-oDccq1mlF7HkhkzLBCjmexaWtS7TofsxmFUTZGHbeN54iSHTUmmbfhAYDZyEBJMw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5003
last-modified
Wed, 14 Aug 2024 20:02:34 GMT
server
UploadServer
etag
"7ff99b6f1cea743cef749de91009e764"
x-goog-generation
1723665754153551
x-goog-hash
crc32c=qFvE1Q==, md5=f/mbbxzqdDzvdJ3pEAnnZA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
5003
accept-ranges
bytes
content-type
text/javascript
jquery-3.7.1.min.js
assets.bounceexchange.com/assets/bounce/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.7.1.min.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 15:06:44 GMT
content-encoding
br
ad-auction-allowed
true
age
150765
x-guploader-uploadid
AHxI1nMUQ01qPK6hLo5sTEMnL75RJZk5zgBPAX81xKT-26Irdg4iz4qVsqPemgUNCuUv8fANB4U
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31010
last-modified
Wed, 14 Aug 2024 20:02:07 GMT
server
UploadServer
etag
W/"2c872dbe60f4ba70fb85356113d8b35e"
vary
Accept-Encoding
x-goog-generation
1723665727204852
x-goog-hash
crc32c=fsBEgw==, md5=LIctvmD0unD7hTVhE9izXg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
87533
accept-ranges
none
content-type
text/javascript; charset=UTF-8
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:29 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.6424c317.1724144369.1fa088d0
etag
"16d5d552603d86726ae439fc61299d42"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200
alt-svc
h3=":443"; ma=600
content-length
2114
quic-version
0x00000001
ts
t.paypal.com/ 		42 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1&page=muse%3Aoffer%3A%3A%3A7PFGPLHGYKX72-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3a9b41b4-1a0b-4488-939e-bc9b13368cc5&es=visitorInfoFlowStarted&mrid=7PFGPLHGYKX72&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1724144369516&g=420&completeurl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&disableSetCookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires
Tue, 20 Aug 2024 08:59:29 GMT
date
Tue, 20 Aug 2024 08:59:29 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
2965a6e019edf
server-timing
"traceparent;desc="00-00000000000000000002965a6e019edf-01bedbb76e62a213-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-bur-kbur8200082-BUR, cache-yul1970045-YUL
pragma
no-cache
correlation-id
2965a6e019edf
traceparent
00-00000000000000000002965a6e019edf-9eb07a17b5fd1eb6-01
x-timer
S1724144370.524506,VS0,VE109
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
ct.html
ct.pinterest.com/ Frame 4E68 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

akamai-grn
0.6724c317.1724144369.56276d86
alt-svc
h3=":443"; ma=600
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Tue, 20 Aug 2024 08:59:29 GMT
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-cdn
akamai
x-envoy-upstream-service-time
1
x-pinterest-rid
1231112760220379
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame C773 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
ad-auction-allowed
true
age
489960
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
938
content-type
text/html; charset=UTF-8
date
Wed, 14 Aug 2024 16:53:29 GMT
etag
W/"fc893948c3efc689b5b19d8a77958e23"
last-modified
Mon, 12 Aug 2024 15:13:28 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1723475608391682
x-goog-hash
crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2408
x-guploader-uploadid
AHxI1nPQNfdrBzg2QYqiEv8Ogz2dELJb6SpUUKXpjjjeT-oC9YJnhxQmz28mrpLCnS6gvSERg8M
lookup
pd.cdnwidget.com/ 		74 B
289 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=undefined&bxwid=6664&bxdid=6965582531653510398&visitID=1724144369757361&enableUID2=false
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:29 GMT
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
server
istio-envoy
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
12
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74
668b7d3b93927608f0d713c574
www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.elfcosmetics.com/mobify/proxy/ocapi/s/elf-us/dw/shop/v21_3/baskets/668b7d3b93927608f0d713c574
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.2.133.71 , United States, ASN393259 (YOTTAA-AS-1, US),
Reverse DNS
Software
/
Resource Hash
a9c3722d644a2f4dd8a9c01daa58332201c1b27b4499620364cce45db4996aa0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

c_x-pwa-request
true
Referer
https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
x-dw-client-id
f9f7052a-f742-4c38-bdf5-1da004e7fb3b
authorization
Bearer eyJ2ZXIiOiIxLjAiLCJqa3UiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJraWQiOiI4MmIyMGQwYy04YjUzLTRjMjQtYmUzMy1jMjIwMjdlYmMyZjciLCJ0eXAiOiJqd3QiLCJjbHYiOiJKMi4zLjQiLCJhbGciOiJFUzI1NiJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWNvbnRleHQucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6YmJ4Y19wcmQ6OnNjaWQ6ZjlmNzA1MmEtZjc0Mi00YzM4LWJkZjUtMWRhMDA0ZTdmYjNiOjp1c2lkOmE2MjViYjBkLTJjZmMtNDU5NS05ZGQyLWJmMTMxNTI0MzQyYyIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvYmJ4Y19wcmQiLCJpc3QiOjEsImRudCI6IjAiLCJhdWQiOiJjb21tZXJjZWNsb3VkL3Byb2QvYmJ4Y19wcmQiLCJuYmYiOjE3MjQxNDQzMzcsInN0eSI6IlVzZXIiLCJpc2IiOiJ1aWRvOnNsYXM6OnVwbjpHdWVzdDo6dWlkbjpHdWVzdCBVc2VyOjpnY2lkOmFid3J3V2x1aEdrZW9Sa0tsS3dXWVlscklaOjpjaGlkOmVsZi11cyIsImV4cCI6MTcyNDE0NjE2NywiaWF0IjoxNzI0MTQ0MzY3LCJqdGkiOiJDMkMxOTUxNjYxMTg2MC00MjQ2Mzc5MDMyODE5MTQ0MTk0NDM2OTg5In0.s0hec9QNF6wRCF5U272Q4zYHrw28B0QfTH48r0qfEx3asYiysp_5J2cdczQnlY5F-xH7-GB_0JmNUBm_Uv_x6A
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

x-yottaa-profileid
5a0c9b7632f01c35d4210220
date
Tue, 20 Aug 2024 08:59:30 GMT
sfdc_customization
HOOK
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 434785882f05cb88e488bf5372fd0000.cloudfront.net (CloudFront)
x-amz-cf-pop
SFO53-P2
age
0
x-yottaa-optimizations
ob/1000 si/25D1cc028547-1724077673-6243326110 tts/1722866234360 ti/5a0c9b7632f01c35d4210286 ai/5a0c9b7632f01c35d4210220 tm/0
content-encoding
gzip
x-dw-version-status
obsolete
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
995
etag
1d380eff2be0c8deca37483d1ad4deb6e512e1aaf94fb8135a6bfd5cc77193ec
allow
DELETE,GET,HEAD,OPTIONS,PATCH
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.elfcosmetics.com
x-dw-resource-state
1d380eff2be0c8deca37483d1ad4deb6e512e1aaf94fb8135a6bfd5cc77193ec
access-control-expose-headers
etag,location,x-dw-version-status,x-dw-resource-state,authorization,x-dw-request-base-id
x-yottaa-os
200
access-control-allow-credentials
true
x-proxy-request-url
https://cc-elf-us-prd.elfcosmetics.com/s/elf-us/dw/shop/v21_3/baskets/668b7d3b93927608f0d713c574
accept-ranges
bytes
cf-ray
8b613007abfbeb7b-SEA
x-dw-request-base-id
cD0vaPFaxGYBAAB_
x-amz-cf-id
hlysNL40aS5uWMDp66aKjObAruXdMquizN1aZaiGXNX4edVPgPxa0A==
x-yottaa-metrics
2521cc0285ac/[218,217,-] 25D1cc028547/[-,220.125]
exist
srm.ba.contentsquare.net/ 		2 B
94 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://srm.ba.contentsquare.net/exist?v=15.7.0&pid=1926&pn=1&sn=1&uu=919b6f68-3b80-a24b-84fd-908286c63b48
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.90.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-90-86.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 20 Aug 2024 08:59:30 GMT
content-length
2
content-type
application/json
init1.js
api.bounceexchange.com/bounce/ 		108 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=927&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgHYAmAFn1NIGZCAGewzYALxClONswHcBTAIxypgvAPqoAJlABss0pgBOvHCAA2cNBgLT6AD3ycuSmLwVKFUbAENVq1AgDmouAtVQAFsGAAHHAFIqAEE-YgAxENDuKIA6XlUYJBAcAFteNCQcaMTkiN4EUQBhYLC4mABaRJS01CQKhVRk+xscTAA3VCFgUUSQAGtUXig-QgAhEOJVb3GA4uJPH39iAFYgkKWwtbCo7lj4ytT0zOzN0LzC4vXT+Iqkg5q6hqbVReIQgvGFadXiV5-hgBFsCA+gMhqNxhJJF9ZtIAJzSJZLAAcyyo+ARVCW+FoVFhSOmxHeP3aEmhRDIFGocMIS0IVGk+De41a0OGYx+qhADgcvAk4gQ0JgzV4TJ+vFaplEnO5vP5guFouISCsCi6AEdgABPaG0RU4OD8RpeWUYToiv5BIXPc1EiZcnl8+ziCR5NAwAaki2BK04G3jZWq+XWxUBrqtGxwc2vS0Kwj-RXeCShVAKHDAAAyICsnujgWACkjiokDlZ4J+HQACkp2iA4DgCnXQKlPl6fX7yzgAMoGnBIer8UxB32KjoAFV4umA3cEfdQA5bubbIasSHcYmALxm5PIlBo9Fo0gBALaKpwAG1pQ7+QBdWDCk+ps-iyWX2X2W9th-n0OiDWa29cOGj76oawgiHyprCLwH73kB56vo6+SSK6qDuryMHWl+Z6hhhvpYT+4bqNBd6YXBZ7eFYPKiFq3jEZ+rQujAF72m+SEuggboerhvBtIx2EqmGEZ0fePT9OuwJSiqPIkXh-DeFAXBpPJZ4AEShipAA0alWCIDggAomqaWpa5IL0tbAEZ7ggKkRneAoIASHAKBGb6Kqrip16YN4G6WNk3h2FYyBiDAqiUZYrTuFYUBAA
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
4673319c96be78bd5f4f42e32a5950f44757cea0bf284e05f99b85c32540d88c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:30 GMT
content-encoding
gzip
x-envoy-decorator-operation
legacy-api-tier1.legacy-api.svc.cluster.local:80/*
last-modified
Tue, 20 Aug 2024 08:59:30 GMT
via
1.1 google
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
32
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
c
ids.cdnwidget.com/ 		438 B
777 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=044163207&GCS2=MTcyLjE3LjAuNiwxMC4xLjE3LjI0MCxmZGJmOjFkMzc6YmJlMDo6MTc6MTo6ZjAsZmRiZjoxZDM3OmJiZTA6OjE3OjE6OmYw&pe=false&wsid=6664&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Afalse%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A6664%2C%22loadID%22%3A%22wA6SHIjGu6sV0Hh%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A2%2C%22IDStageStart%22%3A2%2C%22netComplete%22%3A189%2C%22obsReqpage%22%3A190%2C%22obsReqview%22%3A192%2C%22obsReqdata%22%3A193%2C%22IDStagePrefire%22%3A193%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A-7%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%226965582531653510398%22%2C%22visitid%22%3A%221724144369757361%22%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:56e0:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
a6f8ec44bebd61a1bc7a6455d124be90f2eccb6ec92564d06036f083d97c16c8

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:30 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.elfcosmetics.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
438
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 18 Aug 2024 15:23:39 GMT
content-encoding
gzip
ad-auction-allowed
true
age
149751
x-guploader-uploadid
AHxI1nP_ygS9SyuzjdmvTwB_2f-izpS4CIi1ARwPUXLt4uINRcrl_dLvXyHWC_WeInFtHZtCXT1ewTbUDA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6053
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
server
UploadServer
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
vary
Accept-Encoding
x-goog-generation
1670951542233151
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
6053
accept-ranges
bytes
content-type
text/css
visit
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoANARm8oGYAQmwAyITLAAebSQA4AbAH15AFgCUbAIIAHbaQQB1BACMA0lBoN+Adkb95bdqYASAFTwiaAYTakQAawQ2AHEEAGN-Ag1qZi8ACyQCAFsgum5qW2YWFjYAZRQAMxQkEEt6Gzt5ADJQCBgkBALkBqQcGvAoaApMABNxNG10BFgkUhw4yEhtMBpyzVm6BdoAd1XGBFICsIIwFMgQMLBGbaSlrEUveep6Og2CgFpt3YR9sMeSpPEUUjB2uugGmACKRYPsCJhJDhuPJmMw-p1AcDQSBwQBPKExOG1TpheCQZLAYogFDGfRgHCUazCajUUgENAYHqKcQ0agCK7UIo-VJs6g+GkIYDIRR0hkIJksmns1lcxCs7yssLFSCKACOkFR8v4HNYUr5rLAsGMn0m4sU4LqPOlNNlVv1NNFjOZmGZPSw+wKIHFWo5tvl9uoSqQkB9Mu+cr1-MDysUhJBVu1Ye5-qjgwwig12gTvvDVusABF4TBtgR-F6KVTWX0eqGafIAJzyej0WTXfjQ8r0bjMfj12Qp1mgGtS7XcazUFTcFQqGywxtj6wKmnAUOVgtL6jaHq0EBIMCQEQEFDDtnayBIWCpKM9NCr6nUcAABQaoAI8C8eOSyB9foD4FyRpgGEJTGN+I6aL+UbgK4CCSJAAHGEBIFgaeEG5huSphHECAZjM4FjhOU4ztYsLMA464BgUwAhvh46TtOs4bigBA+rqUakNotbUBMUx4XMSxLKsyzrJsTx7AcRwnGcLqXGcmyPDs4lvMBICfJg4YDjSKB4ahbGDtoK74RuJ7WtQJkBkgXGaYG1E+gR9HEXpNIQCZ2r3HwAZoMBPqyP2AanOBTm0rZtGEQxJEYSgSSDCAaCYDp0qVjSE70PIE4qHeg6GbpG6kCFqH2URjEUVGE5pdQNiZcu2XskFeU0QVdFFRFJWsmVNL8H5qGUvewA1dqdX5eyhXhaw67jYW8DIEM2DQMYiTLIgrTxIkKRVFNqAYLNQp7iimAYpk2RwhtM0wHoKCQAUBBIEkOBiBIkjrUtp3QG6oBhC8qJZjgbpgP4+LaFUuL7l+SDQHE2nbJgO2QOKOBwhgBDQNssDYEgqLbG6OCXFUiPI2+aMYwQbr8NjmgAHK4wgSMo4T6kpNjKDqT0KBU0jDRoHtOAAIpeGzAIIJz4L0wgPOXqBYT82EUDooQaMIN8-PaDskDfJjovONq-MUPskCwFjKhMPQ2vgpzetY-c1j8Iw1R41D+yYO66s4OTmhVEkxOi3CywmJaIA9Dg8hByoRb+1CTWjcw87WNYVRvQcCBhw2TYtm2Hb8F2PZ9lUaaCl6yxh9wVSIKql6YB9YdwmEfjuvsKT7lF2jh2FjnQtQQM19gKDaCAO0QOCOCq2g-Bx3nH0-VUkBxLuTKDMGqKKCDm04X0YAkvoAe2pPRAEDgKgxMXb5IOPPvGFUp04BtQA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:30 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/ 		42 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdBOgGYDGA9oQLYS4YHQk2696EAHYB9AMKVarNgFpufAUNWoYvGJJDpCAMlCRYCRB2SFcXXlBDaQAI3QRCmYgHYAQtSroXGCQACbSev5kClRsBoQQkVSy-tAQqNKBwRBhEVRUUf6xhgl51Ml5HI640gCOuACekRT+AAyJ5VSEyM66+NnSXJKEMLgl+c15RfHt-pmh4TIwIVKCbHAhTdFTY2X+lai4m4VxO0l7VdIO6Mg7EzEnM3mmENINwLdbD6VeACIm4NA4EhuFwANZwYYALwgmAAbKQACz-MxAywgSSDIQGHD4IgFWj0RjwFjsNT8QTCUR2CQyeQSdiqHjkzQcbS6fSGZGAiwg8EvWxcDKOSCYbZc8zArhguCvervTCkYCc54SyxSvnSKEwqgAVgRAE4jGJgJZeMBMC0jXYTbgOGwLVazShCObLcbEGBgK6jKhWFwQCFZCAzSAYGAhgA1KgO3hcZYO+AQZzDUZLOGw2FI2AptMARi8VARuYRCNIXhaLX1sPzXiMy1gHAgadhVZ1OoAHLrSLnYTrSDrcy1SPr2+KgXmjPEajdJI2Jxx0HBJPgdO5cMHzfnC8XS+We0iF0v18AYFA0sNBph12BSHXAY3MCEjLhsDBUGFQAd6prbKgAdIQhgQgXDcEJRROZ9IS4TAESoS1CC4NAH0TZwjABZdMGsNIgA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:30 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 17 Aug 2024 13:13:17 GMT
ad-auction-allowed
true
age
243973
x-guploader-uploadid
AHxI1nPEDbZE0txGNksYnOW0Lv8CFpBCledRSVYIccHGX0LeoUHqlaLOkpbG-38hpUP7GgRl0bTlZSYWQw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
93895
last-modified
Mon, 08 Apr 2024 16:27:35 GMT
server
UploadServer
etag
"6aa18944a3ad2c224d37dafb46afa35f"
x-goog-generation
1712593655184176
x-goog-hash
crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
93895
accept-ranges
bytes
content-type
image/jpeg
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 16 Aug 2024 20:30:46 GMT
ad-auction-allowed
true
age
304124
x-guploader-uploadid
AHxI1nPvFzm854xoM-AJwJarS1YaNCANXPQvwfqFAcSG5ePuttFn8Z26nfpGQ3MGCCYjCjxTIeT04nyzDw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
16f45df19355361dc1c101036c0035b0.png
assets.bounceexchange.com/assets/uploads/clients/3258/creatives/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/3258/creatives/16f45df19355361dc1c101036c0035b0.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 16 Aug 2024 10:09:19 GMT
ad-auction-allowed
true
age
341411
x-guploader-uploadid
AHxI1nMQggcqiWSKpOYE64hadJHtGBD7hoDbkIHsOJJwPf57v_CRWvyyoXtZxYY6Ha-j4vB_iNI
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2419
last-modified
Thu, 01 Apr 2021 03:01:32 GMT
server
UploadServer
etag
"16f45df19355361dc1c101036c0035b0"
x-goog-generation
1617246092060079
x-goog-hash
crc32c=pklVBw==, md5=FvRd8ZNVNh3BwQEDbAA1sA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
2419
accept-ranges
bytes
content-type
image/png
eligible
events.bouncex.net/track.gif/ 		42 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7ACYALHJUqAzAoAMegGxk6RJgWBsCPAA4EIIAHZQAakpw6ycAI7yypEH3tOAH0IYCgcMlFrWwdQnFV9JSVNAA5fFlRkTBwEFnssgA8yAhBMQJwAKygyHiZgbPcAd0wkCE5MOP0ulTJGKDa4xVV1LV0dAE59RQUKBggszsmAViWUpSXNOX0NpbkdTXG0m1LGTEbB30xPODKF4HjIoggyzk4IPihOSyt5ZTUNbQ6JT6dzIJ4vAhWCD0bD9Jj2HBfECaWaMLI4YBkTjiCCoYBBGyoTgATyCnyYqBKmCCwGgBAQREw90IJHInAAXkwcColDogA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:30 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
eligible
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7ACYALHJUqAzAoAMegGxk6RJgWBsCPAA4EIIAHZQAakpw6ycAI7yypEH3tOAH0IYCgcMlFrWwdQnFV9JSVtXxZUZEwcBBZ7DIAPMgIQTECcACsoMh4mYEz3AHdMJAhOTDj9DpUyRigWuMVVdS1dHQBOfUUFCgYIDPbxgFYFgA4lBc05fXWFuR1NUeWyG2LGTHr+30xPOBK54BxNSKIIEs5OCD4oTksreWU1DTaHRKDpPF6BAhWCD0bC9Jj2HDfECPWqMDI4YBkTjiCCoYBBGyoTgATyCXyYqCKmCCwGgBAQREw90IJHInAAXkwcColDogA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:30 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pop
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pop?wklz=A4e2C4EMGMBcEsBukEgHYF4EFsCmAnAMgHNcRxoQBXNWfAT0oBNcMBhAQRLPH12PjoMARTbdylWvDS5azVgDkufADYhITNpGzBI8YmgDOANQBMGAAyEqARwwBGQtG279aeEwymALADZTpgDMAOyEhtT40KwARtRoUQAehJCktBgAVoaE2CAsloQA7rjRhvCwuB4YvtXehIjwpQie9sE+9t7eIRYWAJy+LaEs9VGVvn0ArOMAHKbjgfa+c+P2FoE9U4S6pPW4BZWOhrg2VLIjnrXQKvCysDi4hrAuDq3e7Z3BFqa+oZfXtJDAJAEUpCR7EQKEIbwKIYJiEWAAC3g+CYAH1dPhYPRUQ8QPgUrhUUwGpBoipcJ4AGaQFSHeEALxAGG8pgsQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:30 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
cs
tags.rd.linksynergy.com/
Redirect Chain
  • https://idsync.rlcdn.com/458359.gif?partner_uid=81cf70ed-6e8a-4669-855b-6b49b99c639e
  • https://idsync.rlcdn.com/1000.gif?memo=CPf8GxIwCiwIARCd5gEaJDgxY2Y3MGVkLTZlOGEtNDY2OS04NTViLTZiNDliOTljNjM5ZRAAGg0I8rWRtgYSBQjoBxAAQgBKAA
  • https://tags.rd.linksynergy.com/cs?ns=lr&uid3=ae365c1dbc5bbb4c996fc94d85970f272ae96d2d95178da19557d463460492f56ac34734d8e453ee
37 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=ae365c1dbc5bbb4c996fc94d85970f272ae96d2d95178da19557d463460492f56ac34734d8e453ee
Protocol
H2
Server
34.98.67.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.67.98.34.bc.googleusercontent.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-samesite
secure
date
Tue, 20 Aug 2024 08:59:30 GMT
via
1.1 google
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
content-type
image/gif

Redirect headers

date
Tue, 20 Aug 2024 08:59:30 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://tags.rd.linksynergy.com/cs?ns=lr&uid3=ae365c1dbc5bbb4c996fc94d85970f272ae96d2d95178da19557d463460492f56ac34734d8e453ee
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
script-tag.js
cdn-scripts.signifyd.com/api/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/script-tag.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-40.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:41:51 GMT
content-encoding
gzip
via
1.1 1dd1e483fa41d512929f44790f141972.cloudfront.net (CloudFront)
last-modified
Tue, 23 Apr 2024 14:51:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
1060
x-amz-server-side-encryption
AES256
etag
W/"73ca6f23f3e08738233832c7a7a0c30c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
NU1UYO27vszmC-kChp8W3epnBd2oWJc2qJriONvGJFlEILdzQgptYw==
company_toolkit.js
cdn-scripts.signifyd.com/api/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-scripts.signifyd.com/api/company_toolkit.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-40.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:41:53 GMT
content-encoding
gzip
via
1.1 1dd1e483fa41d512929f44790f141972.cloudfront.net (CloudFront)
last-modified
Tue, 30 May 2023 10:18:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P3
age
1058
x-amz-server-side-encryption
AES256
etag
W/"2c3950f122b3977df61b0e077aaa92c8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1800
x-amz-cf-id
YuMez0LkF8jcVhI8VGtK92chrJ_y4Fze6eKjoYEu6WEbHAF0WH91yw==
tx3ebdj8dvdgl16c.js
imgs.signifyd.com/ 		96 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/tx3ebdj8dvdgl16c.js?p60u3v6bb7bkh16i=w2txo5aa&e9ls48fnn461an0y=L2VuX0NBLzY2OGI3ZDNiOTM5Mjc2MDhmMGQ3MTNjNTc0
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
0eb9d5b39baa8842649831964c76e11c29c35cb768a4032776e691c2bdafb4aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
graph
idr.cdnwidget.com/ 		0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2kurb3oBWCCaUhTM73JKNsPhHBD&deviceID=2ksWT7XuRN34PWP5IDCqQGd7Ayp&bxdid=6965582531653510398&bxvid=1724144370096177&bxwid=6664&gm=true&apikey=2^HIykD&loadID=wA6SHIjGu6sV0Hh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:30 GMT
x-envoy-decorator-operation
id-resolution.id-resolution.svc.cluster.local:9000/*
via
1.1 google
server
istio-envoy
access-control-allow-origin
*
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
T2oMKUEMH1iPV42m
imgs.signifyd.com/ Frame FA5B 		301 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/tx3ebdj8dvdgl16c.js?p60u3v6bb7bkh16i=w2txo5aa&e9ls48fnn461an0y=L2VuX0NBLzY2OGI3ZDNiOTM5Mjc2MDhmMGQ3MTNjNTc0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
621f8efca7cf3f355f10c4f98b1a30b88ab52aa153eac15cc3d918c1e7e9e7f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
tmx-nonce
b10fc1a0a2c42e6a
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=99
Expires
Thu, 01 Jan 1970 00:00:00 GMT
0em2AbIAOPgU8Ey0
imgs.signifyd.com/ Frame FA5B 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/0em2AbIAOPgU8Ey0?680cb790675a4f2c=dJ4IzXbdqoywEPJMg9dyvQ0YlRtiupygGjx1QPdi9AQBQEvSm4HlDv6pydR9EaNPMHxw0ChNmveccGcBRB0QW7VW0SfFpkiWoo0vl2OD3tTGjGk-lCowu8q7d0cl2MdVu4q30I_OkFRaIxybpdkym4jdTAJmgLrXTA_vYH8ZDx2hCgJf_Q
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
H5JtWdOCiBo7vUt9
imgs.signifyd.com/ Frame FA5B 		81 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/H5JtWdOCiBo7vUt9?a923f13e085340e6=TlFPzEAQ9CsGPoVsbmL5IZCEP0xxTG6L0A4kRRdlByDJ6SiQwM71k8QsvReRtiHN573Or__1PaYg3ikAYmJYzgPyE6F9XXbCpPk4raqHgu9uTYvZdMux86_QHA8jTTQtH-Rj2umvb2XaOllZCOFgndINtQkcNOsWfI-mzlmRWjqA0Hc_aw
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
id_sync
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2ksWT7XuRN34PWP5IDCqQGd7Ayp&source=web&agent=cjs&deviceid=6965582531653510398&visitid=1724144370096177&websiteid=6664&pageviewid=1&sequenceid=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:31 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
clear.png
imgs.signifyd.com/fp/ Frame FA5B 		81 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/fp/clear.png
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*, w2txo5aa/b10fc1a0a2c42e6al2vux0nblzy2ogi3zdniotm5mjc2mdhmmgq3mtnjntc0
Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Tue, 20 Aug 2024 08:59:31 GMT
Server
Apache
Etag
83d9dcf3ff024ad7b4b1309fb1904c70
Content-Type
image/png
Access-Control-Allow-Origin
https://www.elfcosmetics.com
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
81
Expires
Sun, 19 Aug 2029 08:59:31 GMT
jHZexkzPaVL81WRv
imgs.signifyd.com/ Frame DBBD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/jHZexkzPaVL81WRv?7f89b3f11676f836=YcFIkD1BE7uHIzQZ5UjhpB19dZAJd6s2L7gIjoANGdi8WgBfn5D9YNdQqbCGTu3prKvhxaHyew3t7pJ9b9wSO5gi3Ws-u9vuCD22xc4O04lxDUIyQrp02MGTTIa8Fje1MW2fnJgozQdyZSVvd-h0HVHZ4fJPWD5xnqAoCDYpK3SNHAYHDW1m2uPqBaXxll2MrsjZhAOOAv3H5XVTrZbc1GOCbf2OQw
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Tue, 20 Aug 2024 08:59:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
1ZAHx5khdWhNU-LL
imgs.signifyd.com/ Frame FA5B 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/1ZAHx5khdWhNU-LL?c8ce77ead5b89cb0=cngcztwaiVpEfD59l0dk8CMAQMYU49uwUMeDvx5dFw-3pBM2x7fZXFs63-qg6qXNUxOmQYzFYTlHxerNDX8wG8vBwxNLeFmFC73UL4E4PVWXsuGUnFXQ-iAujVvX_A9FCr8kgX2pOplEAs8CJyz93HecoJrIgWYOvkaheg&jb=3b34246c7b6137666c683d663830306069356c3c6f6431396b6b34673b3238313930386430313b
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
vKr68ezHPmxgFw3x
imgs.signifyd.com/ Frame FA5B 		134 B
655 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/vKr68ezHPmxgFw3x?271fda4694e44678=qcBunUJaoXyVjyJZMtvZk-aY7qqTh_LB2Mged7irqC0nR1PADoAaXc9bgLrE8NP39Dj552crvuOgnvgbR3MBo24ES0MhUxIrevKU6cp-WCPPa0fqbKh1rMyH5s_ZVgws2UYxG3pC-QeIL251VwEE7jZnE1MzxlqT
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
902ef989150cc0fa2f8093ece9717f85f680c7bad8be02b76ba05b771ba9d07a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=99
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
IjfNQ09a93DHdLge
h.online-metrix.net/ Frame 23D3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://h.online-metrix.net/IjfNQ09a93DHdLge?2490ee4ce660b9a3=OrFOT_i4OGIzGf_mPc_PXyLoleJtJpNs5z4mBLmltbB5jl5p3qpypG3urxY1TjSq7KVrn18qrQaDCXJvgEOXv_DjDaZVTVBkSQCY1KqyUm4-Yf6NhR_NMWGxnb5x9SvncMIS8-hako-4F6XBujyg3UKhdxAN9VWOt7h1LBZ2M41SotTtEM41UkBNpqHLIwYPeSQKK_9WCNXcG4Xe_J3z-XT6d-M0oZg
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Tue, 20 Aug 2024 08:59:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
2nE9Ne4otrTkzgDz
imgs.signifyd.com/ Frame 8537 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/2nE9Ne4otrTkzgDz?871fde9e7a3dea73=cJAiNsUdmgg6egoTTuvZ9JtC13VbQWCKwRSu-xjSYnS6VxXxYYiSJBLEsaoWP1l5YmQwp1B7WdjOObExCn3u1EFePTSwJw0KgHR9BdaxAQF_R7sA5iTFFeSQ5mp38XzAGmDNn39_ozarjZMoM3E49YAh9TR0h9gmRtfhMuKdU1VMKoL1zFavvwJbrTzCeE2bq8kiChTB2_YEBBpamyaY_gk84F_fI4Q
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Tue, 20 Aug 2024 08:59:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=2, max=100
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1; mode=block
NaGaz9sxuNNFiOGj
h64.online-metrix.net/ Frame FA5B 		0
399 B 		Script
General
Check archive.org
Download Go to
Full URL
https://h64.online-metrix.net/NaGaz9sxuNNFiOGj?539cebb21ef9cb18=X2OEPH9tUkZdB70oXCSW04IRvj59mhRDUGiRU3DXqSgJiZDcBSIHdmrlX59sz9Bzsg5cD3sAFfsBV6no59_0ZIAZSaGbAGsQZuwD0wYJ8O6MfAvNtYQ314SN-VUEceoTVt5B7E9ZZHe6J7fzxCvcWkqmKa5YTBUm-09NCdNbcGE
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.1 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
1ZAHx5khdWhNU-LL
imgs.signifyd.com/ Frame FA5B 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/1ZAHx5khdWhNU-LL?c8ce77ead5b89cb0=cngcztwaiVpEfD59l0dk8CMAQMYU49uwUMeDvx5dFw-3pBM2x7fZXFs63-qg6qXNUxOmQYzFYTlHxerNDX8wG8vBwxNLeFmFC73UL4E4PVWXsuGUnFXQ-iAujVvX_A9FCr8kgX2pOplEAs8CJyz93HecoJrIgWYOvkaheg&ja=3a3231302e26693f253e30322c7835343a266c353b363830703b30323826696e3533363238783b383a302473707b3f3638783c322e6e7870373324333c303a243b323830243b3432382c393a38322c333e303a263b32323024333430382c3b30303f24343a2e3e322c6d7e3538376e35396e31333c396d3e6a64323231623c3c686431383f6032616e3369362e67663f38247b616e3d383c2c6c603d607e76727b253b492d3046273a467d7d7d2e676c6e616d7365657e6b6b792661656f2d304c65645749412d324e6f6e642563677b6567746b6b2d6978636d6b6e696e7126786c37372e7a603f6f3a38306e666b3d3f3539393b6c36676a653031313165603c613333383932642e6a6a3d6a363c3369323b636e6069366c613b3038646b66316961616b663b313a6033362e6a7965374c6b6e7d7a246a7b6237416078676f6f273a323b323d2e6073677535466b6c7d782e627b60753f4b6878656765246e60613f313e26646665373024646f7c7237302c7c70643541656f706b6b612d3a4e54616c6b6f7f7c6f72246d69766a7235343a323b6e396138606d613a326f3e69633d36383a3a306964393d3d3630336e643e3f3238333439663465696138366c6931366b646a663d32393939313136692c667035687c7c787125314925384c2f3244777f752c656466696d7b676d7663617b2c696f672d38466d6e574943273a466d646e2f636d7b6d6f7e63632f637a6b6f69666166712e7a357266776f6b645f6c646b7360253d4f646364736d29786e7565616e557d636e666f7f715d6d6d646363577a646373677a273f456c6966736d2178667765616e57696c6d626757616978656263742d374766696c7967297a64776d6b665d7b75636b6174616d6d2f37476e61647b6d23706e7d67636455736a6f6b6975617e652f374d6c696e7967297266756d61645f7a656966726e69796d7a2d374564696c796f2b706e756f6b6c5f7e6c695d7866697b6f702d374f666b6479652970647f656b665f6c6d7e636c747a253f4f6c616e736d23726c7d67636c57797e65557461677d65782d3f456e6164796723786c7d6f616c5f6869766b2f3f456461647167266f6c5561357d6d606d6e5f676847462d3830392e382f3032204f786d66454c273a304f592f323232263227323843627067676177672b5f676847462d38304f4c5b46273038455b2d3a32312c3825383a224f726566454e253a304f512d3838454651442738304f5b2f323831263a27303843607a676f697765295d6f684b6b745f67604b61742f30385d6d604d4e494c4d4c4f57636e7b74696461676c5f697a7a6379712d33482f383047585c5d606c6d6e6e5d6563666f6b7a2d31482538384f585c5f6b666b72576367667c706f6e2d33482f383047585c5d616f646f785d6a7f6e646f70576a6b6c6c576c6c67617c2f31402d32384d50565f666d707e6255636e61657227334a2538324d525c5d6c6e67637e5f68646f6e6c253b4827303845505c576472636f5f6e6f7a746a253b40273238455256577a676e7365676c556f6c6e79657c5f6b66636f78253b4a2d30304750545579626166657a5d766570747f706d55646d6e273b402f323a4d525457746d7276777a65576b676f70706d737963656e5d62787661253b422f30384f505655766d7a7e75786d5563676d787867717b696766577067766b2539482f32324550565d746d787e777a6f5764636e7c67785f6b66637367747a65726b6b253b4a2d3030475054557e6f7876757a675d6d6172786d7a556b6e6b6f785d7e6f556d6e676d253b4827303845505c577152454a2539482f32324f4d515d6564656767667e576b64666d7a557563667e253b422d38324d4d53576e6a6d5f706d6e6e6f785f6f69786f63702d3348273a3a4747595d7b766b6e6e69786457646d786b746974617e6d7125314a25383a4545515f7c677a747d726f5d6e6667637e273b402f323a474f5357746d7276777a65576e646d6176576c63646f6170253b402732384f4f51577e6d7a7e777a6755686b646c5f6e6c676b76273b422d3a384d455157746f727e757065576a636c6e5f6c6e676b7c5d666b66676b722f3b48253a30474f515d7e657a7c6d7a5f637a726b73556f606a6d6176253b422f30385d4d404d4e5761656c657a55627d666e6f705d6e6c67697c2733402d323a5d4f42454c57616d6d78726f717b6f6c5d7e6770767f726f576b737c632d3940273a305f4d4a454c5d6b6f677a786571736d665d746d787e777a6f57677e612d31482538385d454a474455616d65707a6d7b71656657746f727e75706557677663392539402d3838554f404f4e556365657a726d737b6f665d7c65707c7d70655d7b337e692f3340253a3255454a47465d6b65657278677b716f64557c6f787c757a6f5d713b746b577b7067602d33482f383055454a454e5f6c6568776f557a6764666d706f725561646667253b48273038574d4a4f4e5f666d627f6d55736a616c6770732d3348273a3a5f474845445d6e657a7c625f7c65707e77706d253b4a2d3030554d424d46556470617f5d60756e666f707b2f3b402f3038554f424d44556c67736d55616d66746d707c2733402d323a5d4f42454c576f776c7c6955667a6b7f2739402d303a574f4a4d4c577067667b65676e5765676665333e266d6655683f383e64316330346b3a3f3b6a363267696632343c316b643c613f6837613e30306a306364373d313c2c7d676e76354b6c746d6c2f303843666124247f656672374164746d6c2d38324b7a697b2d3a324f726d6e4d462f32324566656b6e6d2669616c3739&jb=393136266471374f6770616e66632d304c3524382f323828503b33273b422d3a384e696c7d782f383a783a36573436292d323a43787a64675d676a4963742f3a4c353b37263934273a30204340564d4e2d32492f38306e696367273238476f616365212738324b6a786f676d2f324e313a3d2c32263026382d30305169666b78632530463d31352e3b36
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
Content-Type
text/javascript;charset=UTF-8
ekz7juDG0wenwpiU
w2txo5aausrwrjekkmheo6cee2lch5skq5gc6nsyb10fc1a0a2c42e6asac.d.aa.online-metrix.net/ Frame FA5B 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w2txo5aausrwrjekkmheo6cee2lch5skq5gc6nsyb10fc1a0a2c42e6asac.d.aa.online-metrix.net/ekz7juDG0wenwpiU?7143a7171cd8641d=GMpZVtTtrsZQHjtITwbisfRY68q8F8N97YMXBbRlCrkbXAzRYBNJf8Aw2ulkZQLyXmcQA1U5g2j5X2G0vqP_k9gNOGvxO-UtTBniS9v033iPrdha1QxIdQg1BerxmR8DSZ16SyDyp7vA5zwxUpSV1_SlRWaWFATqmfIeoMX3W9YmG34
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
-csWxMqpMOrVAZrg
imgs.signifyd.com/ Frame FA5B 		0
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/-csWxMqpMOrVAZrg?b170edd42f26e31b=zhhLFnkFpbg1MKHBXhPGQgNlmNEonEXD6TkK0-N1pgsKYLj_mtp57ow66yR5KiaTCWJF5N68TP9NjSgy7LacyzmHNdE-YqP-p2KuTVO-UBsrA3B9gmozQUSmtg2gMXjVN9GWQTvUE60wFrupTA-RjcQogBmvw0QenmxgB1_Os4xYdAGwDnHjHTxQhQCBgcCD0gX2pZ3_mNcBnY8OqlvkqntsMC7rvQ&jac=1&je=3036242665656e6a35223b27384139273843392d38433d66696f61603e636c3b383636666e623e3e38663464693537613c633a643d38693a3c336e366b656f3f68616e3930383a3231303930393763376d326b383d322b
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
Content-Type
text/javascript;charset=UTF-8
EETTu6FmOQSALEjE
imgs.signifyd.com/ Frame FA5B 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.signifyd.com/EETTu6FmOQSALEjE?44566132675c1c99=9TTeiKFp_jjTT4TpI88Yv_QiUAEFYGo7JWagcAFivZtSieAgNmcuTCrXR_tp-zirxH1LUZllz0lspUeI2M4VHS1CeD3QaQyM4ZM_jAKPFRCo1WqzzFDtaQuoS0_GkRnYBxxrtd2UzeBf8TjB1gunY02a6U3gm3HRmrc1fjKM_Vtuu-BOi46j7-PIrDBXpZigGrV3WQ7Z-8d0xfMKBbct5HOHXqrtgg&jf=3c333a267b696e5d7a646c3f7e667a5d7e66497a5b72705a3139344a58795e7d2e71696657646b7e6f3d33373a3633343c333d332e796166557671726f3d7d6d683a6d636c7963247b696c576367793f3b303f3339303333383432373a6132343c326b67396638303a313a3e3a383a61303c363a6b653b6c3831303338373a393e323230383630323a623e636a6f3f336f353d673e376c3f3d333c39316b31603d383c313836373a6931396f393332643a33633530666831396b3e3268366a356f35323e6b6138373a3361313061313f306132636e396b326f3860386c6063333f336e64316b6a643f616c363b396e6a3c386d61696c63313a386c6c3861666739303a6f6c31247361665d7361673731383e3e32383039323a643b383f373964393f313b39653a693a3b61666e636f3d6f6560366d3732396d3168376e3c6b353e666b616b616b306b356933693c67633c613c393a6763363e3038383b3032383d633466383833663e326e3b3e63393033626e316f373c613f6e61633d353c3d303435333b62683933343b653e353a6369646f303d69393a6c633e373a633f2e79696e72353a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:31 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive, Keep-Alive
Keep-Alive
timeout=2, max=98
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
1ZAHx5khdWhNU-LL
imgs.signifyd.com/ Frame FA5B 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.signifyd.com/1ZAHx5khdWhNU-LL?c8ce77ead5b89cb0=cngcztwaiVpEfD59l0dk8CMAQMYU49uwUMeDvx5dFw-3pBM2x7fZXFs63-qg6qXNUxOmQYzFYTlHxerNDX8wG8vBwxNLeFmFC73UL4E4PVWXsuGUnFXQ-iAujVvX_A9FCr8kgX2pOplEAs8CJyz93HecoJrIgWYOvkaheg&jac=1&je=3d3b32262e77636b353b3f3024333f2c3a2e3c243b302631263b352c3a34382e7f67693f39363d243b31362e3a323b2e393039247f633e3f6c666a6430316e3b3d3a6a626d3a383232313f32393830386e302c7a673d6c6f2e6063747b7437273f482d30386e6d746f6c2f3a38253b41392432322d324b2d3a30737669747f792f3230253b4327323a6362637a6d616c6d273a302f374e2e6b756c68356963356a396d3e6d3438336b636b693c6630613f6133393a3939343b3e3e603f613b333d393c6a3e6430646c3e3a3438303b306e67346438336c696e383635312467783b3d69333b693c673a37316732316e383d376e336e6e60326c38303f693b38363c6132686f6331633b602475696837273f482d3038637a6162697e6d69747d726d2f30302d33492d3a3025303a2538492f32306261766c657b732f303a2f3b432f303a2738322f3a49253a326a78636c6c732d3a3a2733432d35482f3f4427324b2730326e75666e5e6f7a71636d664e63737e2d38322d33492f37402d354c2d3a4125303a6d6568636c67253a30273349666b6e7b6f2d3049273a30676f6e6d66253a322d3943273a322d3a3a2732412d32387a6661766667706f253a322f31492f3a302f303a2738432f3a387064617c6c6d7065566d7a7b6b6f6c2d32382f394127323a2730322d3249273a387f6d7d343c2738322f3b4b66696c7b6f27354c267d69643f25354a2538386872636e6c7127323a2539432d3f4a273f462d304925383a676f6a69646f27303a253b496e636c716d2538492f32307064637666677267273a382d314b273a302f32382d3d44
Requested by
Host: imgs.signifyd.com
URL: https://imgs.signifyd.com/T2oMKUEMH1iPV42m?a10e3080765dedaf=nsizKs5Eij3SDhKDfBdSRUET1OXzY6eMf8zntFzcGaK0UTsPv2JHxeyYlx58ng4ED0g_RtY-143hmUo2G7erYSxcR26p40Mlgkc19602OU0SVcS8F4yQ5OagNrK-xm_alZvrJikPFNCi8lX5fjE4mrTC39TzvkHEPMYoGyPUL3i7H9fFvGGPV9uefn-mmJ9y8wzRG8u5-gY8D2WnG895MXz0r3Y&jb=3d322426627365773546616c7f7a2e68796f3744636e7d782e6071607d3d4b607a6d6d672e6a796837436a72676f67253a303b303f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.225.157.157 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 20 Aug 2024 08:59:32 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
text/javascript
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=97
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
sgtm.elfcosmetics.com/g/ 		853 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48e0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=2011562292.1724144367&ecid=1488625108&ul=en-ca&sr=1600x1200&_fplc=0&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=479386843.1724144367&sst.gse=1&sst.etld=google.ca&sst.adr=1&sst.ude=0&sid=1724144367&sct=1&seg=1&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dt=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&_s=4&tfd=11202&richsstsse
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
0ec5519e7fc3fc586ea0d3ae5479b2c987b27e1e543ae62bf03dec781ff983c3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 20 Aug 2024 08:59:32 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
/
www.google.ca/pagead/1p-conversion/698270988/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/698270988/?random=55246363&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z...
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698270988/?random=743609444&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e4...
  • https://www.google.com/pagead/1p-conversion/698270988/?random=743609444&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z889660...
  • https://www.google.ca/pagead/1p-conversion/698270988/?random=743609444&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z8896608...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/698270988/?random=743609444&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=2037272841.1724144367&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIioSGp5qDiAMV2FhHAR0t2ggOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw&is_vtc=1&cid=CAQSKQDpaXnfNHIKC8VxlQi-VGrGd2gb9hgUSdUgVKvuj_ipbv0WvgF6WVof&eitems=ChAI8P2QtgYQ5_uMjfLJs_gJEh0AZfecL1cEDeFfVzXHqauqDK5TU-BRC9rj4TH6kg&random=1960521842&ipr=y
Protocol
H3
Server
142.250.176.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:32 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:32 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.ca/pagead/1p-conversion/698270988/?random=743609444&fst=1724144372678&cv=10&fmt=3&label=87uyCIuRktcBEIyK-8wC&bg=ffffff&guid=ON&u_w=1600&u_h=1200&gtm=45j91e48f1v9125640115z8896608294z99175401888za200zb896608294&value=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&tiba=Cosmetic%20Criminals%20%7C%20e.l.f.%20Cosmetics&data=event%3Dpageview%3Bvendor_id%3Dgoogle_ads%3Bgoogle_ads_conversion_id%3D698270988%3Bgoogle_ads_conversion_label%3D87uyCIuRktcBEIyK-8wC%3Bgoogle_ads_tag_type%3Dconversion&auid=2037272841.1724144367&dma=0&npa=1&gcs=G111&gcd=13v3v3v3u5l1&uip=167.114.209.0&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&s3p=1&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIioSGp5qDiAMV2FhHAR0t2ggOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh1odHRwczovL3d3dy5lbGZjb3NtZXRpY3MuY29tLw&is_vtc=1&cid=CAQSKQDpaXnfNHIKC8VxlQi-VGrGd2gb9hgUSdUgVKvuj_ipbv0WvgF6WVof&eitems=ChAI8P2QtgYQ5_uMjfLJs_gJEh0AZfecL1cEDeFfVzXHqauqDK5TU-BRC9rj4TH6kg&random=1960521842&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
6aa18944a3ad2c224d37dafb46afa35f.jpg
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		92 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/6aa18944a3ad2c224d37dafb46afa35f.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 17 Aug 2024 13:13:17 GMT
ad-auction-allowed
true
age
243973
x-guploader-uploadid
AHxI1nPEDbZE0txGNksYnOW0Lv8CFpBCledRSVYIccHGX0LeoUHqlaLOkpbG-38hpUP7GgRl0bTlZSYWQw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
93895
last-modified
Mon, 08 Apr 2024 16:27:35 GMT
server
UploadServer
etag
"6aa18944a3ad2c224d37dafb46afa35f"
x-goog-generation
1712593655184176
x-goog-hash
crc32c=H/B1bQ==, md5=aqGJRKOtLCJNN9r7Rq+jXw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
93895
accept-ranges
bytes
content-type
image/jpeg
59a941c096f98029341d8c56b7b89113.png
assets.bounceexchange.com/assets/uploads/clients/4142/creatives/ 		18 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.bounceexchange.com/assets/uploads/clients/4142/creatives/59a941c096f98029341d8c56b7b89113.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 16 Aug 2024 20:30:46 GMT
ad-auction-allowed
true
age
304124
x-guploader-uploadid
AHxI1nPvFzm854xoM-AJwJarS1YaNCANXPQvwfqFAcSG5ePuttFn8Z26nfpGQ3MGCCYjCjxTIeT04nyzDw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18352
last-modified
Tue, 25 Aug 2020 15:57:40 GMT
server
UploadServer
etag
"59a941c096f98029341d8c56b7b89113"
x-goog-generation
1598371060392963
x-goog-hash
crc32c=8aFhaA==, md5=WalBwJb5gCk0HYxWt7iREw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
18352
accept-ranges
bytes
content-type
image/png
events
c.contentsquare.net/v2/ 		0
319 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.contentsquare.net/v2/events?uu=919b6f68-3b80-a24b-84fd-908286c63b48&sn=1&hd=1724144368&v=15.7.0&pid=1926&pn=1&str=2213&di=2885&dc=5186&fl=5199&sr=18&mdh=6678&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.169.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-169-231.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:35 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
recording
k-aeu1.contentsquare.net/v2/ 		0
200 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&rst=1724144368477&let=1724144375174&v=15.7.0&pid=1926&pn=1&sn=1&uu=919b6f68-3b80-a24b-84fd-908286c63b48&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.49.186 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 20 Aug 2024 08:59:35 GMT
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
widget.js
js.jebbit.com/companion/v1/ 		44 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:1000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
caab06b6d9e22bd3f5e606d7c52d61833bb08498c02ef96bb2155852c391249c

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:18:47 GMT
x-amz-version-id
Ni7Av1nwUFjdEeEmV3bxRPsr0NJvxctr
via
1.1 c7947fe0c635bc68b2cbc2a30738872c.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jul 2024 20:26:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
9641
etag
"abd610d978a61075b07e166fe2d53c26"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
45338
x-amz-cf-id
EHHRZwPIL-7XQsD5ZWhjWj5P0Zk4MrtxOusVY-BQG8kRBnS7pJXSTw==
i.js
tag.wknd.ai/6664/ 		17 KB
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/6664/i.js
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
9dd9598b19e7daa19208503f404c72666ca8860ab236400f4ce9d97681142b78

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:27 GMT
content-encoding
gzip
x-envoy-decorator-operation
tag-router.tag-router.svc.cluster.local:80/*
via
1.1 google
age
8
x-envoy-upstream-service-time
0
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5689
server
istio-envoy
etag
0f8e290f9a9dcd
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
cnxtag-min.js
js.cnnx.link/roi/ 		2 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cnnx.link/roi/cnxtag-min.js?id=316282
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL3STMX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:e00:11:85b0:d600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:58:08 GMT
via
1.1 google, 1.1 f72e244fb4f0eab694c4c73be7c5f44e.cloudfront.net (CloudFront)
content-encoding
gzip
x-amz-cf-pop
JFK50-P1
age
78
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
cache-control
max-age=600
x-amz-cf-id
JpRhbTtba8lLhaDaFhK8pfpMakUBbxedvLl_SPmoJDcAj9acqsle6w==
iframe_api
www.youtube.com/ 		993 B
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.165.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s70-in-f14.1e100.net
Software
ESF /
Resource Hash
db8ff54c7ede6c7506c62f5cbc74e12acad04d65d6a5f3dd9ca231d2bf4ca472
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script'
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type
text/javascript; charset=utf-8
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 20 Aug 2024 08:59:35 GMT
events
c.contentsquare.net/v2/ 		0
319 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.contentsquare.net/v2/events?uu=919b6f68-3b80-a24b-84fd-908286c63b48&sn=1&hd=1724144368&v=15.7.0&pid=1926&pn=1&str=2213&di=2885&dc=5186&fl=5199&sr=18&mdh=6678&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.169.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-169-231.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:35 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
recording
k-aeu1.contentsquare.net/v2/ 		0
201 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://k-aeu1.contentsquare.net/v2/recording?rt=5&v=15.7.0&pid=1926&pn=1&sn=1&uu=919b6f68-3b80-a24b-84fd-908286c63b48&hlm=true&ct=0
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.49.186 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 20 Aug 2024 08:59:35 GMT
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
collect
sgtm.elfcosmetics.com/g/ 		65 B
86 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sgtm.elfcosmetics.com/g/collect?v=2&tid=G-5D80LRC85N&gtm=45je48e0v9125640115z8896608294za200zb896608294&gcs=G111&gcd=13v3v3v3u5l1&npa=1&dma=0&tag_exp=0&cid=2011562292.1724144367&ecid=1488625108&ul=en-ca&sr=1600x1200&ir=1&ur=CA-QC&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.rnd=479386843.1724144367&sst.gse=1&sst.etld=google.ca&sst.adr=1&sst.ude=0&_s=5&dt=&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&sid=1724144367&sct=1&seg=1&en=page_view&ep.page_type=content&ep.page_environment=production&ep.page_language=EN&ep.vendor_id=facebook&ep.event_id=1724144836853_172414500690442&ep.email=&ep.phone=&_et=7695&up.custom_user_id=&up.client_id=&up.user_has_transacted=false&up.user_logged_in=false&up.user_country=CA&up.user_loyalty_status=false&tfd=13966&richsstsse
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.49.124.132 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
132.124.49.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:35 GMT
via
1.1 google
x-content-type-options
nosniff
server
Google Frontend
content-type
text/plain
access-control-allow-origin
https://www.elfcosmetics.com
cache-control
no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering
no
eligible
events.bouncex.net/track.gif/ 		42 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=CYcwXAlgzgygrgIygYwE4QQU1QXgGYCGANlJgGSiRQAKqmAbhAPZxQDCrALkwLbb7FSFcMgLIAFpgAqMHAEYA7ACYALHJUqAzAoAMegGxk6RJgWBsCPAA4EIIAHZQAakpw6ycAI7yypEH3tOAH0IYCgcMlFrWwdQnFUAVn1VFV8WVGRMHAQWe0yADzICEExAnAArKDIeJmAs9wB3TCQITkw4-U7UxihWuMVVdS1dHQBOfUUFCgYITI7xhISADiUEzTl9NYS5HU1RpbIbEsZMBv7fTE84UrngHATIoghSzk4IPihOSyt5ZTUNbQJJRyUaPZ6BAhWCD0bC9Jj2HBfECaaaMTI4YBkTjiCCoYBBGyoTgATyCnyYqGKmCCwGgBAQREwd0IJHInAAXkwcColO4oEw8ME4koANZQADqUgUAA04AAlABymhU1HF1ASAEkACJsTwARQA4sAFABBYlWMjiAh4kJ3UVwVAITRMABC4rYFgAquIpABZBSaABSAGkFTRxAAJF1aoA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:35 GMT
x-envoy-decorator-operation
event-collector.event-collector.svc.cluster.local:80/*
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
4
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pixel.gif
cdn.blisspointmedia.com/assets/img/
Redirect Chain
  • https://pixel.pointmediatracker.com/kpi?c=elfcosmetics&kpi=visit&tag_id=244&fpc=f9fc2552-68d8-48ac-8079-f5985e31875b&user_id=&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&new=Ne...
  • https://cdn.blisspointmedia.com/assets/img/pixel.gif
807 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.blisspointmedia.com/assets/img/pixel.gif
Protocol
H2
Server
18.238.80.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-36.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
null
date
Tue, 20 Aug 2024 06:05:48 GMT
via
1.1 b4aed0fc17149bbf4e91539a66d546a0.cloudfront.net (CloudFront)
last-modified
Mon, 08 Apr 2019 16:24:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P5
age
10420
etag
"18b3e43abad26bdac6f4cea944777b62"
x-cache
Hit from cloudfront
content-type
image/gif
accept-ranges
bytes
content-length
807
x-amz-cf-id
Omfqwy8MzE59ZEWrRKQ8KWBsmVQD2SnXXUZ-V5OeB1UjrWWpZ_bJqg==

Redirect headers

date
Tue, 20 Aug 2024 08:59:35 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amzn-requestid
6904ea03-1271-4d92-a309-d2f672b1a3c5
x-amzn-trace-id
Root=1-66c45af7-2197011d1d21c5a9330d4c49;Parent=57bcba58a85bacd3;Sampled=0;lineage=07bbc27a:0
content-type
application/json
location
https://cdn.blisspointmedia.com/assets/img/pixel.gif
access-control-allow-origin
*
x-amz-apigw-id
czMmtForIAMEG2A=
content-length
2
/
www.facebook.com/tr/ 		0
125 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1724144375247&sw=1600&sh=1200&v=2.9.165&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1724144368642.85330626624325522&ic=gtm&ler=empty&cdl=API_unavailable&it=1724144368292&coo=false&eid=1724144836853_172414500690442&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=10, mss=1297, tbw=6502, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 20 Aug 2024 08:59:35 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
852 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1638306756445368&ev=PageView&dl=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&rl=&if=false&ts=1724144375247&sw=1600&sh=1200&v=2.9.165&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4126&fbp=fb.1.1724144368642.85330626624325522&ic=gtm&ler=empty&cdl=API_unavailable&it=1724144368292&coo=false&eid=1724144836853_172414500690442&tm=1&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Tue, 20 Aug 2024 08:59:35 GMT
document-policy
force-load-at-top
x-fb-server-load
32
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7405143705075173559", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=28, rtx=0, c=10, mss=1297, tbw=6671, tp=-1, tpl=-1, uplat=21, ullat=0
pragma
no-cache
x-fb-debug
FE/RMQeS8+mJfEZpB5I/jy4DIGmZuGV7QPcbiaZlWpn8cmES5WPkQVNNUWT0dqEr5pWdfYBAnfQ1v8Gg/TqiLQ==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7405143705075173559"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
rp.gif
alb.reddit.com/ 		42 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1724144375251&id=t2_16331p&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=6667d9261b429b6c708b0ef956dc8ecf0cf61b0e63389932ed8f8dd18632c971&uuid=da390319-1ac2-4ce9-9460-80d23a2a51bb&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:35 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
px
secure.adnxs.com/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/px?id=160890&%20seg=6104893&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.137 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:35 GMT
an-x-request-uuid
a67bf55d-f5c9-401a-980e-4c07df368c42
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
167.114.209.103; 167.114.209.103; 639.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
generic
match.adsrvr.org/track/cmf/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=3ftfnh3&ct=0:8m23e30&fmt=3
  • https://x.bidswitch.net/syncd?dsp_id=93&user_group=1&user_id=b430919d-c721-425e-94cf-9531040d6fc1&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=93&user_group=1&user_id=b430919d-c721-425e-94cf-9531040d6fc1&expires=30&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbidswitch
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=b430919d-c721-425e-94cf-9531040d6fc1&r=https%3A%2F%2Fmatch.adsrvr.org%2...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
70 B
506 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
Protocol
H2
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 08:59:35 GMT
server
Kestrel
content-length
70
content-type
image/gif

Redirect headers

location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic
date
Tue, 20 Aug 2024 08:59:35 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
pageview
c.contentsquare.net/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.contentsquare.net/pageview?ex=&pvt=a&cvars=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&cvarp=%7B%223%22%3A%5B%22Page%20Type%22%2C%22content%22%5D%7D&la=en-CA&uc=0&url=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&dr=&dw=1600&dh=6761&ww=1600&wh=1200&sw=1600&sh=1200&uu=919b6f68-3b80-a24b-84fd-908286c63b48&sn=1&hd=1724144375&v=15.7.0&pid=1926&pn=2&r=465910
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.169.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-169-231.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:35 GMT
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition
inline
timing-allow-origin
*
access-control-allow-headers
Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires
Sun, 24 Oct 1982 23:00:00 GMT
activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=307212226;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.198 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:35 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"6920575612156964144"}],"aggregatable_trigger_data":[{"filters":[{"14":["8259474"]}],"key_piece":"0xe92cb79963c88f86","source_keys":["12","13","14","15","16","17","18","19","20","21","18263372","18263373","18263374","18263375","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","634786564","634786565","634786566","634786567"]},{"key_piece":"0x8a9303e8c47e5520","not_filters":{"14":["8259474"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","18263372","18263373","18263374","18263375","628473576","628473577","628473578","628473579","628613572","628613573","628613574","628613575","628795380","628795381","628795382","628795383","628812176","628812177","628812178","628812179","634786564","634786565","634786566","634786567"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"18263372":34,"18263373":34,"18263374":34,"18263375":3345,"19":65,"20":65,"21":6356,"628473576":32,"628473577":32,"628473578":32,"628473579":3177,"628613572":32,"628613573":32,"628613574":32,"628613575":3177,"628795380":32,"628795381":32,"628795382":32,"628795383":3177,"628812176":32,"628812177":32,"628812178":32,"628812179":3177,"634786564":32,"634786565":32,"634786566":32,"634786567":3177},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"13996661575252128321","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"6920575612156964144","filters":[{"14":["8259474"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"6920575612156964144","filters":[{"14":["8259474"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"6920575612156964144","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"6920575612156964144","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9231397"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1...
ad.doubleclick.net/ 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=184909572;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.198 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Aug 2024 08:59:35 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"9731111539023085516"}],"aggregatable_trigger_data":[{"filters":[{"14":["12119809"]}],"key_piece":"0x75db73c84ba71105","source_keys":["12","13","14","15","16","17","18","19","20","21","16253844","16253845","16253846","16253847","18241288","18241289","18241290","18241291","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","638131352","638131353","638131354","638131355","640975368","640975369","640975370","640975371","902568420","902568421","902568422","902568423"]},{"key_piece":"0xf5ebab86854a489f","not_filters":{"14":["12119809"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","16253844","16253845","16253846","16253847","18241288","18241289","18241290","18241291","628477676","628477677","628477678","628477679","628504556","628504557","628504558","628504559","628627208","628627209","628627210","628627211","638131352","638131353","638131354","638131355","640975368","640975369","640975370","640975371","902568420","902568421","902568422","902568423"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"16253844":38,"16253845":38,"16253846":38,"16253847":3739,"17":65,"18":6356,"18241288":32,"18241289":32,"18241290":32,"18241291":3177,"19":65,"20":65,"21":6356,"628477676":32,"628477677":32,"628477678":32,"628477679":3177,"628504556":32,"628504557":32,"628504558":32,"628504559":3177,"628627208":32,"628627209":32,"628627210":32,"628627211":3177,"638131352":327,"638131353":327,"638131354":327,"638131355":31784,"640975368":218,"640975369":218,"640975370":218,"640975371":21189,"902568420":34,"902568421":34,"902568422":34,"902568423":3345},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"3635342187424442623","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"9731111539023085516","filters":[{"14":["12119809"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"9731111539023085516","filters":[{"14":["12119809"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"9731111539023085516","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"9731111539023085516","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10742279"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
ct.pinterest.com/user/ 		35 B
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?event=pagevisit&ed=%7B%22event_id%22%3A%221724144836853_172414500690442%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPU5USmlNV1EyTXpZdFlXVTRaUzAwTkRFMExUbGlNakl0WVRjMU5UWXlNRGRsWkRJMw%22%7D&cb=1724144375379&dep=4%2CTAGS_RECEIVED&stc=true
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
date
Tue, 20 Aug 2024 08:59:35 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.6424c317.1724144375.1fa098bc
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=600
content-length
35
x-pinterest-rid
1796913942362913
pin-unauth
dWlkPU5USmlNV1EyTXpZdFlXVTRaUzAwTkRFMExUbGlNakl0WVRjMU5UWXlNRGRsWkRJMw
pragma
no-cache
referrer-policy
origin
x-pinterest-rid-128bit
c2ccee8191c41e80f95f3519e8e1c8df
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
expires
Sat, 01 Jan 2000 00:00:00 GMT
activityi;dc_pre=CKrgpqiag4gDFaYT0AQdZ9UXsg;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefine...
9231397.fls.doubleclick.net/ Frame 1519
Redirect Chain
  • https://9231397.fls.doubleclick.net/activityi;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefi...
  • https://9231397.fls.doubleclick.net/activityi;dc_pre=CKrgpqiag4gDFaYT0AQdZ9UXsg;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://9231397.fls.doubleclick.net/activityi;dc_pre=CKrgpqiag4gDFaYT0AQdZ9UXsg;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=307212226;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.230 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
436
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:35 GMT
expires
Tue, 20 Aug 2024 08:59:35 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:35 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9231397.fls.doubleclick.net/activityi;dc_pre=CKrgpqiag4gDFaYT0AQdZ9UXsg;src=9231397;type=retarget;cat=globa0;ord=5741251115085;npa=1;auiddc=2037272841.1724144367;u6=%2Fen_CA%2Felf-cosmetic-criminals;u10=undefined;u12=undefined;u8=false;ps=1;pcor=307212226;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181619921z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CJWBp6iag4gDFdgC0AQdfr8BeQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-c...
10742279.fls.doubleclick.net/ Frame 75B1
Redirect Chain
  • https://10742279.fls.doubleclick.net/activityi;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmeti...
  • https://10742279.fls.doubleclick.net/activityi;dc_pre=CJWBp6iag4gDFdgC0AQdfr8BeQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfc...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJWBp6iag4gDFdgC0AQdfr8BeQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=184909572;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.230 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.elfcosmetics.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
373
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:35 GMT
expires
Tue, 20 Aug 2024 08:59:35 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 20 Aug 2024 08:59:35 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10742279.fls.doubleclick.net/activityi;dc_pre=CJWBp6iag4gDFdgC0AQdfr8BeQ;src=10742279;type=elf8j0;cat=glo_flap;ord=2215502524732;npa=1;auiddc=2037272841.1724144367;u1=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals;ps=1;pcor=184909572;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48e0v9181663336z8896608294za201zb896608294;gcs=G111;gcd=13v3v3v3u5l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
ct.pinterest.com/v3/ 		35 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22event_id%22%3A%221724144836853_172414500690442%22%2C%22np%22%3A%22gtm%22%7D&tid=2615235625530&pd=%7B%22np%22%3A%22gtm%22%2C%22external_id%22%3A%22%22%2C%22pin_unauth%22%3A%22dWlkPU5USmlNV1EyTXpZdFlXVTRaUzAwTkRFMExUbGlNakl0WVRjMU5UWXlNRGRsWkRJMw%22%7D&cb=1724144375414&dep=4%2CTAGS_RECEIVED&stc=true&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%221b182128%22%2C%22is_eu%22%3Afalse%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Atrue%7D
Requested by
Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/1a8bfa042c9c5.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.56.163.9 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires
Sat, 01 Jan 2000 00:00:00 GMT
date
Tue, 20 Aug 2024 08:59:35 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.6424c317.1724144375.1fa098d4
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=600
content-length
35
x-pinterest-rid
1217469001203543
pragma
no-cache
referrer-policy
origin
content-type
image/gif
access-control-allow-origin
https://www.elfcosmetics.com
pinterest-version
3241ae12ecef327d6ee2618dd13bec9ec9710d0c
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
quic-version
0x00000001
widget.css
js.jebbit.com/companion/v1/ 		15 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.jebbit.com/companion/v1/widget.css
Requested by
Host: www.elfcosmetics.com
URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:1000:a:7914:b00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb

Request headers

Referer
https://www.elfcosmetics.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 03:42:45 GMT
x-amz-version-id
Dtf.9Q_1CbcuUz2YOVUdf.z9UL2wO11I
via
1.1 c7947fe0c635bc68b2cbc2a30738872c.cloudfront.net (CloudFront)
last-modified
Tue, 09 Jul 2024 20:26:25 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
19004
etag
"de1b72e797664b9b2c2139e5ccb24844"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
15521
x-amz-cf-id
mGhRn8qq2NdPdZerWhHNv4A9DQWBkEyQpPcTo2DbOm38Kyfe1NiTRQ==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn-fsly.yottaa.net
URL
https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/
Domain
external-api.jebbit.com
URL
https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=

Verdicts & Comments Add Verdict or Comment

179 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| $jscomp function| _loadCookieConfig function| _domready function| _delayed function| _findTags function| _srcAttr function| _needsEval function| _loadFromDOM function| _clearEvents function| _lastChainedResource function| _isImageLike boolean| domCompleteTriggered function| _abTest function| _getCookieVariant function| _setCookieVariant function| _configureAbTestAnalytics function| _executeAllAbTest function| _executeAllAbTestUniversal function| _executeAllAbTestClassic function| _executeAbTest function| _abTestScript function| _chooseVariant function| _abTestAnalyticsUniversal function| _abTestAnalyticsClassic object| _serviceWorkerConfig object| Yo string| yo_host function| $ function| jQuery object| Vimeo boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended boolean| VimeoCheckedUrlTimeParam object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| ytCCPlayer object| ytBTSPlayer function| onYouTubePlayerAPIReady function| onCCPlayerReady function| onBTSPlayerReady object| content object| __LOADABLE_LOADED_CHUNKS__ function| _ object| regeneratorRuntime function| applyFocusVisiblePolyfill object| __CONFIG__ string| __DEVICE_TYPE__ object| __PRELOADED_STATE__ object| Progressive object| DataLayer object| dataLayer function| getDataLayerEvent object| viewedProductIdsForPage object| DY boolean| BRAZE_SETUP_COMPLETE boolean| otIsInitialized boolean| otBlockOptOutInitReload function| OptanonWrapper object| DYcustom object| DYExps object| DYO object| contextManager object| DYJSON object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| OnetrustActiveGroups string| OptanonActiveGroups number| gtmPageLoadId object| _uxa object| otStubData object| DYWork function| $dy object| Optanon object| OneTrust object| DYCS function| create_UUID function| createCookie function| pintrk function| fbq function| _fbq object| _fbq_gtm_ids function| rdt string| TiktokAnalyticsObject object| ttq object| JebbitObject function| jebbit function| cnxtag object| cnxDataLayer number| j boolean| otLastAcceptAllValue function| ___rmuid object| ___RMCMPW object| gaGlobal object| og object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions boolean| OG_OFFERS_TEST_MODE_ENABLE object| OG object| CS_CONF function| csSetTimeout function| csQueueMicrotask function| csClearTimeout function| csSymbol object| CSPureWindow function| csDate object| csJSON function| csArray function| csString function| csURL function| csMutationObserver object| csScreen object| csquerySelector object| csquerySelectorAll function| csNodechildNodes function| csNodeparentNode function| csNodenextSibling function| csNodefirstChild function| csElementshadowRoot function| csElementmatches function| csElementwebkitMatchesSelector function| csHTMLImageElementsrc function| csEventtarget function| csNavigatorsendBeacon object| CSPathComputation object| UXAnalytics object| CSCurrentScript object| __post_robot_11_0_0___uid_numhnacfzmymuvpacsidplhppphjzs object| paypal object| __zoid_10_3_3___uid_numhnacfzmymuvpacsidplhppphjzs function| UET function| UET_init function| UET_push function| redditNormalizeEmail object| ueto_9556206265 object| uetq object| bouncex object| paypalDDL string| PaypalOffersObject function| ppq object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| tagConfig object| webpackChunksmart_tag object| __post_robot_10_0_44__ object| PAYPAL object| bxgraph function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie function| close_bouncex_ad object| cti110221 function| a0_0x3eec function| a0_0x20c7 object| sigScriptLoader object| SIG_SCRIPT_DEBUG object| threatmetrix function| tmx_run_page_fingerprinting boolean| tmx_profiling_started function| tmx_post_session_params_fixed

88 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: fbxpCDr-vHM
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: KRLob6pcZMg
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJDQRIEGgAgNg%3D%3D
.vimeo.com/ Name: vuid
Value: pl152245842.1642525367
.vimeo.com/ Name: __cf_bm
Value: CkZM.xFHw7PZebJGEOX9M3ajvbQBTdoPVCFGJSxvWgc-1724144365-1.0.1.1-tDiTP7FqazKztkDnYl1c0ICOfRkspVlqFPYan_WC1y4ra0Kdn1IqUba4sLwo6qdP
.vimeo.com/ Name: _cfuvid
Value: .A650Q.1msomzaq4uiQ4JYtG1cPJtnhnVaBpTOD_ZN4-1724144365202-0.0.1.1-604800000
www.elfcosmetics.com/ Name: initAuthComplete
Value: true
.elfcosmetics.com/ Name: ab.storage.sessionId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A5b640d63-bf7f-277c-f52f-4622c1199f16%7Ce%3A1724146165892%7Cc%3A1724144365892%7Cl%3A1724144365892
.elfcosmetics.com/ Name: ab.storage.deviceId.609afcb2-1dc3-41ef-a771-0a9aaf10bf57
Value: g%3A105af248-76a0-cf4f-a64e-f5816b00d977%7Ce%3Aundefined%7Cc%3A1724144365894%7Cl%3A1724144365894
.elfcosmetics.com/ Name: _dyjsession
Value: 73xfattesjm32u0lxk150gl4i0jrklsm
.elfcosmetics.com/ Name: dy_fs_page
Value: www.elfcosmetics.com%2Fen_ca%2Felf-cosmetic-criminals
.elfcosmetics.com/ Name: _dy_csc_ses
Value: 73xfattesjm32u0lxk150gl4i0jrklsm
.elfcosmetics.com/ Name: _gcl_au
Value: 1.1.2037272841.1724144367
.dynamicyield.com/ Name: DYID
Value: 3895613919917791982
.elfcosmetics.com/ Name: _dycnst
Value: dg
.elfcosmetics.com/ Name: _dyid
Value: 3895613919917791982
.elfcosmetics.com/ Name: _dycst
Value: dk.l.c.ws.fst.
.elfcosmetics.com/ Name: _dy_geo
Value: US.NA.US_.US__
.elfcosmetics.com/ Name: _dy_df_geo
Value: United%20States..
.elfcosmetics.com/ Name: _dy_toffset
Value: 0
www.elfcosmetics.com/ Name: FPC
Value: f9fc2552-68d8-48ac-8079-f5985e31875b
.elfcosmetics.com/ Name: _dy_soct
Value: 1724144367!1652212.0'1654610.0'1750272.0!73xfattesjm32u0lxk150gl4i0jrklsm~1248068.0
.elfcosmetics.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Tue+Aug+20+2024+01%3A59%3A27+GMT-0700+(Pacific+Daylight+Time)&version=202406.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=5b9f1f81-4115-439a-8f46-72192d577fc0&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.elfcosmetics.com%2Fen_CA%2Felf-cosmetic-criminals&groups=1%3A1%2C2%3A1%2C3%3A1%2C4%3A1%2C5%3A1
.adnxs.com/ Name: XANDR_PANID
Value: 6WOpxj3ardlj5XLFQo-0QbMIrMpnBHZ-aG9YIuhVUlr3b-SmxHjA3VZ4agt9kCA3gOsXcDbgv2sBkRR3qWaTMTa2kp_X6u11Ak-lGx7XkrE.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 5334358241829722528
.adsrvr.org/ Name: TDID
Value: b430919d-c721-425e-94cf-9531040d6fc1
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2E?ltvJF0!]tbP6j2F-XstGt!@E(c%%L>O
.elfcosmetics.com/ Name: rmStore
Value: dmid:9097
.elfcosmetics.com/ Name: _ga
Value: GA1.1.2011562292.1724144367
.doubleclick.net/ Name: IDE
Value: AHWqTUllXHHSkoyDVNG7hp6W5wADqFPgg389lBFEcztM_kMpkoUUrDdjkpLpQt_-Iro
.pointmediatracker.com/ Name: c
Value: 672f98b5-dac7-469b-bdf4-13bcea5b08b7
.elfcosmetics.com/ Name: _ga_5D80LRC85N
Value: GS1.1.1724144367.1.1.1724144367.0.0.1488625108
.elfcosmetics.com/ Name: FPID
Value: FPID2.2.XitM44wO%2BWFxWjSXd54muS00TtkhkqFwqXvWGgielys%3D.1724144367
.elfcosmetics.com/ Name: FPAU
Value: 1.1.2037272841.1724144367
.elfcosmetics.com/ Name: FPGSID
Value: 1.1724144367.1724144367.G-5D80LRC85N.jyZNRGEbJwbh-s7hPfb_Lw
.elfcosmetics.com/ Name: _ga_ZLYXLXNDL8
Value: GS1.1.1724144367.1.0.1724144367.60.0.0
.tiktok.com/ Name: _ttp
Value: 2kurajn8s2S0U4zWz9xeWbH2Q1C
www.elfcosmetics.com/ Name: dwsid
Value: F6wCg_MkpAH30a63J8ow2PGMqp7ib-Fr8Matoj0AmtZWhMOUiCgC6zf7cqPRPMKE0ZUTIi7EXQhCiLO9l0jwcQ==
www.elfcosmetics.com/ Name: dwanonymous_1a00c2845eeb01c699351ea28e20fd92
Value: abwrwWluhGkeoRkKlKwWYYlrIZ
.elfcosmetics.com/ Name: _rdt_uuid
Value: 1724144368125.da390319-1ac2-4ce9-9460-80d23a2a51bb
.rubiconproject.com/ Name: audit_p
Value: 1|Ple9DKazgiLM5qLEt0dDVXce5EoygV8ziqepQjbbbas7wCFCn6f3enwEOIHXKx4+1D7JOhPN9hUwHTRO1/p4iHX0qfg68IpFQAPcN3ARK84TD7mYLBOic2WG59hzX7/nMqbbUDVf4Q2DaPJ7rJaMtdgvrXbKe/q7XPMR5zlE8G/REvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.rubiconproject.com/ Name: khaos
Value: M0271GQN-1L-JG2G
.rubiconproject.com/ Name: khaos_p
Value: M0271GQN-1L-JG2G
.rubiconproject.com/ Name: audit
Value: 1|Ple9DKazgiLM5qLEt0dDVXce5EoygV8ziqepQjbbbas7wCFCn6f3enwEOIHXKx4+1D7JOhPN9hUwHTRO1/p4iHX0qfg68IpFQAPcN3ARK84TD7mYLBOic2WG59hzX7/nMqbbUDVf4Q2DaPJ7rJaMtdgvrXbKe/q7XPMR5zlE8G/REvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGZ29vZ2xlEgsIlIbt243AoD0QBRIXCghhcHBuZXh1cxILCKL7z96NwKA9EAUSFgoHcnViaWNvbhILCNKc0N6NwKA9EAUSFQoGY2FzYWxlEgsI0NSM4Y3AoD0QBRgFIAMoATILCKT_wYWkwKA9EAVCDyINCAESCQoFdGllcjIQAVoHM2Z0Zm5oM2ABcgZjYXNhbGU.
.elfcosmetics.com/ Name: _cs_c
Value: 0
.elfcosmetics.com/ Name: _cs_id
Value: 919b6f68-3b80-a24b-84fd-908286c63b48.1724144368.1.1724144368.1724144368.1558384338.1758308368259.1
.linksynergy.com/ Name: rmuid
Value: 81cf70ed-6e8a-4669-855b-6b49b99c639e
.casalemedia.com/ Name: CMID
Value: ZsRa8NHM5ysAAD5BAglrBgAA
.casalemedia.com/ Name: CMPS
Value: 1352
.casalemedia.com/ Name: CMPRO
Value: 1352
.doubleclick.net/ Name: ar_debug
Value: 1
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.elfcosmetics.com/ Name: _fbp
Value: fb.1.1724144368642.85330626624325522
.elfcosmetics.com/ Name: _uetsid
Value: 81dd40a05ed211efbd25e522cd590153
.elfcosmetics.com/ Name: _uetvid
Value: 81dd5b605ed211ef9a5f3b4ce40d52b5
.bing.com/ Name: MUID
Value: 0CF9256416FC69773661318517C768F3
.bat.bing.com/ Name: MR
Value: 0
.pinterest.com/ Name: ar_debug
Value: 1
.elfcosmetics.com/ Name: _tt_enable_cookie
Value: 1
.elfcosmetics.com/ Name: _ttp
Value: iJxUsNRDuMzBkmwNjgc32cXCKHt
.undertone.com/ Name: UTID
Value: 78d1f0e95f3c4809804f0945bdef6200
.undertone.com/ Name: UTID_ENC
Value: 75i2ynv3ayxkkevqexi15zfgg
.elfcosmetics.com/ Name: _pin_unauth
Value: dWlkPU5USmlNV1EyTXpZdFlXVTRaUzAwTkRFMExUbGlNakl0WVRjMU5UWXlNRGRsWkRJMw
.ct.pinterest.com/ Name: _pinterest_ct_ua
Value: "TWc9PSZGQ3p5RFJNKzJoanR6cUVGclVZZlRGeERXai9PbWRQbjc2VjY5V0NCUU1ROFVXYlFJVUZqUTJlL3hwbDlsc0w2ZFZlc2U4SjUxK1FUTWxXN2JvenNGd2s5Qm42VkVvOGZUZXk2TWZDZXlraz0mMWpiOVB5YXo5TXpyUUVvcWNTblRmTnJvMExRPQ=="
www.elfcosmetics.com/ Name: esw.currency
Value: CAD
www.elfcosmetics.com/ Name: sid
Value: 22mnYxwAJi2cgwHe6GCJUz1JD34NS2NHm5Q
www.elfcosmetics.com/ Name: _dyid_server
Value: 3895613919917791982
www.elfcosmetics.com/ Name: esw.InternationalUser
Value: true
www.elfcosmetics.com/ Name: esw.location
Value: CA
www.elfcosmetics.com/ Name: currentLocale
Value: en_CA
www.elfcosmetics.com/ Name: esw.sessionid
Value: abwrwWluhGkeoRkKlKwWYYlrIZ
www.elfcosmetics.com/ Name: esw.LanguageIsoCode
Value: en_CA
www.elfcosmetics.com/ Name: __cq_dnt
Value: 1
www.elfcosmetics.com/ Name: dw_dnt
Value: 1
.elfcosmetics.com/ Name: _cs_s
Value: 1.5.0.1724146169749
.bounceexchange.com/ Name: bounceClientVisit6664c
Value: %7B%22vid%22%3A1724144370096177%2C%22did%22%3A%226965582531653510398%22%7D
www.elfcosmetics.com/ Name: bounceClientVisit6664v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApmAGYDGA9igLYUICWtKZDTRFAdgH0AwjgJVqAWgbNWHaQCc2TNvwCGYFCAA0IBTBA6QbFIIDm9QSgooUbevxjUN13SfMQrNuw6cuKAL5AA
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2kurb3oBWCCaUhTM73JKNsPhHBD","deviceID":"2ksWT7XuRN34PWP5IDCqQGd7Ayp","iv":"","v":""}
.elfcosmetics.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJrdXJiM29CV0NDYVVoVE03M0pLTnNQaEhCRCIsImRldmljZUlEIjoiMmtzV1Q3WHVSTjM0UFdQNUlEQ3FRR2Q3QXlwIiwiaXYiOiIiLCJ2IjoiIn0%3D
.rlcdn.com/ Name: rlas3
Value: pDxKqUrxQyiMObwT6Ou65aMo83VUth6L3MTVENjJ4L0=
.rlcdn.com/ Name: pxrc
Value: CPK1kbYGEgUI6AcQABIGCOTrARAA
.linksynergy.com/ Name: icts
Value: 2024-08-20T08:59:30Z
imgs.signifyd.com/ Name: thx_guid
Value: fb6c8ad322ff59f7d159e33f49d0e16d
imgs.signifyd.com/ Name: tmx_guid
Value: AAzeI0d7DsjQvyjlcrmO41VFXM7QXu00ZTJODLXPTghlEOcWlyZjfLusfRT5UAd6l_n7whXaf9zcN84YmqkyevsMgyoseQ
.elfcosmetics.com/ Name: FPLC
Value: I3FCOXGIZM4zXzFAXjQTsJnpIq%2Bk8a2PKp3%2FM4ZoV1LuAcFiAkK5L9bDtde7mEE5CjpwRAk3tBwj%2Bzh54gaYZbjWITC69izm%2F4n7jCyf6SgMssGaThTK4fZmDTYA0A%3D%3D
.elfcosmetics.com/ Name: _scid
Value: 4477d2ba-a1d9-40cd-f5e8-b7d60fa5ce98

10 Console Messages

Source Level URL
Text
javascript error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals(Line 351)
Message:
Access to image at 'https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/en_CA/#elfcosmetics_a_00000055698485330971283280000018393236039574697104_?yocs=1u_
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.elfcosmetics.com/en_CA/elf-cosmetic-criminals
Message:
Access to XMLHttpRequest at 'https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=' from origin 'https://www.elfcosmetics.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network error URL: https://external-api.jebbit.com/moments/v2/launcher_configs?key=542695a9-9318-492b-9638-2018989f6dc4&url=aHR0cHMlM0ElMkYlMkZ3d3cuZWxmY29zbWV0aWNzLmNvbSUyRmVuX0NBJTJGZWxmLWNvc21ldGljLWNyaW1pbmFscw==&completedLightboxCampaigns=W10=&jebbitCookies=
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_(Line 1)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://cdn-fsly.yottaa.net/5a0c9b7632f01c35d42101b2/www.elfcosmetics.com/v~4b.a5/mobify/bundle/11800/vendor.js?yocs=1u_1y_(Line 1)
Message:
Dropped srcset candidate "https://elfcosmetics.a.bigcontent.io/v1/static/icon-noun-drop-1235517"

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10742279.fls.doubleclick.net
9231397.fls.doubleclick.net
ad.doubleclick.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
api.cquotient.com
api.ipify.org
api.retail.adeptmind.ai
assets.bounceexchange.com
async-px.dynamicyield.com
bat.bing.com
c.contentsquare.net
cdn-fsly.yottaa.net
cdn-scripts.signifyd.com
cdn.blisspointmedia.com
cdn.cookielaw.org
cdn.dynamicyield.com
cdn.media.amplience.net
cdn.static.amplience.net
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
cosmeticcriminal.ca
ct.pinterest.com
data.cdnbasket.net
dsum-sec.casalemedia.com
elfcosmetics.a.bigcontent.io
events.bouncex.net
external-api.jebbit.com
geolocation.onetrust.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
ib.adnxs.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
imgs.signifyd.com
insight.adsrvr.org
js.cnnx.link
js.jebbit.com
k-aeu1.contentsquare.net
match.adsrvr.org
page.cdnbasket.net
pd.cdnwidget.com
pixel-config.reddit.com
pixel.pointmediatracker.com
pixel.rubiconproject.com
player.vimeo.com
qoe-1.yottaa.net
s.pinimg.com
sdk.iad-05.braze.com
secure.adnxs.com
sgtm.elfcosmetics.com
simage2.pubmatic.com
srm.ba.contentsquare.net
st.dynamicyield.com
static.ordergroove.com
stats.g.doubleclick.net
t.contentsquare.net
t.paypal.com
tag.rmp.rakuten.com
tag.wknd.ai
tags.rd.linksynergy.com
ut.rd.linksynergy.com
view.cdnbasket.net
w2txo5aausrwrjekkmheo6cee2lch5skq5gc6nsyb10fc1a0a2c42e6asac.d.aa.online-metrix.net
www.elfcosmetics.com
www.facebook.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
www.redditstatic.com
www.youtube.com
x.bidswitch.net
cdn-fsly.yottaa.net
external-api.jebbit.com
104.18.15.190
104.18.36.155
104.26.13.205
108.138.106.40
142.250.176.195
142.250.65.194
142.250.65.198
142.250.80.34
142.250.80.68
142.250.81.226
142.251.40.230
151.101.129.140
151.101.129.21
151.101.2.133
151.101.3.1
162.159.128.61
162.159.138.60
165.254.198.225
172.217.165.142
18.238.80.118
18.238.80.36
18.238.80.5
192.225.157.157
192.225.158.1
192.225.158.3
192.229.210.155
204.2.133.71
204.2.50.211
207.65.37.184
23.204.17.176
23.44.111.16
23.56.163.9
2600:1901:0:56e0::
2600:9000:21dd:4a00:a:b89d:a6c0:93a1
2600:9000:23cb:e00:11:85b0:d600:93a1
2600:9000:24f1:1000:a:7914:b00:93a1
2600:9000:24f1:6400:15:ad21:c740:93a1
2606:4700::6812:1888
2606:4700::6812:1d7f
2606:4700::6812:1f1b
2606:4700::6812:562a
2606:4700::6812:65a
2607:f8b0:4004:c0b::9c
2607:f8b0:4006:80c::200e
2607:f8b0:4006:820::200e
2607:f8b0:4006:824::2008
2620:1ec:c11::237
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
2a04:4e42:200::396
2a04:4e42:200::649
2a04:4e42:77::84
34.102.147.248
34.102.221.243
34.111.8.32
34.117.107.29
34.120.253.250
34.149.130.207
34.149.236.175
34.197.85.244
34.227.169.231
34.49.124.132
34.98.67.3
34.98.72.95
35.194.25.57
35.211.178.172
35.244.154.8
52.223.40.198
54.216.49.186
54.229.90.86
54.83.187.119
68.67.160.137
69.173.151.100
0b80aa2b4f9034718b7060a0d2010b05805a54d230c15ae272e77dc62d1cc478
0eb9d5b39baa8842649831964c76e11c29c35cb768a4032776e691c2bdafb4aa
0ec5519e7fc3fc586ea0d3ae5479b2c987b27e1e543ae62bf03dec781ff983c3
1331786f628c441b99665436eb8815381e066e17d5c3bb56f5ce2e045d8da17a
135084c3bc063dd202faabb60ef64073ee1163c9670046eaf7aef8c3d216848c
13806a61e5f705f2c187f8c57d13b7f32fcc96b727bdeea9db57f8dc737d8a2b
1465b8c60884940163326e61a428612dfc166e3112fe80c3d7d11e0ccdd3c4cd
1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517
1745a68ca7ba8c8e1a09fc1fcdbc3a52603c91a6058337f18e09d434b3629b3c
1a1f3864082f5a29935613b4ee4eb37b10a6e2dd3adddf5a75b5fc8703ce2b68
1a69edfa8b18d3fdf995628faed84a7660dd3144fe7f4e5639e945861ba7815a
20029e526c0674dd1f99d02142bbf324bd8ee217ca43705fa6fe1a64bd90ee0c
210706c053295db0bfba03a98c0609a1f940c3f6b6c626f2f1084e089e959dc9
27074e6240ca22f6d5a7cc51ee8cd8a0f091080ca80e6a1bea1c624e1cb40341
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
2f9c91dd6030ee0311497f63531e9e27cb31cb8468a74c0b8482075bdbaa80b5
31f48ed33afe7e437efa2c30cbf97fbd62c2de5c0732504077377846fe64973f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37d207a7297589d062c2af128ee513190a9297959cb24c68078f68d64b899c98
3b0f317806d1ce70f504afd76f39bd17a3467778641af122dc06e95e73a03613
3c131461c86e0f324d7b53c197bb175d77e59ff7d8fdbc9fed6c7b58557c193d
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
3dac897eda5101edd01a3a89c7c6a701106ed9304949cf93fbf38e8ecea80091
41edca74f63e4546256206b316479052b81b5d8fe3b810424d302bd4bf70c9ed
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
4673319c96be78bd5f4f42e32a5950f44757cea0bf284e05f99b85c32540d88c
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
4a2e8fd4b96e51ccf6f83def36ea3fa300ffe936f638750d97246bb86fed479e
4aa855b8d34657ab4df5ca73fe7d7f67735ee1e39e8de83856ddc473d4713fbb
4ae7d857dd8d096a5198b1e8280de9f929ca88d690e445731b6ffdffbf2b8383
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b89cd71669a53e8801ea9e9d4fb8a40bb5dbbb393a1b6c4a249349b42086da7
4d80daad2ba0393c339632b5bb7de63b83477100f14aad12f577b487b9cf4221
4eb30a57bd8a1fca386974fb71461dce8900a57e7c66bcd118cc4ef47c7f3cd2
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3
52ffef4d9593f9e5e68f3acc9c17feee7b65020be17bee6a8744351557572023
5656b956526bf96de683aa746af22d8758085cdb423a957ee00d99e8ab3dab9c
573bf20738a24dff3470e7ee724e8c433f5b85460659c502de261ca9d24b3b4a
58a2123c5c4470286bd4a3401acfa54787293819f1b8cf8d2e8c89c94099fa10
59f1b7d93f47fcc926143154888aa471910eaf81c3c41270b61cfe012dda08df
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
6082597f3871c77c9b31aa1383577f8c0e54cb5ff09275dc817bc70d96e6217d
61d28281d72d2f0228cab9aff20a070a1d94befb277eded8b9e9cf23fabac1de
61fe827d03e287508447d5af2ecc3ff50310fb04ed5b5094bb38ab72f0b2f6e8
621f8efca7cf3f355f10c4f98b1a30b88ab52aa153eac15cc3d918c1e7e9e7f9
6515981ad814530ea37bc6838f8d8cc3074eaf22dffef1b8f207959afd0a492b
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
677f08ef0543a5f199e6ac40392e4b0a7c24c3e6394d0e32373ae33259c9f87a
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6ab1474b1928d39f768075dfef56e53b01fff6c85a44b07d150c4abf7299c3b7
6c58f061a49641f54723faab57ad0bdb49a95619e86c90dad9a3ed630ffb3780
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
758ecc5ef443fe36eefbfb484b441307128a5f355f7f32c3c0367e5adf7ed88c
772f15316085ec36cb19f9af3a622cf12d847e0f187c3f907ee6daf975b7f7ce
789f5c383ebd68ee2e0482924e6ce650e7cca4e76c9f8989632537330ea74761
79fd8062d14a8f54935e82c44b49cacdeb3bff8fa8af5ab2213db525df557991
7a0204422805f76d793709204fd52e753cb059e5dd5099e41781499c8072e726
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
851023e8e196d0e90861b94b5fe9bf3d9c4fb03062e3b4cb23e5b3d486a0bbae
85998b57ac48719b7aa6f068c60bc45b16277b917496fc0088d31897c61b610e
875ca118023e8741e684a320e73b7f9af4e8eba6c88f1f7e8457f7c0cdda6efb
89ad311944927ce3cfae733238f317bf1a9a65c082e1c49a9d3c2ab590421e8d
8b792a8cb9f101c62766ccc3080e118e2c4a1c459d28eab227996d4d6b61aeb8
8be20a07c3f6af10bbd6fc4eb117942725575434277144b8d5a6c1bc3cff91ca
8cb2ac35adc7dee4b051d05a7ffc844c9f61eb67b3ce350a16a552f98ffc4172
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
902ef989150cc0fa2f8093ece9717f85f680c7bad8be02b76ba05b771ba9d07a
90f35ed0e86613579f9a816be550097ed8e06eac0c6564cde41584a1adbc15ba
915046d9ebab575f9b2f8ba9a35e030b2be55b1439edce6e72f7a19b4a55bd45
9261efb3407e3a9096e4654750d8eff6b3a663422f48845c7fbcc65034c340cf
93d3607ab3b6aacff8c4500a18bf501c85271bfc14950eb923f9a65ee456a7ac
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
98ea26191ffc6155103762f2a7205b0b1af5f0e8d4e26cb4b539e581e2e48686
9ca07df45944b8440ae6241e4a017db2b6e4600e5f647d3180c96877198c3552
9dd9598b19e7daa19208503f404c72666ca8860ab236400f4ce9d97681142b78
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a5b51185a0668e9d1972e60cc8b1a6170fd4a569da0f77af1f4d016608da31d8
a6f8ec44bebd61a1bc7a6455d124be90f2eccb6ec92564d06036f083d97c16c8
a9c3722d644a2f4dd8a9c01daa58332201c1b27b4499620364cce45db4996aa0
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3efc48717edad187198d0a608a3b3a8195f0e5b6b6b41f27b78824796cbd61e
b4ddcf59b2c38fc0684908a6ca59359d7864dc9bc7279fc779f810a3a886bba7
b7c4a782800cdc714e64ede36f67bdaf64c773f1b3e9f6893782026694e48d72
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd2dcea2baa82d4fa08c7319a7f6ddd727a5117df85d932fc897bc16bb4e98c6
be442493a7c42f5bec90987024c77b15ef486e90cd72ac21c5613f913b024730
bf500a4c158d24ba238d521a5fa775e693d03c507fa3f882bffbbeaf9fedeb64
c09ac19649ee099b07d720801552c98d4be47fb4f1008fa1668c340ede90ac2f
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
c7b18b4a8ea693ab91759c05350f7dcee8fee13067f2fd24fa86013b63ea3da5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caab06b6d9e22bd3f5e606d7c52d61833bb08498c02ef96bb2155852c391249c
cdbeef0b146607f5137f8f5434eeab8625ee0801da2af33e045528d191e512d0
d00824a6a642b46dd65c9490a084668672bfeba9d7fec0a419bb9cf7d033bbf4
d1c837b83e593f154428f1615709ad1146a51818f6973ad5ea0d24c2bb619670
d2ba0e8a74340c429355e9260d453136d7b097666415b43f7ffbdce7af607542
d2e0830a23a6475d02a388fd7c90aee028226e5d0ca34a9927eed20f6a9f8c91
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda
d5267085b5489f178aae1444e1367dbca2debc7c061d5ddd803a16711a19c93b
d60b3421b32f647673151366cb15cc4d195fd3ca8f9b3cb9d7fad0052d6b3d0d
d7a363f752524fb545c3b2eb48a56d163cb659bc427d5215800ee7781d92c2ca
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
db8ff54c7ede6c7506c62f5cbc74e12acad04d65d6a5f3dd9ca231d2bf4ca472
dc498829767f74ec34f4e5fcc1844fcbd8ef9ed70d4af396e136ec9b3163f042
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e479ef02ef57f29c4749eed4b55cb041db228a2da706dd6539427f5bf52e3ee6
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e67898ba1df21825d37dee978e1e8bcba2588dabce79e5c6fff6758ab3c18edb
e92f434a50c76d6e52d0d3cc91cdf1854c7fd39fecd5ae65800568aef7c03029
eef52bd0c8a7abdd22a88a94381a05bc58c34d48c1c4155ff816ba21c38cca28
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10699f59e4285b87af5097e4ba9e470ee29b4f3487fa767f2818bdbbdd6bb14
f18312b5ea320b031c9f4d4291628dd942dbf8e5e5a0870551b11961e38dd4b9
f309b4b6297e8c886d8d6b1ff31decc2d09f6eecf7804e3325bf5a2d3a5eac55
f366287eaa5627dc7ee48d1fcb79d20bceae8238ee2f1dd772f059685fe9c799
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a